Product Security Engineer

Equal Opportunity Employer

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status.

EEO / AA / M / F / Disabled / Vets

Job Description : Job Description

Job Description

Product Security Engineer

Location : NYC - 3 days a week in office

Job Description :

We have an exciting role for a Product Security Engineer who will be responsible for the design,

development, and strategy to secure digital products within NewsCorp supporting the NY POST.

The successful applicant will contribute expertise, embrace emerging trends, and provide overall guidance on

security best practices across all of News Corp businesses and technology groups. The

successful candidate will possess excellent interpersonal and communication skills required to

partner with other leaders across the global business to identify opportunities and risks. The

position will require the ability to multitask and work independently, as well as work

collaboratively with teams, some of which may be geographically distributed.

Key responsibilities include :

• Build, maintain and execute a strategy to secure our application ecosystem
• Provide technical consultation and direction on secure application design, architecture and

system security

Perform security reviews, code reviews and threat models of our products; identify any security

issues and develop guidance and plans to remediate

Work with software engineers to design preventative and / or detective controls for specific

security issues

• Partner with engineering teams to build reusable security components
• Facilitate penetration tests and code reviews for applications (web / mobile)
• Validate and triage vulnerabilities submitted by researchers from the News Corp bug bounty

program

Identify security risks and exposures, determine the causes of security violations and suggests

procedures to prevent future incidents

Help proliferate the use of automated security tools into development workflows to identify

security issues quickly

Participate in teaching secure development practices to software engineers

Qualifications and Skills :

Degree in Technology, Computer Science / Engineering, Cybersecurity, a related field or

equivalent experience

Demonstrated experience in one or more of the following languages / frameworks : Node.js, PHP,

Java, and / or Python

Knowledge of OWASP TOP 10 and CWE Top 25 and how to mitigate them and can explain how

to resolve the issues to developers.

• Proficient in cloud best practices and security - AWS, GCP and Azure
• Experience with Static and Software Composition Analysis tools such as Checkmarx and their

implementation within CICD build pipelines.

• Familiar with container technologies (Docker / Kubernetes etc) and use of cloud services
• Expertise on modern web and mobile application security practices and trends
• Dev tools experience (Github, Terraform, CircleCI, Jenkins, etc.)
• Working knowledge of common and industry standard cloud-native / cloud-friendly authentication

mechanisms (OAuth, OpenID, AWS IAM etc)

Excellent communication and presentation skills. Ability to effectively communicate, both orally

and in writing, through all levels of the organization

Any additional training, security certifications, or history of responsible disclosure is preferred

but not required

Location : NYC - 3 days a week in office

News Corp is a global diversified media and information services company focused on creating

and distributing authoritative and engaging content to consumers throughout the world. The

company comprises businesses across a range of media, including : news and information

services, book publishing, digital real estate services, cable network programming in Australia,

and pay-tv distribution in Australia.

Headquartered in New York, the activities of News Corp are conducted primarily in the United

States, Australia, and the United Kingdom.

Job Category :

Pay Range : 80,000 - 100,000

We recognize that attracting the best talent is key to our strategy and success as a company. As a result, we aim for flexibility in structuring competitive compensation offers to ensure we are able to attract the best candidates.

The quoted salary range represents our good faith estimate as to what our ideal candidates are likely to expect, and we tailor our offers within the range based on the selected candidate's experience, industry knowledge, location, technical and communication skills, and other factors that may prove relevant during the interview process.

Pay-for-performance is a key element in our strategy to attract, engage, and motivate talented people to do their best work.

Similarly to salary, for bonus eligible roles, targets are set based on a variety of factors including competitive market practice.

For benefits eligible roles, in addition to cash compensation, the company provides a comprehensive and highly competitive benefits package, with a variety of physical health, retirement and savings, caregiving, emotional wellbeing, transportation, and other benefits, including "elective" benefits employees may select to best fit the needs and personal situations of our diverse workforce.