USA TODAY NETWORKis one of the top 20 digital companies in the country, sharing the list with Google, Facebook, and Amazon.We reach over 100 million unique visitors a month, which is more than Buzzfeed, Yahoo News, and Huffington Post, and have local brands present in 110 U.S. markets. We have a loyal following based on a combination of trusted, fact-checked journalism, innovative products, a deep commitment to our local communities, and our constantly iterating our products to be on the leading edge of media and technology.
Explore the possibilities as an Application Security Engineer
Position Summary
Gannett is seeking talented engineers to join a rapidly growing cyber-security team. The team is responsible for implementing innovative security solutions on cutting-edge cloud technology. This role will work with various teams in securing dozens of Gannett’s applications already in the cloud, plus creating security solutions to enable the migration of hundreds more. They will be using a myriad of custom internal and open source tools in a hybrid cloud running thousands of servers, and will have the opportunity to evaluate new processes and shape the policies of new environments.
Technologies and Disciplines
Amazon Web Services, Google Compute Engine, Microsoft Azure, OpenStack Continuous delivery and build servers such as Jenkins, TeamCity or Drone Automation using Python Ruby or Golang, plus extensive use of Chef and Docker
System Environments
Linux (CentOS/RHEL) and Windows Server Stateless servers and containers, such as Docker and Kubernetes Nginx and Apache Webservers MSSQL/MySQL/Postgres databases Couchbase, MongoDB and other NoSQL databases
Position Responsibilities
Security automation development (enabling to move faster, more securely) Application security testing (existing applications and on-boarding of new applications) Automation of existing security toolsets Cyber security evangelization and champion of automation Responding to security incidents
Skills & Requirements
Desired Skills and Experience
Application vulnerability scanning and pen testing Secure coding practices Application security testing practices (S/DAST, IAST, RASP) Web Application Firewalls, IDS/IPS, SQL injection and XSS Security tools: Nessus, Saint, Wireshark, Netcat, Metasploit, Burp Suite, OWASP ZAP Security standards: OWASP Top 10, SANS Top 25, CIS, NIST, CVE Best practices across cloud platforms Cloud+, CCSK, AWS CSA, Security+, Bachelors Degree in Computer Science or equivalent
Minimum Qualifications
Work history applying security to cloud automation or implementation 3+ years experience in Linux systems administration or cybersecurity Experience deploying to AWS or other clouds Experience with Chef and Docker or other configuration management tools Familiarity with the OWASP Top 10, and common attack vectors
Additional Considerations
Automation experience using Python or Bash (plus source control such as git) Knowledge of Ruby Experience using a opensource tools like clair, security monkey
We are a drug free, EEO employer committed to a diverse workforce. We will consider all qualified candidates regardless of race, color, national origin, sex, age, marital status, personal appearance, sexual orientation, family responsibilities, disability, education, political affiliation or veteran status.
