Senior Cybersecurity Engineer

The Senior Cybersecurity Engineer is responsible for designing, implementing, and maintaining the organization's cybersecurity infrastructure to protect digital publishing platforms, newsroom systems, corporate applications, and sensitive data. This role serves as a senior technical expert, leading security initiatives, driving the implementation of security controls, and supporting the organization's overall cybersecurity strategy.

The Senior Cybersecurity Engineer works closely with IT, Engineering, Product, Data, and business stakeholders to identify and mitigate security risks, strengthen security posture, and ensure compliance with organizational policies and industry best practices. This position plays a critical role in securing systems that support the delivery of trusted journalism while maintaining the confidentiality, integrity, and availability of enterprise technology assets.

Responsibilities:

• Design, implement, and maintain enterprise security solutions across cloud, on-premises, and hybrid environments.
• Lead the development and enhancement of security architecture, ensuring alignment with business objectives and security best practices.
• Evaluate and recommend security technologies, tools, and controls to strengthen organizational defenses.
• Partner with engineering teams to integrate security requirements into system design and development processes.

• Lead investigations of security incidents, alerts, and potential threats.
• Perform advanced threat hunting and analysis to identify emerging risks and vulnerabilities.
• Develop and maintain incident response procedures, playbooks, and remediation strategies.
• Coordinate containment, eradication, and recovery efforts during cybersecurity incidents.

• Conduct vulnerability assessments and security reviews across infrastructure, applications, and cloud environments. Report findings to leadership.
• Prioritize and coordinate remediation efforts based on risk assessments.
• Perform security testing and validation of implemented controls.
• Provide recommendations to reduce organizational risk and improve security maturity.

• Oversee security monitoring platforms and detection capabilities.
• Develop and optimize security alerts, dashboards, and response workflows.
• Analyze security logs and system activity to identify indicators of compromise.
• Support continuous improvement of security operations processes and procedures.

• Maintaining compliance with applicable security frameworks, policies, and regulatory requirements.
• Conduct audits, risk assessments, and security reviews.
• Develop and maintain security documentation, standards, and technical procedures.

• Partner with cross-functional teams to ensure security considerations are incorporated into technology initiatives.
• Provide security guidance to infrastructure, engineering, and product teams.
• Mentor junior engineers and technical staff on cybersecurity best practices.
• Support security awareness and training initiatives across the organization.
• Performs other duties as assigned.

Requirements:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, Engineering, or a related field required and 8 years of experience in cybersecurity, security engineering, information security, or related technical roles OR 10 years of experience in cybersecurity, security engineering, information security, or related technical roles.
• Demonstrated experience implementing and managing enterprise security technologies.
• Experience leading complex security initiatives and incident response efforts.
• Technical Expertise
• Strong knowledge of network security, cloud security, endpoint security, identity and access management, and security architecture principles.
• Experience with SIEM, EDR, vulnerability management, intrusion detection/prevention, and security monitoring platforms.
• Demonstrated experience mentoring or coaching technical staff
• Experience securing cloud environments such as AWS, Azure, or Google Cloud Platform.
• Knowledge of security frameworks including NIST, CIS Controls, ISO 27001, or similar standards.
• Familiarity with scripting or automation technologies such as PowerShell, Python, or similar tools.
• Skills & Competencies
• Strong analytical and problem-solving skills.
• Excellent written and verbal communication abilities.
• Ability to manage multiple priorities and work independently.
• Strong attention to detail and commitment to continuous improvement.

Preferred Qualifications:

• Industry certifications such as CISSP, GIAC, GSEC, GCIH, CCSP, Security , or equivalent.
• Experience supporting media, publishing, digital content platforms, or high-traffic consumer-facing environments.
• Experience leveraging AI-enabled security tools and automation technologies to enhance threat detection, incident response, and operational efficiency.

The L.A. Times is an equal opportunity employer and welcomes all qualified applicants regardless of race, ethnicity, religion, gender, gender identity, sexual orientation, disability status, protected veteran status, or any other characteristic protected by law. We actively work to create an inclusive environment where all of our employees can thrive. This Privacy Notice for Los Angeles Times sets forth how we will use the information we obtain when you apply for a position with us. Explore our company history, achievement, values, mission and more on our career site.

The pay scale the Company reasonably expects to pay for this position at the time of the posting is $158,000 to $175,000 and takes into account a wide range of factors including but not limited to skill set, experience, training, licenses, certifications, and other business or organizational needs. Compensation will be determined based on the above factors along with the requirements of the position. At the L.A. Times, it is not typical for an individual to be hired at or near the top of the range for the role. Please visit our career site to view the benefits available to our employees. We recommend adding our applicant tracking system domain (@dayforce.com) as a safe sender or contact, sometimes these emails get filtered to candidates' spam folders.