ForgeApply
Try it free

ForgeApply · Job listing

Senior IT Security Engineer

Nationalpublicradioinc

Remote · US$125k – $152k

Apply in about a minute — without sacrificing quality.

ForgeApply autofills this application and tailors your resume to this exact posting. You review everything before it's sent. Free trial, no card required.

About this role

OVERVIEW

A thriving, mission-driven multimedia organization, NPR produces award-winning news, information, and music programming in partnership with hundreds of independent public radio stations across the nation. The NPR audience values information, creativity, curiosity, and social responsibility – and our employees do too. We are innovators and leaders in diverse fields, from journalism and digital media to IT and development. Every day, our employees and member stations touch the lives of millions worldwide.

Across our organization, we’re building a workplace where collaboration is essential, diverse voices are heard, and inclusion is the key to our success. We are committed to doing the right thing in our journalism and in every role at NPR . This means that integrity, adherence to our ethical standards, and compliance with legal obligations are fundamental responsibilities for every employee at NPR.

Intro to Position

As our Senior Security Engineer, you will bridge the gap between traditional infrastructure security and modern DevSecOps. We are looking for a proactive security engineer to define secure-by-design frameworks, implement high-impact DevSecOps pipelines across multi-cloud environments (AWS and GCP), and lead critical security reviews for emerging technologies, including artificial intelligence.

Beyond technical mastery, you will act as a collaborative partner to our internal teams, fostering a culture of proactive security, cyber vigilance, and continuous improvement. If you thrive in rapidly evolving environments and have a passion for building secure, resilient ecosystems, this is your next challenge.

Responsibilities

• Secure-by-Design Architecture: Implement, own, and champion secure-by-design frameworks across cloud, infrastructure, and application ecosystems, ensuring all system architectures address robust cybersecurity requirements.

• Design & Integration Reviews: Review and approve security architecture designs for new internal systems, cloud platforms, and third-party integrations.

• DevSecOps & CI/CD Pipelines: Design, enable, and maintain automated security pipelines to proactively scan Git repositories, catching vulnerabilities early in the software development lifecycle.

• Cloud Security Management: Manage security lifecycles within multi-cloud environments (primarily AWS and GCP) to ensure continuous compliance and threat mitigation.

• Vulnerability Management: Own and run the end-to-end vulnerability management program, prioritizing remediation efforts across enterprise systems.

• AI & Emerging Tech Security: Assess and secure emerging technologies, evaluating security-focused Large Language Models (LLMs) and AI workflows to keep NPR aligned with industry progressions.

• Security Monitoring & SIEM: Leverage SIEM platforms (specifically Splunk) to develop advanced dashboards, write queries, and build automated reporting mechanisms for real-time threat intelligence.

• Network & Endpoint Defense: Deploy, recommend, and test advanced security controls, including Endpoint Detection and Response (EDR), enterprise-level antivirus, and perimeter security for Cisco networking devices.

• Cross-Functional Collaboration: Partner with internal NPR technology and business teams to address security gaps, resolve concerns, and provide subject matter expertise in ongoing cybersecurity meetings.

The above duties and responsibilities are not an exhaustive list of required responsibilities, duties and skills. Other duties may be assigned, and this job description can be modified at any time.

Minimum Qualifications

• 5+ years of experience in an information security, security engineering, or infrastructure security role.

• 2+ years of hands-on experience in DevSecOps, secure software development, or automated CI/CD security pipeline integration.

• Strong hands-on technical experience administering enterprise security tools, including SIEM (Splunk), EDR/anti-malware, and vulnerability management systems.

• Proven experience securing multi-cloud environments (AWS and/or GCP) and a solid understanding of cloud security posture management.

• Practical knowledge of core networking concepts and principles, including securing perimeter devices (such as Cisco hardware).

• Demonstrated track record of cross-functional technical communication, documentation, and assisting development teams with security remediation.

Preferred Qualifications

• Industry certifications such as CISSP, GIAC, or specialized cloud/DevSecOps credentials (or equivalent practical experience).

• Experience with Infrastructure as Code (IaC) and network automation tools.

• Practical experience implementing secure workflows for generative AI tools or LLMs.

Required Skills/Competencies

• Threat & Vulnerability Analysis: Analytical capability to interpret automated scan results, prioritize vulnerabilities, and formulate remediation plans.

• Cloud Security Architecture: Foundational competence in designing and securing cloud-native services and environments.

• Automation & Scripting: Ability to write utility scripts (Python, Bash, etc.) to automate security checks or integrate tools.

• SIEM Querying: Proficiency in building custom queries and alerts within SIEM platforms like Splunk.

• Collaborative Problem Solving: Exceptional interpersonal and technical communication skills to bridge security policies with developer workflows.

Education Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or equivalent work experience.

Work Location & Requirements

• NPR Remote-Permitted : This is a remote-permitted role. This role is based out of our Washington, D.C. office, but the employee may choose to work on a remote basis from a location that NPR approves. You will have the option of working (a) remotely from a location of your choosing within the United States that is supported by NPR; (b) on-site at an NPR facility, based on the availability of desk

Ready to apply to Nationalpublicradioinc?

Apply in about a minute

Similar jobs

More like this: Security & Cybersecurity Jobs · Remote Security & Cybersecurity Jobs · Browse all jobs