Dow Jones & Company is a global provider of news and business information, delivering content to consumers and organizations around the world across multiple formats, including print, digital, mobile and live events. Dow Jones has produced unrivaled quality content for more than 125 years and today has one of the world’s largest news gathering operations globally. It produces leading publications and products including the flagship Wall Street Journal, America’s largest newspaper by paid circulation; Factiva, Barron’s, MarketWatch, Financial News, DJX, Dow Jones Risk & Compliance, Dow Jones Newswires, and Dow Jones VentureSource.
Dow Jones & Company is looking to expand their security program focused on Product Security. This group builds and executes a strategy responsible for making sure customer-facing products are designed and implemented to the highest security standards through a partnership with the product development engineering teams. The ideal candidate would have a good mix of technical and people skills to further the goals of the program.
This position will report to the Director of Product Security in the Cybersecurity group. As the company invests further in this area, there is room for innovation and growth for a hands-on, collaborative and energetic individual. The candidate will work with our flagship products such as Wall Street Journal, Marketwatch, Barrons, Factiva and DNA.
Serve as the security SME for product development engineering teams
Help build, maintain and execute a strategy to secure our customer-facing products.
Partner with product development engineering teams to ensure that products are “secure from the start” through an Agile Secure Development Lifecycle
Partner with the business to understand the needs and demands of our customers and the marketplace. Able to develop security standards and practices that ensure products are built to meet those needs
Work with product development engineering teams to address security findings and negotiate priorities for these to be released
Provide visibility around product security weaknesses to the business
Work alongside technical leadership to ensure secure architectural patterns are being used
Work with software engineers to threat model and design preventative and/or detective controls for specific security issues
Collaborate with engineering teams to build reusable security components
Help proliferate the use of automated security tools, that are maintained by the product security team into the continuous integration and development environment to identify security issues quickly
Collaborate with the Engineering team to design and execute a security champions program aimed at instilling security into the culture of product engineering
Lead conversations about security with prospective & current customers alongside the business and sales team
Develop security material (brochures, white-papers) for consumption by customers showcasing the security of our products
Skills & Experience:
Experience with design and architecture using modern secure design patterns
Experience with cloud best practices and security - at least one of AWS, GCP, Azure
Experience in one or more of the following modern languages/frameworks - Node.js, PHP, Java, C#, Python
A strong understanding of modern development processes including agile development
Strong knowledge of application security topics such as authn, authz, encryption, session management, federation, encryption
Ability to communicate complicated technical issues and risks to engineers, project managers and product managers
Extensive experience with application security tools like code scanners, dynamic analysis tools
Familiarity with security related certifications such as PCI, ISO27001
Strong understanding of public application security projects such as OWASP, BSIMM
Expert knowledge with Information Security frameworks and fundamentals including ISO 27001, NIST, Lockheed Killchain and MITRE ATT&CK-based analytics
Bachelor's degree in computer science or a related discipline, or equivalent work experience required, 8+ years of experience in information security or related technology experience
Dow Jones , Making Careers Newsworthy
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status. EEO/AA/M/F/Disabled/Vets .
Dow Jones is committed to providing reasonable accommodation for qualified individuals with disabilities, in our job application and/or interview process. If you need assistance or accommodation in completing your application, due to a disability, please reach out to us at TalentResourceTeam@dowjones.com . Please put “Reasonable Accommodation" in the subject line.
Business Area: TECHNOLOGY - INFORMATION SECURITY
Job Category: IT Administration/Support Group
Dow Jones is a global provider of news and business information, delivering content to consumers and organizations around the world across multiple formats, including print, digital, mobile and live events. Dow Jones has produced unrivaled quality content for more than 125 years and today has one of the world’s largest news gathering operations globally. It produces leading publications and products including the flagship Wall Street Journal, America’s largest newspaper by paid circulation; Factiva, Barron’s, MarketWatch, Financial News, DJX, Dow Jones Risk & Compliance, Dow Jones Newswires, and Dow Jones VentureSource.Dow Jones is a division of News Corp (NASDAQ: NWS, NWSA; ASX: NWS, NWSLV).
If you are a current employee at Dow Jones, do not apply here. Please go to the Career section on your Workday homepage and view "Find Jobs - Dow Jones." Thank you.
Req ID: 20071