Application Security Engineer

Gannett Co., Inc. (NYSE: GCI) is an innovative, digitally focused media and marketing solutions company committed to strengthening communities across our network. With an unmatched local-to-national reach, Gannett touches the lives of more than 110 million people monthly with our Pulitzer-Prize winning content, consumer experiences and benefits, and advertiser products and services. Gannett brands include USA TODAY NETWORK with the iconic USA TODAY and more than 100 local media brands, digital marketing services companies ReachLocal and SweetIQ, and U.K. media company Newsquest. To connect with us, visit .

Explore the possibilities as an Application Security Engineer

Position Summary

Gannett is seeking talented engineers to join a rapidly growing cyber-security team. The team is responsible for implementing innovative security solutions on cutting-edge cloud technology. This role will work with various teams in securing dozens of Gannett's applications already in the cloud, plus creating security solutions to enable the migration of hundreds more. They will be using a myriad of custom internal and open source tools in a hybrid cloud running thousands of servers, and will have the opportunity to evaluate new processes and shape the policies of new environments.

Technologies and Disciplines

Amazon Web Services, Google Compute Engine, Microsoft Azure, OpenStack Continuous delivery and build servers such as Jenkins, TeamCity or Drone Automation using Python Ruby or Golang, plus extensive use of Chef and Docker

System Environments

Linux (CentOS/RHEL) and Windows Server Stateless servers and containers, such as Docker and Kubernetes Nginx and Apache Webservers MSSQL/MySQL/Postgres databases Couchbase, MongoDB and other NoSQL databases

Position Responsibilities

Security automation development (enabling to move faster, more securely) Application security testing (existing applications and on-boarding of new applications) Automation of existing security toolsets Cyber security evangelization and champion of automation Responding to security incidents

Desired Skills and Experience

Application vulnerability scanning and pen testing Secure coding practices Application security testing practices (S/DAST, IAST, RASP) Web Application Firewalls, IDS/IPS, SQL injection and XSS Security tools: Nessus, Saint, Wireshark, Netcat, Metasploit, Burp Suite, OWASP ZAP Security standards: OWASP Top 10, SANS Top 25, CIS, NIST, CVE Best practices across cloud platforms Cloud+, CCSK, AWS CSA, Security+

Minimum Qualifications

Work history applying security to cloud automation or implementation 3+ years experience in Linux systems administration or cybersecurity Experience deploying to AWS or other clouds Experience with Chef and Docker or other configuration management tools Familiarity with the OWASP Top 10, and common attack vectors

Additional Considerations

Automation experience using Python or Bash (plus source control such as git) Knowledge of Ruby Experience using a opensource tools like clair, security monkey

Gannett Co., Inc. is a proud equal opportunity employer. We are a drug free, EEO employer committed to a diverse workforce. We will consider all qualified candidates regardless of race, color, national origin, sex, age, marital status, personal appearance, sexual orientation, gender identity, family responsibilities, disability, education, political affiliation or veteran status.

Meet Some of USA TODAY NETWORK's Employees

Steven D.

Account Executive

Steven serves as a point person of contact with businesses in local markets. He works with partner organizations to determine how USA TODAY can help them be successful.

Dianna N.


Dianna covers local news and documents whatever’s happening in her community. To understand what issues matter to her readers, she spends a lot of time connecting with people in her neighborhood.

Back to top