Senior IT Security Engineer
Quick Summary
Implement, own, and champion secure-by-design frameworks across cloud, infrastructure, and application ecosystems, ensuring all system architectures address robust cybersecurity
Review and approve security architecture designs for new internal systems, cloud platforms, and third-party integrations. DevSecOps & CI/CD Pipelines: Design, enable,
A thriving, mission-driven multimedia organization, NPR produces award-winning news, information, and music programming in partnership with hundreds of independent public radio stations across the nation. The NPR audience values information, creativity, curiosity, and social responsibility – and our employees do too. We are innovators and leaders in diverse fields, from journalism and digital media to IT and development. Every day, our employees and member stations touch the lives of millions worldwide.
Across our organization, we’re building a workplace where collaboration is essential, diverse voices are heard, and inclusion is the key to our success. We are committed to doing the right thing in our journalism and in every role at NPR. This means that integrity, adherence to our ethical standards, and compliance with legal obligations are fundamental responsibilities for every employee at NPR.
As our Senior Security Engineer, you will bridge the gap between traditional infrastructure security and modern DevSecOps. We are looking for a proactive security engineer to define secure-by-design frameworks, implement high-impact DevSecOps pipelines across multi-cloud environments (AWS and GCP), and lead critical security reviews for emerging technologies, including artificial intelligence.
Beyond technical mastery, you will act as a collaborative partner to our internal teams, fostering a culture of proactive security, cyber vigilance, and continuous improvement. If you thrive in rapidly evolving environments and have a passion for building secure, resilient ecosystems, this is your next challenge.
Responsibilities
~2 min read- →Secure-by-Design Architecture: Implement, own, and champion secure-by-design frameworks across cloud, infrastructure, and application ecosystems, ensuring all system architectures address robust cybersecurity requirements.
- →Design & Integration Reviews: Review and approve security architecture designs for new internal systems, cloud platforms, and third-party integrations.
- →DevSecOps & CI/CD Pipelines: Design, enable, and maintain automated security pipelines to proactively scan Git repositories, catching vulnerabilities early in the software development lifecycle.
- →Cloud Security Management: Manage security lifecycles within multi-cloud environments (primarily AWS and GCP) to ensure continuous compliance and threat mitigation.
- →Vulnerability Management: Own and run the end-to-end vulnerability management program, prioritizing remediation efforts across enterprise systems.
- →AI & Emerging Tech Security: Assess and secure emerging technologies, evaluating security-focused Large Language Models (LLMs) and AI workflows to keep NPR aligned with industry progressions.
- →Security Monitoring & SIEM: Leverage SIEM platforms (specifically Splunk) to develop advanced dashboards, write queries, and build automated reporting mechanisms for real-time threat intelligence.
- →Network & Endpoint Defense: Deploy, recommend, and test advanced security controls, including Endpoint Detection and Response (EDR), enterprise-level antivirus, and perimeter security for Cisco networking devices.
- →Cross-Functional Collaboration: Partner with internal NPR technology and business teams to address security gaps, resolve concerns, and provide subject matter expertise in ongoing cybersecurity meetings.
Requirements
~2 min read- 5+ years of experience in an information security, security engineering, or infrastructure security role.
- 2+ years of hands-on experience in DevSecOps, secure software development, or automated CI/CD security pipeline integration.
- Strong hands-on technical experience administering enterprise security tools, including SIEM (Splunk), EDR/anti-malware, and vulnerability management systems.
- Proven experience securing multi-cloud environments (AWS and/or GCP) and a solid understanding of cloud security posture management.
- Practical knowledge of core networking concepts and principles, including securing perimeter devices (such as Cisco hardware).
- Demonstrated track record of cross-functional technical communication, documentation, and assisting development teams with security remediation.
- Industry certifications such as CISSP, GIAC, or specialized cloud/DevSecOps credentials (or equivalent practical experience).
- Experience with Infrastructure as Code (IaC) and network automation tools.
- Practical experience implementing secure workflows for generative AI tools or LLMs.
- Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or equivalent work experience.
- NPR Remote-Permitted: This is a remote-permitted role. This role is based out of our Washington, D.C. office, but the employee may choose to work on a remote basis from a location that NPR approves. You will have the option of working (a) remotely from a location of your choosing within the United States that is supported by NPR; (b) on-site at an NPR facility, based on the availability of desks and approval from NPR; or (c) a combination of both. Regardless of where you choose to work from, you may be expected to travel to other locations from time to time to perform the duties of your position.
- Threat & Vulnerability Analysis: Analytical capability to interpret automated scan results, prioritize vulnerabilities, and formulate remediation plans.
- Cloud Security Architecture: Foundational competence in designing and securing cloud-native services and environments.
- Automation & Scripting: Ability to write utility scripts (Python, Bash, etc.) to automate security checks or integrate tools.
- SIEM Querying: Proficiency in building custom queries and alerts within SIEM platforms like Splunk.
- Collaborative Problem Solving: Exceptional interpersonal and technical communication skills to bridge security policies with developer workflows.
- This is a full-time, exempt position.
What We Offer
~1 min read#LI-REMOTE
NPR is an Equal Opportunity Employer. NPR is committed to being an inclusive workplace that welcomes diverse and unique perspectives, all working toward the same goal – to create a more informed public. Qualified applicants receive consideration for employment without regard to race, color, ethnicity, national origin, ancestry, age, religion, religious belief, sex (including pregnancy, childbirth and related medical conditions, lactation, and reproductive health decisions), sexual orientation, gender, gender identity or expression, transgender status, gender non-conforming status, intersex status, sexual stereotypes, nationality, citizenship status, personal appearance, marital status, family status, family responsibilities, military status, veteran status, mental and physical disability, medical condition, genetic information, genetic characteristics of yourself or a family member, political views and affiliation, unemployment status, protective order status, status as a victim of domestic violence, sexual assault, or stalking, or any other basis prohibited under applicable law.
You may read NPR’s privacy policy to learn about how NPR may handle information you submit with any application.
Want more NPR? Explore the stories behind the stories on our NPR Extra blog. Get social with NPR Extra on Facebook and Instagram. Find more career opportunities at NPR.org/careers.
Location & Eligibility
Listing Details
- Posted
- July 9, 2026
- First seen
- July 9, 2026
- Last seen
- July 9, 2026
Posting Health
- Days active
- 0
- Repost count
- 0
- Trust Level
- 80%
- Scored at
- July 9, 2026
Signal breakdown
Please let Nationalpublicradioinc know you found this job on Jobera.
3 other jobs at Nationalpublicradioinc
View all →Explore open roles at Nationalpublicradioinc.
Similar It Security Engineer jobs
View all →Browse Similar Jobs
Stay ahead of the market
Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.
No spam. Unsubscribe at any time.