Schibsted general template

Job Description

About the team:

The Schibsted Media Cyber Security team is looking for an IT Security Engineer to protect the organization and the publishers along their mission for free and independent press. Located in Sweden, the team is responsible for designing, building and maintaining core cybersecurity tools and services for the company and journalists as well as supporting the development of safe products and services to our customers. We are part of the tech department, the cybersecurity team collaborates with the other part of the organisation: journalists, editors, IT, AI, legal, infrastructure, network, user devices, collaboration software, …

What will you do in this role?

As an IT Security Engineer, you will be responsible for the development of critical IT Security functions within the company. In this role, you will be analysing, designing, implementing, and maintaining security solutions to protect our organisation's IT infrastructure and assets. Your expertise will be vital in ensuring the confidentiality, integrity, and availability of our systems and data.

Your Main Responsibilities Will Be To

• Perform security assessments and identify areas for improvements and designing strategies to mitigate risks effectively.
• Drive and improve enterprise-wide security initiatives, including threat detection and prevention systems, incident response functions, and vulnerability management
• Engage in Incident Response in collaboration with NOC & SOC to mitigate and investigate security incidents using threat hunting and digital forensics methodology.
• Design and implement robust security systems and architectures, including network segmentation, firewalls, intrusion detection and prevention systems, VPNs, and endpoint protection solutions.
• Design and implement security protocols and best practices to protect journalistic content, communications, and digital assets from unauthorised access, interception, or tampering.
• Improve security monitoring of the network , cloud, IAM and endpoint system environment to detect and prevent threats quicker and more accurately.
• Perform security due-diligence of and define security procedures towards external vendors and third party providers to prevent supply-chain threats.
• Write security documentation, including policies, standards, procedures, and guidelines, ensuring compliance with regulatory requirements and industry standards.
• Collaborate with external auditors and regulatory bodies to facilitate security audits and assessments.
• Contribute to the development of security training and education programs tailored to e.g. journalists and developers.
• Collaborate with journalists, editors, and other stakeholders to assess security risks and vulnerabilities in journalistic workflows and communications.
• Collaborate with the physical security team for assignments related to journalists operating in high risk environments.
• Collaborate with journalists to understand their missions ‘on the field’ and support them with adapted tools and equipment.
• Conduct security assessments and audits of digital platforms, tools, and communication channels used by journalists, identifying and remedying security weaknesses and vulnerabilities.
• Contribute developing and delivering security awareness training and resources for journalists and editorial staff, promoting a culture of security awareness and vigilance.
• Depending on your experience, provide guidance and mentorship to junior security team members, fostering a culture of continuous learning and development.
  
  

Key Competencies

• Strong academic background within the areas of cyber security, computer science or other relevant field
• 1-3 years of experience in an IT Security role, with practical experience in implementing security controls and technologies.
• Proficiency in network and system administration, with hands-on experience managing security tools and technologies such as SIEM, DLP, EDR, and vulnerability scanning tools.
• Strong understanding of networking protocols, operating systems, and cloud computing platforms, with the ability to analyse and troubleshoot security-related issues.
• Excellent analytical and problem-solving skills, with the ability to prioritise and manage multiple tasks effectively.
• Strong communication and interpersonal skills, with the ability to collaborate effectively with both technical and non-technical stakeholders.
  
  

Nice To Have

• A good understanding of the threat landscape of a media house.
• Systems programming experience such as Python.
• Previous experience working with EDR, vulnerability scanners or SIEM.
• Experience working with threat intelligence for tactical and strategic improvements.
  
  

The position is based in Oslo and requires regular interactions with journalists. Fluency in English and Norwegian is required.

About The Company

Independent Journalism – That’s our business

Schibsted Media Group includes some of the strongest media brands in the Nordics, including VG, Aftenposten, E24, Bergens Tidende, Stavanger Aftenblad, Aftonbladet, Svenska Dagbladet, Omni, and Podme.

Every day, nearly seven million people turn to our editorial media to stay informed, engaged, and entertained through text, audio, images, and video. The trust of our users is crucial to us. To maintain this trust, we prioritise truth, verifiability, and transparency.

Our 2,800 employees are based in Oslo, Bergen, Stavanger, Stockholm, Helsinki, Krakow, and Gdansk. We rely on all of them to succeed, through close collaboration across editorial teams, product and technology environments, and subscription and advertising units.

What began as Christian Schibsted's small printing business in Christiania (now Oslo) in 1839 has grown into one of the leading media companies in the Nordics. For nearly two centuries, our journalism has empowered people, built communities, exposed abuses of power, and strengthened democracies. Our democracies depend on independent journalism. That’s our business.