Cyber Threat Engineer

Posted Date: Aug-10-2017

Job ID: 8539

Job Type: Full Time

Job Function: Legal

City: Kent

State: Washington


What's cool about this job

The Cyber Threat Engineer will be directly in charge of detecting the newest and most advanced threats, research and analyze these threats and come up with creative counter measures.  The Threat Engineer is required to maintain an extensive understanding of services provided by REI and to develop relationships throughout the organization to assist Information Security in accomplishing its goals for the company.  

  • Develop and utilize standard processes, techniques, and procedures to collect, review, process, and evaluate intelligence information from a variety of internal and external sources, including Law Enforcement and private/public industry security associations.
  • Assists in the creation of workflows, procedures, and data systems necessary to assess and mitigate advanced threats.
  • Use creative methodologies and technologies to develop and communicate trends, patterns, profiles, estimates, and tactical interdiction information as well as to solve unusual problems related to threats with a direct or indirect impact to the brand, business operations, technology infrastructure and customer trust.
  • Documents and tracks assessments, incidents, and intelligence through out a defined lifecycle.
  • Assists in the deployment of technology solutions that integrate with the REI application security, vulnerability management, and threat intelligence programs to deliver best of breed threat identification and remediation systems.
  • Maintains relevancy by researching modern attacker tactics, tools, procedures, and exploits (TTPE).
  • Investigate events by monitoring, analyzing and reporting on all network and application communication specific protocols for unwanted manipulation to systems, malicious network traffic, network attacks against vulnerable services, data driven attacks on applications, host based attacks or unauthorized access to sensitive data. 
  • Demonstrates advanced security knowledge and experience on technologies and methodologies as it relates to operating systems, firewalls, proxies, access controls, encryption, networking, programming/scripting, auditing, vulnerability assessments, intrusion management and operations management to assist the Information Security team with effective research, data gathering, analysis, metrics reporting and communications. 
  • Provide guidance using specialized knowledge and toolsets to operational teams during enterprise wide crisis scenarios, e.g. large-scale production service outages, outside of the routine change management process.
  • Responsible for providing technical leadership focused on Threat Intelligence. Ensure that all layers of the network and application infrastructure integrate in a secure fashion.
  • Lead and execute Information Security projects related to Threat and Intelligence. Develop, execute on and communicate project tasks, timelines, and status information.
  • Stay current with information security trends and provide intelligence in the areas of intrusion techniques, social engineering, technology, and security specific solutions.  Utilizes internal and external threat, indicator of compromise, and vulnerability data to iteratively adjust program methods, tools, and focus.
  • Advise management on applicable trends and recommended solutions. Serve as a subject matter expert (SME) for designated information security controls.

Bring your passion and expertise

Requirements:

  • Bachelor’s degree in computer science, math, or engineering, or equivalent training and experience.
  • 5+ years related experience or equivalent industry knowledge.
  • Experience must be supported by relevant certification, such as, GIAC, GCIH, GCFE, GREM,  etc
  • Experience must be supported by appropriate training such as: Incident Response for Technical Staff (CERT/CC), Advanced Incident Handling (CERT/CC), Malware Analysis (MANDIANT), 
  • Understands Assembly and Shellcode 
  • Can demonstrate and explain a comprehensive Threat Intelligence Analysis Cycle and walk an audience through a real life example that highlights each step of the process.
  • Can comfortably explain the following to a moderately technical audience: LAMP, J2EE, REST, SOAP, WMI, MS-DS, CIFS, BASH, CRON, 
  • Ability to participate in on-call rotation for 24x7 service requirement. 
  • Must be extremely comfortable working in a combined Linux/Windows environment
  • Has deployed modern SEIM products in environments managing above 7K EPS.
  • Knowledge of Microsoft Active Directory operation and structure.
  • Engineering level experience with at least three of the following: MSSQL, NOSQL, Mongo, Apache Tomcat, JBOSS, SCCM, Debian, CentOS, RHEL, Puppet, Chef, 
  • Experience with the following tools: Yara, Redline, Resolution One, Volatility, Burp Suite Pro, OWASP ZAP, Nessus, Metasploit Framework, IDA Pro, Nikto, Nmap, 
  • Understands or has deployed open source analytics solutions such as Kibana/Log Stash.
  • Experience creating “Live Response” scripts for Linux and Windows environments. 
  • Must be able to explain advanced and complicated exploits or attack methods to both non-technical, engineering, and development staff.

Why you'll love it here

REI’s Enterprise Information Security Program is one of the most highly sought teams to join at REI.  We are a highly collaborative group that leverages advanced technologies to do their jobs.  And, we have the support and confidence of REI’s leadership team to take on and mitigate cyber security threats.  If you have a passion for outdoors, and want to be part of a dynamic and innovating cyber security program, this job is for you.

At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 20 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 140 retail locations (and growing), REI offers unique competitive benefits to its more than 12,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

NEW YORK CORRECTION LAW
ARTICLE 23-A, Section 753
LICENSURE AND EMPLOYMENT OF PERSONS PREVIOUSLY CONVICTED OF ONE OR MORE CRIMINAL OFFENSES

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.