Enterprise Security Control Test Engineer

Posted Date: May-24-2017

Job ID: 7497

Job Type: Full Time

Job Function: Information Technology

State: Washington


What's cool about this job

As REI’s Enterprise Security Control Test Engineer, you'll contribute to REI’s success by maintaining the confidentiality, integrity and availability of information assets by conducting active security testing across all REI application and infrastructure elements.

The Enterprise Security Control Test Engineer is a hands-on role that involves improving our programs resiliency to cyber threats and data privacy assurance by simulating real world attacks. The primary objective of the Enterprise Security Control Test Engineer is to deliver and enhance technical security assessments of applications and data stores, security design reviews as well as risk assessments. 

In this role you'll get to:

  • Use tactics employed by cyber threat actors to proactively test our ability to detect, react, and adapt to attacks
  • Test deployed security technologies for susceptibility to newly discovered advanced threats
  • Assist in the creation of workflows, procedures, and software development lifecycle integration points to insure that all REI developed code is accurately tested for security defect
  • Develop assessment reports that will be used for regulatory and data privacy verification
  • Develop test methodologies to identify how or when REI data leaves approved boundaries
  • Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
  • Make recommendations to management for remediation and improvement

Bring your passion and expertise

Requirements:

  • Bachelor’s degree in computer science, math, or engineering, or equivalent training and experience
  • 5+ years related experience or equivalent industry knowledge
  • Experience must be supported by relevant certification, such as, GWAPT, GIAC, GWEB, GPEN, etc.
  • Experience testing commerce applications on mobile devices (iOS and Android) for both advanced threats and data privacy violations
  • Experience performing testing in PCI or retail environments
  • Experience testing various applications and data stores for data exfiltration 
  • Experience testing deployed security controls against advanced threats 
  • Engineering level experience with at least three of the following: Windows, Red Hat Enterprise Linux, Cisco IOS, iOS, OSX, AWS EC2, Docker, PaloAlto Firewalls, Stonesoft NGFW, MSSQL, Maria DB, MySQL
  • Experience writing automation or supportive tooling using Python, Ruby, Java, C/C++, or BASH.
  • Experience with the following tools: Burp Suite Pro, OWASP ZAP, Nessus, Metasploit Framework (command line and module creation), Orca, Nikto, Nmap, Veil, 
  • Must be able to explain advanced and complicated exploits or attack methods to both non-technical, engineering, and development staff

Why you'll love it here

REI Information Technology is a team of creative and smart technologists who work in a collaborative environment to build business value through technology. And, we have the support of a great company to tackle some pretty dynamic challenges that will keep REI relevant for years to come. If you have a passion for the outdoors and want to be a part of innovating retail technology, this job is for you.

At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 20 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 140 retail locations (and growing), REI offers unique competitive benefits to its more than 12,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

NEW YORK CORRECTION LAW
ARTICLE 23-A, Section 753
LICENSURE AND EMPLOYMENT OF PERSONS PREVIOUSLY CONVICTED OF ONE OR MORE CRIMINAL OFFENSES

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.