Enterprise Security Control Test Engineer
Posted Date: May-24-2017
Job ID: 7497
Job Type: Full Time
Job Function: Information Technology
What's cool about this job
As REI’s Enterprise Security Control Test Engineer, you'll contribute to REI’s success by maintaining the confidentiality, integrity and availability of information assets by conducting active security testing across all REI application and infrastructure elements.
The Enterprise Security Control Test Engineer is a hands-on role that involves improving our programs resiliency to cyber threats and data privacy assurance by simulating real world attacks. The primary objective of the Enterprise Security Control Test Engineer is to deliver and enhance technical security assessments of applications and data stores, security design reviews as well as risk assessments.
In this role you'll get to:
- Use tactics employed by cyber threat actors to proactively test our ability to detect, react, and adapt to attacks
- Test deployed security technologies for susceptibility to newly discovered advanced threats
- Assist in the creation of workflows, procedures, and software development lifecycle integration points to insure that all REI developed code is accurately tested for security defect
- Develop assessment reports that will be used for regulatory and data privacy verification
- Develop test methodologies to identify how or when REI data leaves approved boundaries
- Perform security reviews of application designs, source code and deployments as required, covering all types of applications (web application, web services, mobile applications, thick client applications, SaaS)
- Make recommendations to management for remediation and improvement
Bring your passion and expertise
- Bachelor’s degree in computer science, math, or engineering, or equivalent training and experience
- 5+ years related experience or equivalent industry knowledge
- Experience must be supported by relevant certification, such as, GWAPT, GIAC, GWEB, GPEN, etc.
- Experience testing commerce applications on mobile devices (iOS and Android) for both advanced threats and data privacy violations
- Experience performing testing in PCI or retail environments
- Experience testing various applications and data stores for data exfiltration
- Experience testing deployed security controls against advanced threats
- Engineering level experience with at least three of the following: Windows, Red Hat Enterprise Linux, Cisco IOS, iOS, OSX, AWS EC2, Docker, PaloAlto Firewalls, Stonesoft NGFW, MSSQL, Maria DB, MySQL
- Experience writing automation or supportive tooling using Python, Ruby, Java, C/C++, or BASH.
- Experience with the following tools: Burp Suite Pro, OWASP ZAP, Nessus, Metasploit Framework (command line and module creation), Orca, Nikto, Nmap, Veil,
- Must be able to explain advanced and complicated exploits or attack methods to both non-technical, engineering, and development staff
Why you'll love it here
REI Information Technology is a team of creative and smart technologists who work in a collaborative environment to build business value through technology. And, we have the support of a great company to tackle some pretty dynamic challenges that will keep REI relevant for years to come. If you have a passion for the outdoors and want to be a part of innovating retail technology, this job is for you.
At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 20 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.
With more than 140 retail locations (and growing), REI offers unique competitive benefits to its more than 12,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.
REI is an Equal Opportunity Employer