IT Security Architect

Posted Date: Mar- 3-2017

Job ID: 6699

Job Type: Full Time

Job Function: Information Technology

City: Kent

State: Washington


What's cool about this job

Do you have experience developing an IT Security vision that aligns with a corporate information security vision?  Do you also enjoy working in a fast paced retail environment driven by the most advanced IT and business service delivery technologies?  If you said yes to each of the questions above, then we have an opportunity for you.  We are seeking a permanent full time position within our Information Technology.

As the IT Security and Risk Management Domain Architect, you will be accountable for ensuring REI’s IT systems and data are designed and implemented with the highest data security and privacy standards. You will play a critical role in defining REI’s technology security landscape, ensuring REI is appropriately postured to address advanced security threats, cloud migration, and workforce mobility. 

This role partners closely with portfolio planning teams to shape solution architectures during the demand management/intake processes and take a leadership role for our Solution Architects that are responsible for delivering solutions defined by the IT Security Domain Architect. It is a critical architecture role in REI and part of REI’s Architecture and Information Security communities.

  • Maintain current knowledge of emerging security threats and their applicability to REI’s environments
  • Participate in cyber defense exercise development, planning and participation
  • Manage IT Security Architecture Principles, Policies and Standards
  • Manage IT Security Technology Roadmap
  • Provide IT Security Architecture oversight as part of data governance committee(s) and programs partnering with Enterprise Information Architect, Legal, and Information Security.
  • Security design reviews/assesses security implications for introduction of new or differing technologies
  • Advocates and champions of Enterprise Architecture concerns to project teams managed by their domain’s project portfolio

Bring your passion and expertise

Requirements:

  • Bachelor’s degree in Computer Science, Cybersecurity, or a related field or commensurate experience in Security Architecture
  • Relevant IT architecture, information security or cloud security certifications are strongly preferred
  • Strong understanding of IT, Information Security or business delivery frameworks, such as ISO 27001/27002, NIST Cybersecurity Framework 3.1 & 3.2, ITIL, PCI-DSS and COBIT 
  • Knowledge of Networking, Virtualization, Storage and Cloud Technologies including but not limited to secure implementation of: local area networks (LANs), wide area networks (WANs), virtual private networks (VPNs), wireless networks (Wi-Fi), switches, routers, firewalls, wireless access points and related security and network devices; Hypervisors, VMs and VDIs; Storage Area Networks (SAN), Network Attached Storage (NAS), CIFS, SMB and relevant security and replication technologies.
  • Excellent understanding of cloud security and experience with design and/or implementation of applications in the cloud; Understanding of cloud deployment models: Private Cloud, Public Cloud, Hybrid Cloud; Cloud service models: Infrastructure as a service (IaaS), Platform as a service (PaaS) and Software as a service (SaaS); implementation of relevant controls to ensure Confidentiality, Integrity and Availability of REI data.
  • Extensive knowledge of technical security controls and technologies (e.g. IDS, IPS, traditional, NextGen and Web Application Firewalls; Data Loss Prevention; Antivirus, Anti-malware and Zero Day technologies; Security Information and Event Management (SIEM); Access and Identify Management and Privileged User Management; Public Key Infrastructure and Certificate management).
  • Security concepts related to threat management, authorization and authentication, perimeter security controls, and security lifecycle methods/frameworks (e.g. Microsoft SDL and BSIMM) with specific knowledge for securing PCI and PII data
  • Ability to scope solution architectures to contribute to estimation activities
  • Ability to coach and mentor Solution Architects 
  • Ability to build solution architecture models using UML
  • Minimum of 8 years developing real world scaled solutions with knowledge of full application development lifecycle (SDLC) and methodologies; waterfall, agile and hybrid

Why you'll love it here

REI Information Technology is a team of creative and smart technologists who work in a collaborative environment to build business value through technology. And, we have the support of a great company to tackle some pretty dynamic challenges that will keep REI relevant for years to come. If you have a passion for the outdoors and want to be a part of innovating retail technology, this job is for you.

At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 20 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 140 retail locations (and growing), REI offers unique competitive benefits to its more than 12,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

NEW YORK CORRECTION LAW
ARTICLE 23-A, Section 753
LICENSURE AND EMPLOYMENT OF PERSONS PREVIOUSLY CONVICTED OF ONE OR MORE CRIMINAL OFFENSES

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.