Information Security Incident Response Manager

Posted Date: Jul-25-2017

Job ID: 8307

Job Type: Full Time

Job Function: Legal

City: Kent

State: Washington

What's cool about this job

Do you have experience building and leading Cyber Incident Response Teams? Do you also enjoy working in a fast passed retail environment driven by the most advanced security and business delivery technologies?  If you said yes to each of the questions above, then we have an opportunity for you.  We are seeking a permanent full time position within our Enterprise Information Security team.  You will be responsible for managing a team at our main campus, as well as multiple contracted services.

As the Incident Response Manager, your primary responsibilities would include driving organizational response to major incidents, developing a team of highly motivated cyber threat engineers and engaging internal and external teams to quickly restore services. This role is responsible for system and behavior monitoring, incident identification and escalation, resource engagement, stakeholder communication, and documentation of process metrics and performance.  You will also be asked to help co-develop the strategic direction of these programs.  You will have the opportunity to work on highly visible projects that have large impacts on our employees, critical technologies and Co-op sustainability.

  • Participates in the development and management of advanced (retail) threat modeling activities
  • Develops procedures for incident triage and management, metric and measure creation, management, dashboards, administration of monitoring tools, and communication process 
  • Owns incidents across the organization, escalates and facilitates response as needed to ensure that service operations are restored as quickly as possible 
  • Ensure strong, clear and effective communication across all stakeholders 
  • Documents recurring problems, drives root cause analysis, and champions problem resolution 
  • Collects incident response metrics and recommends process improvement measures to drive efficiencies and effectiveness in responding to issues 
  • Completes ad-hoc and ongoing projects on an as-needed basis
  • Stays current on legal guidelines for properly managing cyber and data privacy incidents

Bring your passion and expertise


  • 5+ years of cyber security experience in a technical operational role, preferably with direct experience in incident management
  • SANS GCIH, GCED, CEH or other industry-relevant cyber-security certifications are a plus
  • Must be able to articulate and be persuasive communicating security-related concepts to a broad range of technical and non-technical staff
  • In-depth knowledge of current and probably threats against the retail sector
  • Technical understanding of a variety of OS and technologies (ex: Windows, Unix, virtualization, cloud computing, database technologies, networks and back-end infrastructure)
  • Demonstrated experience leveraging Splunk or similar log-based SEIMs
  • Demonstrated ability to understand and lead cyber forensics activities
  • Demonstrated understanding of threats, security controls and related technologies and products
  • Demonstrated ability to analyze incidents and threats, to pinpoint security control failures or gaps
  • Ability to quickly analyze large amounts of information and formulate action plans based on that analysis
  • Demonstrated design to acquire and maintain relevant incident response training
  • Ability to shift traditional information security incident response procedures to cover a mobilized workforce utilizing cloud-based services

Why you'll love it here

REI’s Enterprise Information Security Program is one of the most highly sought teams to join at REI.  We are a highly collaborative group that leverages advanced technologies to do their jobs.  And, we have the support and confidence of REI’s leadership team to take on and mitigate cyber security threats.  If you have a passion for outdoors, and want to be part of a dynamic and innovating cyber security program, this job is for you.

At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 20 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 140 retail locations (and growing), REI offers unique competitive benefits to its more than 12,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

ARTICLE 23-A, Section 753

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.