Senior Information Security Analyst

Posted Date: Aug- 8-2017

Job ID: 8523

Job Type: Full Time

Job Function: Legal

City: Kent

State: Washington

What's cool about this job

The Senior Information Security Analyst contributes to REI’s success by assisting the business by identifying and analyzing information security risks to the Co-op. The job is responsible for gathering and documenting vulnerabilities and risks, analyzing data, providing metric and recommendations, as well as collaborating with other teams. Models and acts in accordance with REI’s guiding values and mission.

  • Documents and analyzes existing or ‘as-is’ processes. Designs new or ‘to-be’ business processes Information Security as needed.
  • Develops and communicates security procedures and guidelines to users and vendors.
  • Leads risk based and security analysis to administer and maintain, proactively identify issues/gaps and lead initiatives to improve overall Information Security function, ensuring access rights are maintained and risks remains low in changing business requirements and changing risk and threat landscape.
  • Monitors changes to information security overall and proactively identifies the need for changes to existing policies and procedures based on changes to the risk landscape.
  • Ensures compliance with all applicable internal and external Information Security requirements through coordination of internal and external resources.
  • Proactively identifies and leads to resolution issues/gaps and redundant procedures based on changing business requirements and changing risk and threat landscape.
  • Demonstrates awareness of all information security trends, vulnerabilities, including and especially those influencing the retail and E-commerce industry.
  • Reviews the development, testing and implementation of security plans, products and control techniques. Consults with client and development area management and staff in the design and implementation of new or modified information security processes.
  • Researches and understands various new and existing vulnerabilities and developing effective mechanisms to detect and prevent them.
  • Analyzes different Web Security Threats and suggests coding mitigation.
  • Participates in the creation of enterprise security documents (policies, standards, guidelines, etc.)

Bring your passion and expertise


  • Bachelor’s degree in computer science, math, or engineering, or equivalent training and experience preferred.
  • 5+ years related experience or equivalent industry knowledge.
  • 3+ years related to assessing vulnerabilities and security control gaps.
  • Experience assessing and reporting security control effectiveness.
  • Hands on experience with respect to OWASP top 10 standards, assessments and vulnerability remediation steps.
  • 4+ years related experience assessing web, mobile and other infrastructure technologies for vulnerabilities.
  • 4+ years related experience manually detecting various web based security vulnerabilities, such as SQL Injection, Cross Site Scripting (XSS), CSRF and Session Hijacking.
  • 2+ years related experience leading threat modeling exercises across various application and technology platforms.
  • Hands on experience assessing he effectives of threat management technologies, such as application firewalls, email security, web content security, etc.
  • 4+ years related experience designing and managing vulnerability identification technologies.
  • 3+ years related experience on the following:
    • Antivirus, Spam and Malware Tools
    • Incident response practices and procedures
    • Application firewall management
    • Vulnerability assessment practices and related technologies
    • Penetration testing ability and knowledge
    • Security Incident Forensics Practices and Procedures

Why you'll love it here

REI’s Information Security Program is one of the most highly sought teams to join at REI.  We are a highly collaborative group that leverages advanced technologies to do their jobs.  And, we have the support and confidence of REI’s leadership team to take on and mitigate cyber security threats.  If you have a passion for outdoors, and want to be part of a dynamic and innovating cyber security program, this job is for you.

At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 20 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 140 retail locations (and growing), REI offers unique competitive benefits to its more than 12,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

ARTICLE 23-A, Section 753

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.