Cybersecurity Risk Analyst - Bellevue

Posted Date: Nov- 2-2018

Job ID: 12294

Job Type: Full Time

Job Function: Legal

City: Bellevue

State: Washington

Store: Eastgate Headquarters


What's cool about this job

As the Cybersecurity Risk Analyst, you will be in charge of conducting threat analysis related to projects, evolving lines of business, and in response to ad hoc requests. You will need to understand the tactics, techniques and methods of the newest advanced threats relevant to REI, including those presented by cybersecurity criminals, advanced persistent threats (APT), hactivists, insiders, or other nefarious actors. You will conduct Threat Assessments and analysis of threats within the context of the Co-op’s cyber landscape, assess the level of cybersecurity risk, and recommend appropriate mitigation countermeasures. You will collect, process, analyze, and disseminate cyber threat assessments, and maintain an updated risk registry tracking threats and threat countermeasures for the organization. The position will require working in a collaborative environment to help lower cybersecurity risk across the Co-op. The Cybersecurity Risk Analyst will work with Privacy, Compliance, Third-Party, Business Owners, and their IT Partners as part of an internal service model that allows the business to track, manage, and mitigate key information security risks and maintain alignment with the Co-op’s overall cybersecurity threat management strategy. This is not an operational security role.

  • Perform cyber defense and cyber threat trend analysis as part of a cross-functional security and privacy risk management team.
  • Perform Threat Assessments as a part of the Enterprise Security Risk Assessment process.
  • Create and maintain appropriate documentation and artifacts for security, risk management, compliance, and business audiences.
  • Track and update security risks as part of a comprehensive information security risk management program (e.g., threat, vulnerability, and probability of occurrence).
  • Cull data from a variety of cyber defense tools (e.g., IDS alerts, firewalls, network traffic logs) to analyze the Co-op’s digital footprint and identify trends for the purpose of mitigating enterprise-level threats.
  • Clearly and articulately communicate the value of information security throughout all levels of the organization.
  • Develop threat models based on interviews and requirements from internal business owners.
  • Assess effectiveness of cybersecurity designs for systems and networks with multilevel security requirements or requirements for the processing of multiple levels of data.
  • Develop cybersecurity countermeasures and risk mitigation strategies for complex and interrelated systems.
  • Document and address organization's information security, cybersecurity architecture, and systems security requirements throughout the technology acquisition life cycle.
  • Draft statements of preliminary or residual security risks for system operations

Bring your passion and expertise

  • Bachelor’s degree in computer science, math, or engineering, or 5+ years training and experience in the cybersecurity field.
  • Certificates in key cybersecurity areas of defense (i.e. GSEC, GISF, GMON and/or GCCC).
  • Experience in security risk management, analysis and/or compliance.
  • Functional understanding of computer networking activity concepts and protocols, and network security methodologies.
  • Functional understanding of network protocols such as TCP/IP, Dynamic Host Configuration, DNS, and directory services.
  • Experience and background in network design processes, to include understanding of security objectives, operational objectives, and trade-offs.
  • Skilled in assessing security controls based on cybersecurity principles and tenets.
  • Skilled in collecting data from a variety of cyber defense resources.
  • Skilled in evaluating the adequacy of security designs.
  • Skilled in both written and verbal communications to technical and non-technical stakeholder audience

Why you'll love it here

We’re a passionate community of people who believe in one simple truth: an outdoor life is a life well-lived. REI is a co-op, born in the mountains of the Pacific Northwest in 1938. We’re here to help our over 6 million active members have amazing experiences outside—and do the same ourselves. Bring your creativity, customer focus and enthusiasm for living life outdoors—we can’t wait to meet you!

At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 20 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 140 retail locations (and growing), REI offers unique competitive benefits to its more than 12,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

NEW YORK CORRECTION LAW
ARTICLE 23-A, Section 753
LICENSURE AND EMPLOYMENT OF PERSONS PREVIOUSLY CONVICTED OF ONE OR MORE CRIMINAL OFFENSES

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.