Senior Application Security Engineer

Apply

Posted Date
02-25-2022
Job ID
23434
Job Function
Information Technology
REI City
Seattle
REI State
Washington
REI Location
Seattle HQ
Remote Eligible
Yes
Please visit the Covid-19 Hiring Updates before applying
What's cool about this job

This position is responsible for maintaining the confidentiality, integrity and availability of information assets by owning and driving application security efforts across the organization. As a senior application security engineer, you will be responsible for evangelizing application security fundamentals and acting as a consultative partner with IT and other business teams to ensure applications and our codebase is as secure as possible. Models and acts in accordance with REI’s guiding values and mission.


  • Conducts security architecture assessments of the application stack including testing, threat modeling, code analysis providing requirements and driving remediation of test findings before deployment
  • Develops tooling and automation to facilitate continual testing and increase coverage
  • Conducts security architecture assessments of the application stack including testing, threat modeling, code analysis providing requirements and driving remediation of test findings before deployment
  • Manages third-party bug bounty program including verification of findings and driving remediation.
  • Participates in security incident response activities.
  • Ensures documentation for managed platforms/services are detailed, thorough, and kept current
  • Keeps current on organization's business practice, technology, security issues and legislation that impact the 
  • company’s security policy.
  • Makes recommendations to leadership on improvements to be made to existing security controls
  • Mentors junior engineers on the team
Bring your passion and expertise
  • BS or BA in Computer Science, Information Systems, Information Technology or a related field
  • 4+ years' experience with secure SDLC, threat modeling, and web application scanning techniques (SAST, DAST, IAST)
  • 3+ years' experience with at least two scripting/programming languages (Javascript, C, Python, Go, Ruby, etc.)
  • 1+ year(s) of experience with deployment orchestration, automation, security configuration management, and managing vendor relationships
  • Knowledge of development/integration tools (example: CI/CD)
  • Strong software engineering experience in all phases of SDLC
  • Solid background in the technology of at least one modern cloud environment (AWS, Azure, GCP)
  • Experience with threat modeling (ASVS 4, MITRE ATT&CK, or other) - preferred
  • One or more security related certifications (i.e. CISSP) - preferred

#LI-MM2
As required by applicable Pay Transparency laws, REI provides a range of minimum compensation for roles that may be hired in locations under these requirements. Factors that may be used to determine your actual salary may include a wide array of factors, including: your specific skills and experience, geographic location or other relevant factors. The salary range for this position may be lower or higher in different markets.

The pay for this role is: $85,000 to $170,000 per year  
At REI we offer an enviable work environment that Fortune Magazine has recognized on the "100 Best Places to Work" list since the award's inception – 23 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 160 retail locations (and growing), REI offers unique competitive benefits to its more than 15,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

Posting Range
$85,000 to $170,000 per year
NEW YORK CORRECTION LAW
ARTICLE 23-A, Section 753
LICENSURE AND EMPLOYMENT OF PERSONS PREVIOUSLY CONVICTED OF ONE OR MORE CRIMINAL OFFENSES

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.