Senior Application Security Engineer - Careers

Posted Date

02-25-2022

Job ID

23434

Job Function

Information Technology

REI City

Seattle

REI State

Washington

REI Location

Seattle HQ

Remote Eligible

Yes

Please visit the Covid-19 Hiring Updates before applying

What's cool about this job

This position is responsible for maintaining the confidentiality, integrity and availability of information assets by owning and driving application security efforts across the organization. As a senior application security engineer, you will be responsible for evangelizing application security fundamentals and acting as a consultative partner with IT and other business teams to ensure applications and our codebase is as secure as possible. Models and acts in accordance with REI’s guiding values and mission.

Conducts security architecture assessments of the application stack including testing, threat modeling, code analysis providing requirements and driving remediation of test findings before deployment
Develops tooling and automation to facilitate continual testing and increase coverage
Conducts security architecture assessments of the application stack including testing, threat modeling, code analysis providing requirements and driving remediation of test findings before deployment
Manages third-party bug bounty program including verification of findings and driving remediation.
Participates in security incident response activities.
Ensures documentation for managed platforms/services are detailed, thorough, and kept current
Keeps current on organization's business practice, technology, security issues and legislation that impact the
company’s security policy.
Makes recommendations to leadership on improvements to be made to existing security controls
Mentors junior engineers on the team

Bring your passion and expertise

BS or BA in Computer Science, Information Systems, Information Technology or a related field
4+ years' experience with secure SDLC, threat modeling, and web application scanning techniques (SAST, DAST, IAST)
3+ years' experience with at least two scripting/programming languages (Javascript, C, Python, Go, Ruby, etc.)
1+ year(s) of experience with deployment orchestration, automation, security configuration management, and managing vendor relationships
Knowledge of development/integration tools (example: CI/CD)
Strong software engineering experience in all phases of SDLC
Solid background in the technology of at least one modern cloud environment (AWS, Azure, GCP)
Experience with threat modeling (ASVS 4, MITRE ATT&CK, or other) - preferred
One or more security related certifications (i.e. CISSP) - preferred

#LI-MM2

As required by applicable Pay Transparency laws, REI provides a range of minimum compensation for roles that may be hired in locations under these requirements. Factors that may be used to determine your actual salary may include a wide array of factors, including: your specific skills and experience, geographic location or other relevant factors. The salary range for this position may be lower or higher in different markets.

The pay for this role is: $85,000 to $170,000 per year

At REI we offer an enviable work environment that Fortune Magazine has recognized on the "100 Best Places to Work" list since the award's inception – 23 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 160 retail locations (and growing), REI offers unique competitive benefits to its more than 15,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

Posting Range

$85,000 to $170,000 per year