Senior Information Security Engineer


Posted Date
Job ID
Job Function
Information Technology
REI City
REI State
REI Location
Seattle HQ
Remote Eligible
Please visit the Covid-19 Hiring Updates before applying
What's cool about this job

REI is committed to becoming a fully inclusive, antiracist, multicultural organization. To fulfill our brand promise of enabling a life well-lived outside for everyone, we are seeking candidates who demonstrate shared values of diversity, equity, inclusion, and antiracism.

At the Co-op, our goal is to lower the barrier to the outdoors by making an outdoor lifestyle relatable, accessible, and meaningful to all people. REI’s membership program is foundational to the Co-op and this work. At REI Co-op, we believe that a life outdoors is a life well lived. As an employee of REI, you will have the opportunity to shape what it means to be a Co-op Member. REI is more than an outdoor retailer – our members engage with us in experiences, content and community, advocacy and more. 

As a Sr. Info Security Engineer, you will be responsible for maintaining the confidentiality, integrity, and availability of information assets by assisting in the design, development and deployment of a broad spectrum of security services. As a senior information security engineer, you will partner with architects, business, and IT teams to ensure that security is applied to the technology platforms and information within the organization in accordance with established standards and policies. Models and acts in accordance with REI’s guiding values and mission.

In this role:

  • Own the development, planning and implementation of a variety of platforms including SEIMs, IDS/IPS, firewalls, WAFs, anti-malware, EDR, Encryption/HSMs, DDOS services, configuration management, vulnerability scanning, penetration testing, PKI, CASB, DLP, and more.
  • Focuses on network security technologies (NGFW, WAF, NAC, remote access, SWG, DLP, CASB, IPS/IDS) and/or cloud security (securing public/private cloud resources, DevSecOps pipelines, IaaC, CSPM, etc).
  • Mentors junior engineers on the team.
  • Builds resilient security platforms/services with strong monitoring and alerting and encouraging automation for operational processes and orchestrating workflows
  • Participates in the creation of roadmaps for current security capabilities
  • Partners with engineering, program management and operations personnel within the service delivery organization to implement changes to process and technology.
  • Analyzes threats and current security controls to identify gaps in current defensive posture.
  • Partners with Security Architecture to ensure platform goals and security solutions are designed to meet business strategy and needs
  • Helps develop communications and actively promote related campaigns for information security awareness.
  • Participates in rotating after hours on-call schedule
  • Keeps current on organization's business practice, technology, security issues and legislation that impact the company’s security policy.
Bring your passion and expertise
  • 3+ years’ professional experience in cloud-based or online services security engineering, or service engineering.
  • Expert-level working knowledge and deep understanding of cybersecurity as it relates to cloud implemented and cloud native technologies, DevSecOps pipelines, IaaC, and securing public and private cloud resources
  • Hands-on experience with endpoint security technologies (private remote access, secure web gateway, DLP, CASB etc.) and network security technologies (IPS/IDS, NGFW, WAF, NAC, etc.)
  • Experience with one or more major cloud service provider (Azure, AWS, GCP).
  • Hands on experience with securing public/private cloud resources, DevSecOps pipelines, IaaC, and cloud security posture management. 
  • 1+ years’ experience with at least one scripting or programming language (Python, Go, Ruby, etc.)
  • Expert-level working knowledge and deep understanding of cybersecurity in at least two or more of the following disciplines: Active Directory, public key infrastructure, encryption, DLP, endpoint security, penetration testing, application security, or cloud security
As required by applicable Pay Transparency laws, REI provides a range of minimum compensation for roles that may be hired in locations under these requirements. Factors that may be used to determine your actual salary may include a wide array of factors, including: your specific skills and experience, geographic location or other relevant factors. The salary range for this position may be lower or higher in different markets.

The pay for this role is: $85,000 to $170,000 per year  
At REI we offer an enviable work environment that Fortune Magazine has recognized on the "100 Best Places to Work" list since the award's inception – 23 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 160 retail locations (and growing), REI offers unique competitive benefits to its more than 15,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

Posting Range
$85,000 to $170,000 per year
ARTICLE 23-A, Section 753

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.