Senior Security Engineer – Identity and Access Management

Posted Date: May-22-2019

Job ID: 14399

Job Type: Full Time

Job Function: Information Technology

City: Bellevue

State: Washington

Store: Eastgate Headquarters


What's cool about this job

As a Senior Security Engineer – Identity and Access Management, you’ll help improve the Co-op’s IAM program, bringing your ideas to the forefront of the overall REI security landscape. You will demonstrate IAM thought leadership as you collaborate with security architects and engineers, and other technical and business partners. 

  • Participates in EmpowerID migration to Saviynt IGA platform
  • Saviynt IGA platform management – helps drive application integrations, RBAC and ABAC configurations, role mining and engineering, kickoff access re-certifications, SoD policy development
  • Demonstrates operational excellence including support, following standard configuration and change management processes and practices
  • Helps manage environments like PAM/CyberArk, Active Directory and ADFS, and Duo MFA
  • Collaborates with team members to successfully evaluate, design, build, and run IAM tools that provide value to the business 
  • Develops metrics that demonstrate current IAM risk state, indicators of progress, and business alignment for those activities 
  • Analyzes and helps fix identity-related issues like ILM/Identity Lifecycle Management gaps 
  • Works in active partnership with development teams during operational security reviews providing leadership and security design guidance 
  • Participates in on-call rotations that respond to operational or security issues associated with IAM tools
  • Creates “just enough” documentation for others to easily use 

Bring your passion and expertise

  • 7+ years IT experience with minimum of 5+ years of relevant experience
  • IAM enthusiast – able to demonstrate IAM thought leadership aligned with security initiatives 
  • Expert knowledge of AuthN, AuthZ, industry best practices and security principles for directory services and Identity and Access Management
  • Detail-oriented with a deep appreciation for thorough testing and validation 
  • Looks everywhere for automation opportunities and drives to solution 
  • Proven track record delivering multiple parallel projects in different phases at the same time
  • Solid understanding of security frameworks such as NIST, ISO and COBIT, and able to engineer to meet framework requirements
  • Has skills in several of these areas: 
    • Identity Governance Administration: Saviynt, Sailpoint, Oracle Identity Manager, CA Identity Manager 
    • Report and summarize database data: SQL, Excel 
    • Automation: PowerShell or JAVA
    • SSO/ Single-Sign-On tools: ADFS, OKTA, PingAccess, PingFederate
    • Integration experience with SAML
    • Integration experience with Multi Factor Authentication
    • User directories: LDAP and Active Directory
    • Privileged Access Management: CyberArk, Thycotic, BeyondTrust
    • Monitoring: Splunk, APM tools such as Dynatrace

At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 22 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 150 retail locations (and growing), REI offers unique competitive benefits to its more than 13,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

NEW YORK CORRECTION LAW
ARTICLE 23-A, Section 753
LICENSURE AND EMPLOYMENT OF PERSONS PREVIOUSLY CONVICTED OF ONE OR MORE CRIMINAL OFFENSES

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.