Senior Security Engineer

Posted Date: Apr-24-2019

Job ID: 14048

Job Type: Full Time

Job Function: Information Technology

City: Bellevue

State: Washington

Store: Eastgate Headquarters

What's cool about this job

This job contributes to REI’s success by maintaining the confidentiality, integrity and availability of information assets by becoming a great operator of our security tools, services, dashboards; and assisting the SER SOC and Blue Team in protecting our Ecommerce and cloud assets.

  • Leads the design and implementation of workflows, procedures, and data collection points for security services
  • Leads the design and implementation, hand-off of operations for security tools, managed security services and vulnerability management
  • Leads the design and implementation of an adaptive and advanced threat identification and remediation programs
  • Documents and tracks security defects from discovery to remediation
  • Maintains relevancy by researching modern attacker tactics, tools, procedures, and exploits (TTPE)
  • Actively engages cross-divisional teams and builds relationships with key contributors/communicators to effectively execute the Security Engineering goals
  • Monitors security vulnerability sources, threat intelligence reports, advancements in security tools/services and technology to insure the Security Shared Services (Blue Team) accommodates future efforts
  • Works on highly complex tasks or project assignments to analyze, design, develop, implement, document and maintain security systems and solutions
  • Ensures security technologies align with overall strategic plan; minimizing redundancy while maximizing effectiveness
  • Creates security escalation procedures and responds to escalated events
  • Implements all changes to security infrastructure in accordance with standard procedures and change control policies and procedures 
  • Mentors other security engineers and analysts on security best practices

Bring your passion and expertise

  • Bachelor’s degree in computer science, math, or engineering, or equivalent training and experience
  • 7+ years related experience or equivalent industry knowledge
  • Experience must be supported by relevant certification, such as, CISSP, GIAC, other SANS certifications, CSA CCSK, etc.
  • 4+ years experience developing and maintaining a vulnerability management, or application security scanning focused program
  • Experience in the following:
    • Web Application Firewalls (WAF)
    • Cloud endpoint security, container security
    • Secure Development Lifecycle – code anlyzers
    • Application security – Ecommerce, mobile and cloud
    • Threat modeling – development groups
  • Experience with ServiceNow, Jira and Confluence integrations
  • Knowledge of Microsoft Active Directory operation and structure
  • Engineering level experience with Operating Systems, cloud machine instances, VMWare, Windows Server and Linux
  • Able to explain advanced and complicated exploits or attack methods to both non-technical, engineering, and development staff
  • Solid networking experience and understanding of network architecture and protocols
  • Understanding of Network Security, Environment segregation, Firewall design, VPN and access control
  • Experience with file integrity and host hardening techniques and resources
  • Host and System Log aggregation, correlation and compromise detection
  • Extensive experience in managing and leveraging security incident and event management (SIEM) systems. This includes understanding logging
  • Ability to participate in on-call rotation for 24x7 service requirement
  • Ability to create executive reports
  • A desire to take on new challenges and learn other security tools like CASB, EDR, DLP, KMS, etc
  • Actively participates and collaborates with others on one's own team and across REI for the achievement of business goals

Why you'll love it here

REI Information Technology is a team of creative and smart technologists who work in a collaborative environment to build business value through technology. And, we have the support of a great company to tackle some pretty dynamic challenges that will keep REI relevant for years to come. If you have a passion for the outdoors and want to be a part of innovating retail technology, this job is for you.

At REI we offer an enviable work environment that has been recognized on the "100 Best Companies to Work For" list since the award's inception – 22 years in a row! Sure, we work hard, but it’s balanced with time off to play—a strategy that works for us as we continue to grow and thrive. Want to enjoy a workplace where you can be yourself, be heard and be respected while having a job that challenges you? This is the place.

With more than 150 retail locations (and growing), REI offers unique competitive benefits to its more than 13,000 employees, including healthcare, gear and apparel discounts, free equipment rentals and challenge grants to help employees reach personal outdoor goals, generous retirement plan contributions, public transit subsidy, adoptions assistance, paid sabbaticals, and more.

REI is an Equal Opportunity Employer

ARTICLE 23-A, Section 753

§753. Factors to be considered concerning a previous criminal conviction; presumption.

1. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall consider the following factors:

(a) The public policy of this state, as expressed in this act, to encourage the licensure and employment of persons previously convicted of one or more criminal offenses.

(b) The specific duties and responsibilities necessarily related to the license or employment sought or held by the person.

(c) The bearing, if any, the criminal offense or offenses for which the person was previously convicted will have on his fitness or ability to perform one or more such duties or responsibilities.

(d) The time which has elapsed since the occurrence of the criminal offense or offenses.

(e) The age of the person at the time of occurrence of the criminal offense or offenses.

(f) The seriousness of the offense or offenses.

(g) Any information produced by the person, or produced on his behalf, in regard to his rehabilitation and good conduct.

(h) The legitimate interest of the public agency or private employer in protecting property, and the safety and welfare of specific individuals or the general public.

2. In making a determination pursuant to section seven hundred fifty-two of this chapter, the public agency or private employer shall also give consideration to a certificate of relief from disabilities or a certificate of good conduct issued to the applicant, which certificate shall create a presumption of rehabilitation in regard to the offense or offenses specified therein.