Cyber Security Engineer at ShopRunner
We connect customers to the brands they love by way of a thriving marketplace and a members-only service that provides benefits across 140+ of the best online stores. Our members save time and money with benefits including free 2-day shipping, easy 2-click checkout, and free returns all while we help them stay up on the latest trends that appeal.
For merchants, we’re driving eCommerce business, producing insights with a growing data analytics practice to boot. With a powerful two-sided network and a robust data platform, we’re creating an eCommerce win-win, helping retailers compete. The landscape of retail is changing and we’re here to empower retailers to take their place in that exciting evolution.
We have people in offices around the world: Headquartered in Chicago, with offices in Conshohocken, PA (Philly area), New York, San Mateo and Krakow, Poland. We hustle to get things done, creating wins for customers, merchants and each other.
ABOUT THE ROLE:
As a Cyber Security Engineer at ShopRunner, you will be responsible for the design, build and enforcement of cyber security policy within the organization. You will be required to collaborate with multiple teams to understand our business landscape and data needs in order to build a robust security program and minimizes our risk and exposure. You will be responsible for implementing protections that prevent malicious or unwanted access to our systems as well as protecting sensitive information from leaving our environment. Additionally, you will be working closely with external resources, like our PCI-DSS assessor, to plan and implement vulnerability and penetration testing, security scanning, and other assessments and compliance artifacts required by our business.
This role will be primarily based in our Chicago, IL office with limited travel to our Conshoken and Krakow based offices.
WHAT YOU’LL DO:
- Build strong relationships with business and engineering peers in order to understand our environment
- Continuously develop a long term Cyber Security program that meets the changing needs of the business
- Work with IT and desktop support to ensure all controls and compliance are in place for end user assets
- Work with DevOps and other engineering teams to ensure our infrastructure platforms are secure and compliant
- Build monitoring and alerting for security events
- Set up proper security controls and standards for the entire organization
- Take a lead role on PCI and other external assessments required by the business
- Lead and develop security training for the organization
- Build and maintain proper data security policies and procedures
- Maintain and build a secure infrastructure platform within the AWS environment
- Support a 24x7 production environment
WHAT WE’RE LOOKING FOR:
- 5+ years of experience working in technology or similar field
- 3+ years of experience working in Cyber Security, IT Governance & Compliance, or similar field
- Strong background and experience with Linux and/or Windows systems administration
- Strong background working within the AWS environment
- Experience with desktop and corporate IT technologies
- Experience with PCI and other compliance assessments / audits
- Working knowledge of penetration and vulnerability scanning and remediation
- Background designing, implementing and securing single-sign-on and other directory services
- Experience with programming languages like Ruby, Python, Java, and PHP
We want you to bring your whole human self to work every single day. We accept you for who you are and consider everyone on an equal opportunity basis without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.