Information Security Engineer
At ShopRunner, our mission is to help retailers thrive by sparking and deepening connections between shoppers and the brands they love.
Our 4.4M members receive exclusive benefits such as free 2-day shipping, free returns, 2-click checkout and special promotions across our network of 140+ retailers. Our retailers enjoy the power of cross-retailer network effects in the form of new customers and increased purchase frequency.
With people in offices in Chicago and Conshohocken, PA, we’re perpetrators of good vibes and great experiences for our customers, our merchants and each other.
ABOUT THE ROLE:
As an Information Security (InfoSec) Engineer at ShopRunner, you will be responsible for the design, build and implementation of security policy for the organization. You will be required to collaborate with multiple teams to understand our business landscape and data needs in order to build a robust security program and minimizes our risk and exposure. You will be responsible for implementing protections that prevent malicious or unwanted access to our systems as well as protecting sensitive information from leaving our environment. Additionally, you will be working closely with external resources to plan and implement vulnerability and penetration testing, security scanning, and other assessments and audits required by our business.
This role will be primarily based in our Chicago, IL office with limited travel to our Conshoken based office.
ABOUT WHAT YOU’LL DO:
- Build strong relationships with business and engineering peers in order to understand our environment
- Continuously develop a long term InfoSec program that meets the changing needs of the business
- Work with IT and desktop support to ensure all controls and compliance are in place for end user assets
- Work with DevOps and other engineering teams to ensure our infrastructure platforms are secure and compliant
- Build monitoring and alerting for security events
- Set up proper security controls and standards for the entire organization
- Take a lead role on PCI and other external assessments required by the business
- Lead and develop security training for the organization
- Build and maintain proper data security policies and procedures
- Maintain and build a secure infrastructure platform within the AWS environment
- Support a 24x7 production environment
ABOUT WHAT WE’RE LOOKING FOR:
- 5+ years of experience working in technology or similar field
- 3+ years of experience working in information security or similar field
- Strong background and experience with Linux and/or Windows systems administration
- Strong background working within the AWS environment
- Experience with desktop and corporate IT technologies
- Experience with PCI and other compliance assessments / audits
- Working knowledge of penetration and vulnerability scanning and remediation
- Background designing, implementing and securing single-sign-on and other directory services
- Experience with programming languages like Ruby, Python, Java, and PHP