Principal Cybersecurity Engineer

About The Position

Requirements

• BS or BA in Computer Science, Information Systems, Information Technology or a related field or equivalent experience.
• 7+ years of hands-on engineering experience across multiple security domains, managing and executing the planning, deployment, tuning, troubleshooting and maintenance phases.
• 1+ years’ experience with designing and implementing guardrails to protect AI models, workflows and agentic systems (RAG pipelines, AI Identity, threat modeling, etc.).
• 2+ years consulting cross-functional technology and business teams to design and architect secure solutions meeting Cybersecurity compliance policies and standards.
• 5+ years’ professional experience in cloud-based or online services security engineering, or service engineering.
• 2+ years’ experience developing strategic security capability roadmaps aligned to cross-functional IT and business teams and 2-4 year industry trends.
• Strong written and oral communication skills; can effectively communicate technical concepts.
• 2+ years’ experience managing vendor relationships.
• Experience with threat modeling (ASVS 4, MITRE ATT&CK, or other).
• Good working understanding of governance, risk, and compliance principals and frameworks as well.
• Understanding of privacy operations including data mapping, data subject rights, data protection laws, etc.
• Actively participates and collaborates with others on one's own team and across REI for the achievement of business goals.
• Flexible in one's viewpoints and positions in order to support the direction taken by others at REI.
• Uses business knowledge, innovative thinking, and sound judgment in the solution of problems or the pursuit of business opportunities.
• Consolidates information from various sources including feedback from others to reach sound decisions.
• Considers the ultimate impact of decisions and actions on internal and external customers.
• Works smart by setting effective work goals, establishing priorities, and planning well in order to produce quality work.
• Executes effectively by using resources efficiently, meeting deadlines, and keeping others informed of work plans and progress toward goals.
• Clearly conveys and accurately receives information by a variety of methods and in various situations.
• Builds rapport different people inside and outside the organization.
• Acts upon opportunities and involves and influences others in the accomplishment of worthwhile organizational goals.
• Challenges the status quo, champions change and influences others to change.

Nice To Haves

• Strong understanding of AI and data governance concepts, technology risk frameworks, audit and issue management practices, and regulatory expectations related to emerging technologies and responsible AI adoption.
• Strong expertise in securing generative and agentic AI enterprise use cases.
• 2+ years’ experience in team goal setting, providing direction, mentorship, process improvement, team building, and engineering development.
• 1+ years’ experience with at least one scripting or programming language (Python, Go, Ruby, etc.).
• 1+ years’ experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, CloudFormation, Terraform, Ansible).
• Current holder of at least one recognized security-relevant certification (i.e., CISSP).

Responsibilities

• Defining and documenting recommended cybersecurity technology direction.
• Running point on new innovations for Cybersecurity (POCs).
• Presenting to senior leadership on business value for technology selection.
• Architecting secure, scalable enterprise patterns across AWS, Azure, GCP, and hybrid platforms.
• Keeping up with industry changes in their domain and helping to lead POC’s on new technology being considered for the domain.
• Guiding the team through deployments, ensuring that security is applied to the technology platforms and information within the organization in accordance with established standards and policies with reliability and resiliency kept top-of-mind.
• Assisting with Cybersecurity Architecture duties (shape cross-functional solution architectures to Cybersecurity policies and standards).
• Providing deep technical direction for development, planning and implementation of a variety of Cybersecurity platforms including SIEMs, IDS/IPS, firewalls, WAFs, anti-malware, EDR, Encryption/HSMs, DDOS services, configuration management, vulnerability scanning, penetration testing, PKI, CASB, DLP, SSO, and more.
• Staying close to the security industry on leading security architecture, design, and best practices by developing and fostering relationships across industry (vendors, peers, academia, etc.).
• Maintaining a 2-3 year industry trend understanding.
• Developing detailed threat models and articulating security concerns to technical and non-technical stakeholders alike.
• Translating businesses needs into workable technology solutions.
• Anticipating and solving complex security challenges with cost effective, robust, and scalable technologies aligned with industry-best.
• Developing and evangelizing patterns for resilient security platforms/services with strong monitoring and alerting and encouraging automation for operational processes and orchestrating workflows.
• Partnering with engineering, program management and operations personnel within the service delivery organization to implement changes to process and technology.
• Partnering with Security Architecture to ensure platform goals and security solutions are designed to meet business strategy and needs.
• Owning platform and security capability roadmaps for entire security organization.
• Analyzing threats and current security controls to identify gaps in current defensive posture.
• Keeping current on organization's business practice, technology, security issues and legislation that impact the company’s security policy.
• Presenting strategic security goals and vision to senior leadership and helping lead security initiatives to completion.

Benefits

• Generous employee discount
• Access to health benefits
• Retirement savings plan
• Accrued time off