This position is responsible for the security of company’s computer systems and networks both on-premise and cloud. This is a highly collaborative role involving frequent interactions with the business teams, IT teams and rest of the security team members. This position is responsible for implementing new security tools, enhancement to existing security toolset to meet business, security policy, technical, operational and management requirements.
- Work with a high level of independence to ensure that all on-premise and Cloud systems, applications, endpoints, and networks have appropriate and adequate security controls in place protecting Rent-A-Center data.
- Provide leadership and security expertise to project design, development, testing, and deployment teams to ensure that all applications meet security requirements and are coded in a secure manner.
- Able to attain support and compliance with cyber security requirements & standards.
- Serve as a senior technical lead/technical subject matter expert on the Incident Response Team in responding to various Cloud and on-premise security incidents.
- Research, recommend, and evaluate commercial information security products and services to determine which should be adopted by Rent-A-Center.
- Assume leadership roles in the development of detailed proposals and plans for new Cloud cyber security systems that would reduce operational risk.
- Identify and determine causes of security violations and verify/assist in the corrective actions to ensure data and application security.
- Interact with internal and external auditors as needed to ensure regulatory and policy compliance.
- Constantly monitor systems to identify threats and vulnerability, execute security architecture, and ensure there are no external threats. Ensure new system builds entail appropriate security packages, tools, logging and monitoring applications are configured properly.
- Assess the security posture, develop risk profiles, specify security requirements, and identify mitigation measures to safeguard public facing Web applications.
- Support Cyber Security Architecture team in design of a secure network infrastructure.
JOB REQUIREMENTS (Must Haves):
- Bachelor's degree in Computer Science, Information Security, a related technical field or equivalent experience.
- 5 or more years of cyber security engineering, administration, and cyber threat research/analysis experience.
- 2 or more years of Web Application Firewall (WAF) experience.
- 2 years working knowledge Cloud security (AWS – Azure) architecture, environment, and WAF experience.
- 2 years Active Directory working experience, AD integration, AD trust relationships, AD security.
- Relevant experience as threat intelligence, incident response or similar role.
- Strong understanding of malware and network attack vectors.
- Proficient at data analysis from logs or security controls, such as firewalls, IPS/IDS, enterprise AV, network analyzers.
- Able to lead investigations for forensic analysis to determine vectors of compromise as well as understand chain of attacks
- Strong understanding of Azure/AWS cloud environment logging, monitoring and alerting native tools such as GuardDuty, CloudTrail, Cloud App Security.
- Possess a deep knowledge of the Cyber Security Landscape for current and past malware methods, attack methodologies, and TTPs (Tactics, Techniques, and Procedures).
- Good understanding of web applications and APIs as they relate to alerts or attack exposure.
- Strong understanding of Web Application Firewalls (WAFs).
- Communicate with key groups (i.e. various lines of business and other technical teams) regarding potential threats and remediation efforts.
- Communicate technical application security concepts to employees, including developers, architects, and managers.
- Keep pace with emerging security threats, technologies, and systems.
- Advanced Persistent Threats (APT), phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication.
JOB RECOMMENDED (Nice to Haves):
- Relevant technical certifications (CISSP, OSCP, GIAC, CCSP, CCNA).
- Engineering and/or architecture experience with web applications, application stacks, web application firewalls, intrusion detection sensors, antimalware technologies, vulnerability scanning technologies, and APT prevention technologies.
- Knowledgeable on cyber threats relative to the retail industry.
- Experience in web application security testing and protection.
- Understanding of Technology Platforms (Windows, Mac, Open Source, Middleware Applications, Database Applications, Cisco, Adobe).
- Experience creating analytical reports for Leadership on complex criminal activity.
- Experience making effective presentations to all levels, including Senior Management.
- IDS/IPS, penetration and vulnerability testing
- Firewall and intrusion detection/prevention protocols
Throughout the COVID pandemic, we have remained unwavering in terms of our commitment to the health of our coworkers and customers. To further maintain a safe work environment, new coworkers should be vaccinated by their start date. RAC is an equal opportunity employer, and will provide reasonable accommodation to those unable to be vaccinated where it is not an undue hardship to the company to do so as provided under federal, state, and local law.