Job Description


Senior Security Engineer

Category:
Corporate Office
Location:
5501 Headquarters Dr
Plano Texas 75024
Job ID:
339731
Job Description:

This Senior security Engineer plays a key role in Rent-A-Center’s Identity portfolio across hybrid on-premises, multi-cloud and SaaS ecosystems. This role will be playing a senior engineer responsible for management of identities, authorization, and authentication services for Employees, contractors, partners, and customers along with Multi-Factor Authentication (MFA) and Privileged Access Management (PAM) solutions. The incumbent is passionate individual who is self-driven with an ability to translate complex requirements into working solutions with a security driven mindset.

 

 

JOB RESPONSIBILITIES

  • Work with a high level of independence to ensure that all on-premise and Cloud systems, applications, endpoints, and networks have appropriate and adequate security controls in place protecting Rent-A-Center data.
  • Provide leadership and security expertise to project design, development, testing, and deployment teams to ensure that all applications meet security requirements and are coded in a secure manner.
  • Design, develop, enhance, integration of Identity and Access Management solutions related to authentication, authorization, SSO, Directory services utilizing security protocols like SAML, OpenID and OAuth etc.
  • Plan, design and implement multi-factor authentication at an enterprise level across various applications
  • Design, configure, troubleshoot, and support PAM initiatives and solutions
  • Implement PAM platform customizations, enhancements, and modifications
  • Collaborate with various IT and business teams both internal and external to integrate applications for Single Sign-on, Identity federations and Multi-Factor Authentication (MFA)
  • Develop and implement Role Based Access Control Workflows
  • Have a keen eye for continuous improvement, automation to increase overall operational efficiency
  • Automate, code or script (Bash, PowerShell, RegEx and Python) as well as write SQL to query databases, when and where needed
  • Thoroughly understand RAC’s Information security policies and procedures and exercise best practices when implementing solutions
  • Serve as a subject matter expertise (SME) on IAM, PAM and MFA solutions
  • Provide Level of effort estimates and efforts for implementation, testing a solution
  • Ability to drive complex security projects involving various lines of businesses, work in a high-pressure environment
  • Document procedures and new enhancements
  • Coach other team members as necessary
  • Able to attain support and compliance with cyber security requirements & standards.
  • Research, recommend, and evaluate commercial information security products and services to determine which should be adopted by Rent-A-Center.
  • Support Cyber Security Architecture in design of a secure network infrastructure.

 

 

JOB REQUIREMENTS (Must Haves):

  • Bachelor's degree in Computer Science, Information Security, a related technical field or equivalent experience.
  • 5 or more years of experience on Identity Access Management, privileged access management, multi-factor authentication.
  • Design and implement SAML, OIDC/OAuth2 protocol-based solutions
  • Hands-on experience in design, development, implementation of authentication, authorization, and Single-Sign-On (SSO) requirements
  • Strong Understanding of LDAP Directory, Microsoft Active Directory
  • Strong Understanding of Multi-factor authentication technologies and implementation methodologies
  • 2 years working knowledge Cloud security (AWS – Azure) architecture, environment, and WAF experience.
  • Relevant experience as threat intelligence, incident response or similar role.
  • Proficient at data analysis from logs or security controls, such as firewalls, IPS/IDS, enterprise AV, network analyzers.
  • Able to lead investigations for forensic analysis to determine vectors of compromise as well as understand chain of attacks
  • Strong understanding of Azure/AWS cloud environment logging, monitoring and alerting native tools such as GuardDuty, CloudTrail, Cloud App Security.
  • Possess a deep knowledge of the Cyber Security Landscape for current and past malware methods, attack methodologies, and TTPs (Tactics, Techniques, and Procedures).
  • Good understanding of web applications and APIs as they relate to alerts or attack exposure.
  • Communicate with key groups (i.e. various lines of business and other technical teams) regarding potential threats and remediation efforts.
  • Communicate technical application security concepts to employees, including developers, architects, and managers.
  • Keep pace with emerging security threats, technologies, and systems.

 

JOB RECOMMENDED (Nice to Haves):

  •  Relevant technical certifications (CISSP, OSCP, GIAC, CCSP, CCNA).
  • Engineering and/or architecture experience with web applications, application stacks, web application firewalls, intrusion detection sensors, antimalware technologies, vulnerability scanning technologies, and APT prevention technologies.
  • Knowledgeable on cyber threats relative to the retail industry.
  • Experience in web application security testing and protection.
  • Understanding of Technology Platforms (Windows, Mac, Open Source, Middleware Applications, Database Applications, Cisco, Adobe).
  • Advanced Persistent Threats (APT), phishing and social engineering, network access controllers (NAC), gateway anti-malware and enhanced authentication.
  • 2 or more years of Web Application Firewall (WAF) experience.
  • Understanding of Web Application Firewalls (WAFs).
  • Experience creating analytical reports for Leadership on complex criminal activity.
  • Experience making effective presentations to all levels, including Senior Management.
  • IDS/IPS, penetration and vulnerability testing
  • Firewall and intrusion detection/prevention protocols
  • Secure coding practices, ethical hacking and threat modeling
  • Identity and access management principles
  • Application security and encryption technologies
  • Understanding of Azure/AWS cloud infrastructure and Server less components as they relate to security.
  • Proficiency in PowerShell or similar scripting language
  • Technical Writing and Reporting Skills – proficient in preparing security reports and excellent technical writing and reporting skills.
  • Possess soft skills: strong stress management, analytical, research, and problem-solving skills, able to work with minimal management, strong collaboration and interpersonal skills.

 

Not what you’re looking for?

Try a new search!