We connect customers to the brands they love by way of a thriving marketplace and a members-only service that provides benefits across 140+ of the best online stores. Our members save time and money with benefits including free 2-day shipping, easy 2-click checkout, and free returns all while we help them stay up on the latest trends that appeal.
For merchants, we're driving eCommerce business, producing insights with a growing data analytics practice to boot. With a powerful two-sided network and a robust data platform, we're creating an eCommerce win-win, helping retailers compete. The landscape of retail is changing and we're here to empower retailers to take their place in that exciting evolution.
We have people in offices around the world: Headquartered in Chicago, with offices in Conshohocken, PA (Philly area), New York, San Mateo and Krakow, Poland. We hustle to get things done, creating wins for customers, merchants and each other.
ABOUT THE ROLE:
As a Cyber Security Engineer at ShopRunner, you will be responsible for the design, build and enforcement of cyber security policy within the organization. You will be required to collaborate with multiple teams to understand our business landscape and data needs in order to build a robust security program and minimizes our risk and exposure. You will be responsible for implementing protections that prevent malicious or unwanted access to our systems as well as protecting sensitive information from leaving our environment. Additionally, you will be working closely with external resources, like our PCI-DSS assessor, to plan and implement vulnerability and penetration testing, security scanning, and other assessments and compliance artifacts required by our business.
This role will be primarily based in our Chicago, IL office with limited travel to our Conshoken and Krakow based offices.
WHAT YOU'LL DO:
Build strong relationships with business and engineering peers in order to understand our environment
Continuously develop a long term Cyber Security program that meets the changing needs of the business
Work with IT and desktop support to ensure all controls and compliance are in place for end user assets
Work with DevOps and other engineering teams to ensure our infrastructure platforms are secure and compliant
Build monitoring and alerting for security events
Set up proper security controls and standards for the entire organization
Take a lead role on PCI and other external assessments required by the business
Lead and develop security training for the organization
Build and maintain proper data security policies and procedures
Maintain and build a secure infrastructure platform within the AWS environment
Support a 24x7 production environment
WHAT WE'RE LOOKING FOR:
5+ years of experience working in technology or similar field
3+ years of experience working in Cyber Security, IT Governance & Compliance, or similar field
Strong background and experience with Linux and/or Windows systems administration
Strong background working within the AWS environment
Experience with desktop and corporate IT technologies
Experience with PCI and other compliance assessments / audits
Working knowledge of penetration and vulnerability scanning and remediation
Background designing, implementing and securing single-sign-on and other directory services
Experience with programming languages like Ruby, Python, Java, and PHP
We want you to bring your whole human self to work every single day. We accept you for who you are and consider everyone on an equal opportunity basis without regard to race, color, religion, gender, gender identity or expression, sexual orientation, national origin, genetics, disability, age, or veteran status.