Principal Cybersecurity Engineer

This position contributes to REI’s success by providing a strategic and forward-thinking technical mindset to continually develop the REI Cybersecurity overall program into the future. Responsibilities include: defining and documenting recommended cybersecurity technology direction, running point on new innovations for Cybersecurity (POCs) presenting to senior leadership on business value for technology selection. Architecting secure, scalable enterprise patterns across AWS, Azure, GCP, and hybrid platforms. An effective Principal Engineer will be able to keep up with industry changes in their domain and help to lead POC’s on new technology being considered for the domain. Expertise is deep and broad and capable of being hands-on as well as strategic guiding the team through deployments, ensuring that security is applied to the technology platforms and information within the organization in accordance with established standards and policies with reliability and resiliency kept top-of-mind. This role will also assist with Cybersecurity Architecture duties (shape cross-functional solution architectures to Cybersecurity policies and standards). Models and acts in accordance with REI’s guiding values and mission.

Your Planning & Navigating Requirements (the plans the job is responsible for creating and executing, and how the job ensures they are implemented)

• Strong understanding of AI and data governance concepts, technology risk frameworks, audit and issue management practices, and regulatory expectations related to emerging technologies and responsible AI adoption
• Strong expertise in securing generative and agentic AI enterprise use cases
• Provides deep technical direction for development, planning and implementation of a variety of Cybersecurity platforms including SIEMs, IDS/IPS, firewalls, WAFs, anti-malware, EDR, Encryption/HSMs, DDOS services, configuration management, vulnerability scanning, penetration testing, PKI, CASB, DLP, SSO, and more
• Staying close to the security industry on leading security architecture, design, and best practices by developing and fostering relationships across industry (vendors, peers, academia, etc.). Maintaining a 2-3 year industry trend understanding
• Proven ability to develop detailed threat models and articulate security concerns to technical and non-technical stakeholders alike
• Translates businesses needs into workable technology solutions
• Anticipates and solves complex security challenges with cost effective, robust, and scalable technologies aligned with industry-best
• Develops and evangelizes patterns for resilient security platforms/services with strong monitoring and alerting and encouraging automation for operational processes and orchestrating workflows
• Partners with engineering, program management and operations personnel within the service delivery organization to implement changes to process and technology
• Partners with Security Architecture to ensure platform goals and security solutions are designed to meet business strategy and needs
• Owns platform and security capability roadmaps for entire security organization
• Analyzes threats and current security controls to identify gaps in current defensive posture
• Keeps current on organization's business practice, technology, security issues and legislation that impact the company’s security policy

• Presents strategic security goals and vision to senior leadership and helps lead security initiatives to completion

Required Skills & Experience

• BS or BA in Computer Science, Information Systems, Information Technology or a related field or equivalent experience
• 7+ years of hands-on engineering experience across multiple security domains, managing and executing the planning, deployment, tuning, troubleshooting and maintenance phases
• 1+ years’ experience with designing and implementing guardrails to protect AI models, workflows and agentic systems (RAG pipelines, AI Identity, threat modeling, etc.)
• 2+ years consulting cross-functional technology and business teams to design and architect secure solutions meeting Cybersecurity compliance policies and standards
• 5+ years’ professional experience in cloud-based or online services security engineering, or service engineering
• 2+ years’ experience developing strategic security capability roadmaps aligned to cross-functional IT and business teams and 2-4 year industry trends
• Strong written and oral communication skills; can effectively communicate technical concepts
• 2+ years’ experience managing vendor relationships
• Experience with threat modeling (ASVS 4, MITRE ATT&CK, or other)
• Good working understanding of governance, risk, and compliance principals and frameworks as well
• Understanding of privacy operations including data mapping, data subject rights, data protection laws, etc.
• Actively participates and collaborates with others on one's own team and across REI for the achievement of business goals
• Flexible in one's viewpoints and positions in order to support the direction taken by others at REI
• Uses business knowledge, innovative thinking, and sound judgment in the solution of problems or the pursuit of business opportunities
• Consolidates information from various sources including feedback from others to reach sound decisions
• Considers the ultimate impact of decisions and actions on internal and external customers
• Works smart by setting effective work goals, establishing priorities, and planning well in order to produce quality work
• Executes effectively by using resources efficiently, meeting deadlines, and keeping others informed of work plans and progress toward goals
• Clearly conveys and accurately receives information by a variety of methods and in various situations
• Builds rapport different people inside and outside the organization
• Acts upon opportunities and involves and influences others in the accomplishment of worthwhile organizational goals
• Challenges the status quo, champions change and influences others to change

Preferred Skills & Experience

• 2+ years’ experience in team goal setting, providing direction, mentorship, process improvement, team building, and engineering development
• 1+ years’ experience with at least one scripting or programming language (Python, Go, Ruby, etc.)
• 1+ years’ experience with deployment orchestration, automation, and security configuration management (Jenkins, Puppet, Chef, CloudFormation, Terraform, Ansible
• Current holder of at least one recognized security-relevant certification (i.e., CISSP)

At REI, we believe the outdoors is for all. We are committed to becoming a fully inclusive, anti-racist, multicultural organization. We know that there's strength in our diversity – that each employee brings unique skills, experiences, and perspectives. Every day you are driving change, fostering a culture of respect, and knowing you're backed by benefits that support your whole life. To work towards this commitment and fulfill our brand promise of inspiring and enabling a life outside for everyone, we seek employees who demonstrate different ways of working, create a sense of belonging, and actively listen and learn.  

Pay Transparency 

We are committed to practices that promote pay equity and transparency. As required by applicable Pay Transparency laws, REI provides a range of compensation for roles that may be hired in locations under these requirements. Factors that may be used to determine your actual salary may include a wide array of factors, including: your specific skills and experience, geographic location or other relevant factors.   

REI offers all regular employees a generous employee discount, access to health benefits, a retirement savings plan and accrued time off.  Click here for a detailed overview of benefits plans by employee profile.