Security Engineer II

About Express, Inc.

Express, Inc. is a multi-brand fashion retailer whose portfolio includes Express, Bonobos and UpWest. The Company operates an omnichannel platform as well as physical and online stores. Grounded in a belief that style, quality and value should all be found in one place, Express is a brand with a purpose - We Create Confidence. We Inspire Self-Expression. - powered by a styling community. Bonobos is a menswear brand known for exceptional fit and an innovative retail model. UpWest is an apparel, accessories and home goods brand with a purpose to Provide Comfort for People & Planet.

The Company has over 530 Express retail and Express Factory Outlet stores in the United States and Puerto Rico, the Express.com online store and the Express mobile app; over 60 Bonobos Guideshop locations and the Bonobos.com online store; and 13 UpWest retail stores and the UpWest.com online store. Express, Inc. is traded on the NYSE under the symbol EXPR. For more information about our Company, please visit www.express.com/investor and for more information about our brands, please visit www.express.com, www.bonobos.com or www.upwest.com.

The Security Engineer II is responsible for working in several different security and governance, risk, and compliance disciplines under direction of the Director of IT Security & Governance. In this role you will be responsible for establishing and maintaining a corporate-wide information security program and controls to ensure that information assets are adequately protected and will act as an adviser to the various business units. This position requires strong knowledge of security concepts, tools (anti-virus, IPS) and programs (vulnerability management, incident management, identity & access management, data loss prevention).  Responsibilities include:  designing, implementing, supporting, and monitoring the security infrastructure.  This position is also responsible for ensuring compliance security requirements such as Sarbanes-Oxley and PCI.

Strategic Support

• Performs control and vulnerability assessments to identify control weaknesses and assess the effectiveness of the existing controls , recommends remedial action.
• Manage the process of gathering and analyzing the current and future threat landscape.
• Monitor and report on compliance with the security policies, as well as the enforcement of policies with the IT Department.

Security Liaison

• Coordinate the Security Event Information Management log analysis (ie , Splunk, or similar), applications whitelisting malware analysis, quarantine and eradications.
• Work with the IT leadership and business stakeholders to define metrics and reporting strategies that effectively communicate successes and progress of the security program

Engineering Support

• Assess and evaluate outsourced vendors that provide information security functions for the compliance with the contracted service-level agreements.
• Manage and coordinate operational components of the incident management, including detection, response and reporting.
• Maintain a knowledge base comprising a technical reference library, security advisories and alerts, information on security trends, practices, laws and regulations.
• Perform day to day activities for threat and vulnerability management, identify risks, and identify possible treatment plans.
• Assist in the design and oversight of security testing procedures to verify the security of systems, networks and applications, and manage the remediation of identified risks.

Operational Support

• Research, evaluate, design, test, recommend or plan the implementation of the new or updated information security hardware or software, and analyze its impact on the existing environment; provide technical and managerial expertise for the administration of security tools.
• Assist the enterprise architecture team to ensure that there is a convergence of business, technical and security requirements; liaise with the IT management to align existing technical installed base and skills with the future architectural requirements.
• Develop strong working relationships with the corporate and brand infrastructure teams to develop and implement controls and configurations aligned wit security policies, legal, regulatory and audit requirements.
• Develop and validate baseline security configurations for the operating systems, applications, networking and telecommunications equipment.
• Ensure corporate standards are properly communicated to technology units, business partners and customer teams.
• Participate in efforts to validate security solutions and ensure strategies are aligned with the business architecture.
• Provide technical support for the establishment and implementation of end to end security solutions utilizing new technologies.
• Provides technical expertise for vulnerability and management, patch management and security baselines.

REQUIRED EXPERIENCE & QUALIFICATIONS

• Bachelor’s degree, CISSP certification, or relevant industry experience

CRITICAL SKILLS & ATTRIBUTES

• Excellent technical knowledge of mainstream operating systems (i.e.: Windows, Linux, MacOS, etc.) and a wide range of security technologies, such as network security appliances, identity and access management systems, anti-malware solutions, automated policy compliance and desktop security tools
• Extensive knowledge and experience with technical security controls and vulnerabilities including IPS, anti-virus, vulnerability scanners, firewalls, and other security devices
• Technical expertise for vulnerability management, patch management and security baselines
• Knowledge and understanding of information risk concepts and principles, risk assessment methods, and technologies
• Strong project management skills including requirements analysis, project scoping, problem solving, status reporting, technical analysis, and meeting tight deadlines
• Strong technical consulting skills including making recommendations in both written and oral form, leading training for clients and peers, understanding client work practices and showing initiative when confronted with urgent and complex technical dilemmas
• Strong collaborative and communication skills including working with internal cross-discipline teams, vendor engineering resources, and client technical leads
• Strong leadership skills and the ability to work effectively with business managers, IT engineering and IT operations staff

Technical Skills:

• Experience in security technologies (IPS, anti-virus, firewall, etc.)
• Security Planning, Installation, and Administration (3-5 Years)
• IPS, Anti-Virus, Logging, Vulnerability Management (3-5 Years)
• Knowledge of network infrastructure, including routers, switches, firewalls and associated network protocols and concepts highly desired (3-5 Years)
• Experience with security design and implementation
• Knowledge of best practices for security and compliance (NIST, ISO, PCI, SOX)
• Web application experience preferred
• Demonstrate effective decision-making, problem solving, analytical and communication skills.
• Must possess a high level of initiative and self-motivation
• Ability to work independently and effective at building partnerships to facilitate the accomplishment of goals
• Strong organizational/time-management skills
• Effective at planning and leading meetings to accomplish stated goals and objectives

An equal opportunity employer, Express, Inc. does not discriminate in recruiting, hiring or any other terms and conditions of employment hiring on the basis of any federal, state, or locally protected characteristic. Express, Inc. only hires individuals authorized for employment in the United States. Express, Inc. is committed to providing reasonable accommodation to individuals with disabilities. If you need an accommodation because of a disability to search and apply for a listed job position, please call 1-800-964-9793 and say 'Associate Relations' or send an e-mail to AssociateRelations@Express.com and let us know the nature of your request and your contact information.

Notification to Agencies: Please note that Express, Inc. does not accept unsolicited resumes or calls from third-party recruiters or employment agencies. In the absence of a signed Master Service Agreement and approval from HR to submit resumes for a specific requisition, Express, Inc. will not consider or approve payment to any third-parties for hires made.