Senior Engineer, Cloud Security at Rent the Runway
Rent the Runway is transforming the way modern women get dressed and disrupting the $2.4 trillion fashion industry by pioneering dynamic ownership and enabling women to rent, subscribe to and purchase secondhand clothing. Founded in 2009 with a vision to build the world’s first living closet, RTR believes that women everywhere will soon have a subscription to fashion. By creating a new model of dynamic ownership rooted in sustainability, RTR has made apparel rental an indispensable utility while also powering women to feel their best every day. RTR offers apparel, accessories and home decor from over 700 designer partners and has built in-house proprietary technology and a one-of-a-kind reverse logistics operation. Under CEO and Co-Founder Jennifer Hyman’s leadership, Rent the Runway has been named to CNBC’s “Disruptor 50” five times in ten years, and has been placed on Fast Company’s Most Innovative Companies list multiple times.
About the Team:
We are currently growing our Information Security team in order to protect and scale our enterprise as well as meet ongoing compliance requirements. Our team works closely with IT, Infrastructure, and Engineering, to ensure the security posture of Mission Critical Production Environments, build Security into the software development life-cycle, as well as deploy and maintain Security Tooling and processes.
About the Job:
The Senior Security Engineer will report directly to the VP, IT, Security and Compliance and will be a driving force in setting the Security and Compliance roadmap for the Organization. You will be responsible for hands-on design, engineering, configuration and integration of Security solutions that provide confidentiality, integrity, availability, authentication, and non-repudiation to meet stated security and compliance objectives.
What You'll Do:
- Work closely with the VP of Security to understand goals and determine security and compliance requirements
- Drive the selection, POC, implementation and operational deployment of new security technology solutions to ensure the confidentiality, integrity and availability of business data
- Design and implement application, network, and data security solutions to meet business objectives, IT strategic initiatives, corporate and regulatory requirements
- Partner with engineering teams to integrate security controls into continuous integration, delivery and deployment processes
- Maintain, Improve, and Implement, Security tooling.
- Expand upon existing documentation processes, procedures, and metrics
- Cyber incidents identification and activation of incident response procedures
- Build strong relationships with RTR’s cross functional teams and cultivate a culture of security awareness and ownership
- Collaborate with the Infrastructure and SRE teams to instrument our Cloud environments
- You have 5+ years of experience providing technical leadership within the security domain, including managing delivery of complex projects, mentoring, acting as a role model for other engineers and evaluating complex tradeoffs and priorities
- You have a degree in computer science, software engineering, or cybersecurity with 3+ years of programming experience with various languages like Java, C#, Python, C++, Go, Scala
- You have experience architecting security with cloud infrastructure service providers, Google Cloud Platform, Azure and/or AWS
- You have an understanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application security
- You have experience in DevOps Methodology and automating security controls into the CI/CD process
- You have experience with CI/CD tools and workflows
- You have working knowledge of Docker and Kubernetes and container security best practices
- You have experience in configuration and maintenance of Splunk as a SIEM
- You have strong knowledge of web applications security practices
- You have professional certifications in information security management, such as a CISSP or CISM.
- You have a strong familiarity with information security frameworks (e.g. NIST, CIS, or ISO) and experience architecting solutions to meet compliance requirements (e.g. PCI-DSS, GDRP, CCPA).
- You have experience formulating a clear and actionable plan, with experience executing against it.
- You can successfully work in a fast paced, agile environment.
At Rent the Runway, we’re committed to the happiness and wellbeing of our employees, and aim to create a workplace that fosters both personal and professional growth. Our inclusive benefits include, but are not limited to:
- Generous Paid Time Off including vacation, paid bereavement, and family sick leave - every employee needs time to take care of themselves and their family.
- Universal Paid Parental Leave for both parents + flexible return to work program - because we know your newest family member(s) deserve your undivided attention.
- Paid Sabbatical after 5 years of continuous service - Unplug, recharge, and have some fun!
- Exclusive employee subscription and rental discounts - to ensure you experience the magic of renting the runway (and give us valued feedback!).
- Comprehensive health, vision, dental, FSA and dependent care from day 1 of employment - Your health comes first and we’ve got you covered.
- Industry leading 401k match - an investment in your future.
- Company wide events and outings - our team spirit is no joke - we know how to have fun!
- Flexibility Policy - when our corporate employees return to the office post COVID they will have the option to work remotely 2-3 days a week.
Rent the Runway is an equal opportunity employer. In accordance with applicable law, we prohibit discrimination against any applicant or employee based on any legally-recognized basis, including, but not limited to: race, color, religion, sex (including pregnancy, lactation, childbirth or related medical conditions), sexual orientation, gender identity, age (40 and over), national origin or ancestry, citizenship status, physical or mental disability, genetic information (including testing and characteristics), veteran status, uniformed servicemember status or any other status protected by federal, state or local law.