Job Title: Sr. IT Security Engineer

(Hybrid – Boise, ID or Bellevue, WA 1-2x/week)

Pay Range: $101,272– $151,907

Who we are:

As one of the largest for-profit thrift operators in the United States, Canada and Australia for value priced pre-owned clothing, accessories and household goods, our mission is to champion reuse and inspire a future where secondhand is second nature. We supply our stores with gently-used, one-of-a-kind items that have been donated by the community to local nonprofit organizations. We purchase these items directly from our nonprofit partners, redirecting billions of pounds of used items away from landfills and on to our store racks and shelves for reuse, and providing our partners with valuable funding for their community-based programs and services. You’ll often hear us say that we are “Thrift Proud.” It’s the millions of loyal customers who visit our 300+ stores and our more than 22,000 team members that make it possible. Learn more about the Savers® family of thrift stores, our impact, and the #ThriftProud movement at savers.com.

Our brands are Savers (in the U.S.), 2nd Ave (in the U.S.), Value Village (in the U.S. and Canada), Unique (in the U.S.), Village des Valeurs (in Quebec) and Savers Australia.

What you can expect:

• The opportunity to celebrate uniqueness. We are made up of people from many different backgrounds, experiences, and perspectives, all with something special to contribute.
• To work in a purpose-driven company, with a business model that people love for our impact on both the planet and local communities.
• An investment in the career path interests of our people. With our aggressive store expansion plans, we recognize the importance of the continued growth and development of our team members.

What you get:

Comprehensive onboarding and training from day one.

In-house expertise! Our training department / Savers University develops and delivers robust training to every team member across our organization — from new hires to senior executives. We develop around 90% of our training internally, and partner with a variety of renowned providers to supplement our offerings.

Benefits offerings including:

• Bundled health plans such as medical, Rx, dental and vision
• Company-paid life insurance for extra protection and peace of mind
• Programs to stop smoking, diabetes management coaching, and on demand care options.
• A 401k plan with generous company matching contributions to assist you in saving for a secure financial future.
• Paid time off from work for leisure or other hobbies.
• A range of mental health services to assist you in managing daily life.

What you’ll be working on:

The Sr. IT Security Engineer is an internal security engineering role supporting business stakeholders and IT technical teams in developing, maintaining, and operating secure, compliant line-of-business systems and processes across Savers. This position plays a dual role—providing deep technical security expertise while ensuring alignment with enterprise risk management, governance, and compliance frameworks. This is a hands-on and analytical role requiring broad knowledge across multiple security disciplines, including Cloud Security, Application Security, Security Engineering, Network Security, Identity and Access Management, Security Assessment and Testing, Security Operations, and Security Risk and Compliance.

Successful candidates will have a demonstrable record of applying security principles, controls, and frameworks (NIST, ISO 27001, CIS, SOC 2, PCI) in planning, implementation, maintenance, and monitoring of security technologies and practices, while creating policies and documentation to uphold frameworks. The role reports to the Director of IT Security and contributes directly to Savers’ risk-based approach to sustainable security.

Essential Job Functions:

• Collaborate with cross-functional teams to drive internal security, privacy, and risk governance initiatives across the enterprise.
• Creating and maintain Enterprise Policies, Standards, and Guideline documentation to support alignment of Industry Frameworks
• Serve as a trusted security and risk advisor to stakeholders, offering actionable guidance that balances technical controls with business priorities.
• Provide continuous security and compliance guidance for internal projects, technology evaluations, and daily operational issues.
• Conduct detailed security and risk assessments of business applications, cloud workloads, and critical processes to identify control gaps, residual risks, and mitigation plans.
• Communicate security risks, vulnerabilities, and recommended treatments to both technical and non-technical teams, ensuring clear risk awareness and accountability.
• Partner with Solutions Delivery and Engineering teams to embed secure-by-design principles, risk controls, and governance checkpoints throughout the SDLC.
• Participate in project teams and initiatives as a dedicated Security Advisor and risk representative from planning through operationalization.
• Monitor and analyze emerging threats, regulatory changes, and vendor advisories, and assess their relevance to Savers’ risk posture.
• Establish and manage risk and threat metrics, control scorecards, and compliance health monitoring to measure and communicate program effectiveness to varying levels of leadership.
• Collaborate closely with IT, Audit, Legal, and Business teams to ensure consistent governance, risk, and compliance alignment across the organization.
• Maintain deep industry expertise and contribute to policy updates, control documentation, and audit readiness activities.

What you have:

Required Knowledge, Skills, and Abilities

• Strong experience ensuring security, privacy, and risk governance for Internet-facing systems, SaaS applications, and cloud services.
• Comprehensive understanding of Internet security issues, risk assessment methodologies, and mitigation strategies.
• Experience with security tooling, automation, and control monitoring to improve visibility and reduce operational risk.
• Technical expertise in security engineering, network and system security, authentication protocols, cryptography, and application security testing.
• Practical experience in threat modeling, risk analysis, and control validation.
• Knowledge of security vulnerabilities, risk treatment plans, and compensating control strategies.
• Familiarity with security frameworks, standards, and protocols relevant to enterprise governance (e.g., NIST, ISO 27001, SOC 2, PCI DSS).
• Excellent written and verbal communication skills, with the ability to translate technical findings into risk-based business context.
• Analytical, resourceful, and organized, with a proactive approach to identifying and mitigating potential security risks.
• Strong collaboration skills with a willingness to provide clear, actionable feedback in complex or sensitive governance discussions.
• Proficiency with one or more interpreted programming or scripting languages (Python, JavaScript, Ruby, PowerShell, etc.) to support security automation and compliance evidence collection.

Minimum Required Education, Training and Experience

• 8+ years’ experience in information security.
• Industry certifications such as CISSP, CCSP, CISM and CRISC preferred
• B.S. or M.S. in computer science or related field or equivalent professional experience

FLSA: Exempt

Travel: 10% or less

Work Type/Location: Hybrid in Boise or Seattle office 1-2x a week

Savers is an E-Verify employer