The Staff, Security Engineer provides guidance to other members on the team and assists them by providing technical leadership. Should have experience and understanding of multiple security platform components and is expected to research emerging InfoSec trends and make recommendations. Additionally, the qualified candidate will meet professional obligations through efficient work habits such as, meeting deadlines, honoring schedules, coordinating resources and meetings in an effective and timely manner, and demonstrating respect for others. The colleague is also responsible for fulfillment and performing other duties as necessary.
The Staff, Security Engineer makes decisions based on operational status and project requirements and will make recommendations to management based on actions taken, current status and potential exposure and/or risks. Will continue to be engaged with management to provide updates and status to help clarify any decision that is needed to be made about a current security risk exposure or operational stability.
* Work with various Ecommerce Support teams to understand their requirements and support them as needed.
* Work with Security Architecture & Ecommerce Support teams to determine solutions and propose plans to implement them.
* Design, build & maintain automation for security controls.
* Review incoming customer requirements and determine if they are in accordance with the InfoSec policy.
* Design and operate IDM controls in the cloud.
* Scripting/automation experience is a plus. Candidate is expected quickly learn this skill, if they do not already possess it.
* Support maintenance and upgrade of solutions that protect enterprise systems, applications and data by participating in established policies, practices and change management tools.
* Collaborate with managers, project managers, architects and other technical leads to resource projects and manage the communication across all teams involved.
* Assist clients with the identification and evaluation of security gap, and help translate them into functional specifications; focusing on the infrastructure and business applications.
* Collaborates with other technical leads (Network, Server, and Application), field services technicians, project managers and data center operations and technical subject matter specialists to integrate security controls into a cohesive architecture that sufficiently mitigates risk to the company. Engineer must have critical thinking skills.
* Mentors and coaches other Security Analysts to provide guidance and expertise in their growth.
* Work closely with managed service providers, delivery, vulnerability and incident response teams.
* Participate in on call and change rotation.
* Consistently demonstrates regular, dependable attendance and punctuality.
* Bachelor’s Degree and 5-7 years of experience or an equivalent combination of education and experience in Information Security or Information Technology.
* Excellent written and verbal communication skills.
* Ability to read, write, and interpret instructional documents such as reports and procedure manuals.
* Writes clear problem descriptions and instructions to aid other individuals or groups in problem duplication and resolution.
* Ability to create detailed and/or focused documentation, reports or standard procedures.
* Basic math functions such as addition, subtraction, multiplication, and division.
* Must be able to work independently but under minimal supervision.
* This position involves extended periods of sitting and the extensive use of computer and the office equipment.
* May involve stooping, kneeling, or crouching.
* Involves close vision, color vision, depth perception, and focus adjustment.
* Knowledge of security controls in public clouds like Azure, AWS, GCP.
* Experience with defining and operating IDM controls in any public cloud is a major plus.
* Knowledge of network security concepts and technologies, including but not limited to firewalls, IDS / IPS, proxy servers, access control systems and web application firewalls.
* Ability to understand, analyze and correlate technical vulnerabilities and implement counter-measures to mitigate them.
* Knowledge of TCP/IP, HTTP, HTTPS, cookies, authentication, web servers and SSL/encryption.
* Understanding of web applications authentication, session management, and form submission processes, etc.
* An understanding of a wide array of server grade applications to include DNS, SMTP, IIS, Apache, LDAP, SQL, etc.
* Remediation experience with patching and/or mitigation for findings for all of the aforementioned testing / assessments.
* Risk assessment experience with computer systems and applications. Best practice and architecture experience with computer systems and applications.
* Knowledge of network diagnostic and troubleshooting tools.
* eCommerce experience is a must.
* Understanding of laaS cloud security is a plus.
* Cisco, F5, F5 ASM, Checkpoint and general networking with several vendors is preferred.
* Proven ability to manage projects and handle conflicting responsibilities.
* Have an understanding and working knowledge of regulatory and audit mandates to ensure environments meet PCI, FFIEC, SOX and corporate standards.
* One or more Certifications such as: CISSP, CCNA, CCNP, MCSE, CEH.
* Ability to work a flexible schedule based on department and store/company needs.
This job overview is not all inclusive. In addition, Macy s, Inc. reserves the right to amend this job overview at any time. Macy s is an Equal Opportunity Employer, committed to a diverse and inclusive work environment. Macy s, Inc. including Macy s and Bloomingdale s will consider for employment qualified applicants with criminal convictions in a manner consistent with [SFPC Art. 49]( and [LA MC ch.XVIII Art. 9](
Associated topics: forensic, identity access management, information assurance, information security, leak, security, security analyst, security engineer, violation, vulnerability
To Apply: https://www.jobg8.com/Traffic.aspx?YA9oLha38bIpswUbKxJlZwy