Senior Vulnerability Management Engineer, (Project Manager)

Johns Creek - Georgia

Date Posted: Nov. 09, 2018

Requisition ID: MAC12897


Job Overview:


This is a hands-on role involving participating in project related activities on a daily basis.  Has responsibility for execution and final delivery and release of the work-product.  Manages penetration testing and vulnerability assessment activities of complex applications, operating systems, wired and wireless networks as well as providing oversight of scheduling, adherence to documented methodologies, and compliance with relevant internal/external policies and regulations (e.g. PCI, SOX, etc). The Senior Vulnerability Management Engineer will perform the daily operation of the team including vulnerability identification, validation testing, and project management. Perform other duties as assigned.


Essential Functions:


• The Sr. Vulnerability Management Engineer is responsible for performing operating system, infrastructure, 3rd party application and internally developed application remediation testing.

• Collaborates with other technical leads (Network, Server, and Application), field services technicians, project managers and data center operations and technical subject matter specialists to prioritize vulnerabilities and integrate security controls into a cohesive architecture that sufficiently mitigates risk to the company.  Analyst must have critical thinking skills.

• Manages project related activities on a daily basis and has responsibility for execution and final delivery and release of the work-product.

• Ensures deadlines are met by participating in resource planning, effectively planning, organizing, prioritizing, and delegating assignments to project team members and following up on their individual progress. 

Facilitates communication and negotiation within and across the project team and key stakeholders. Escalates risks as required to appropriate level of management.

• Provides input to ensure adequate project staffing and resource management.

• Mentors and coaches other Security Analysts to provide guidance and expertise in their growth.

• Consistently demonstrates regular, dependable attendance & punctuality. 






• Bachelor’s Degree and 5-7 years of experience or an equivalent combination of education and experience.

• Minimum of 5 years’ experience in IT, Project Management, or Information Security.

• Have experience with vulnerability assessment and penetration testing tools (such as nmap, Nessus, Qualys, eEye Retina, Metasploit, OpenVAS, OpenSSL, CoreImpact, WebInspect, etc.) and manual testing.


Communication Skills:


• Excellent written and verbal communication skills.

• Ability to explain technical concepts to technical or non-technical personnel. 

• Ability to read, write, and interpret business and technical documents.


Mathematical Skills:


• Basic math functions such as addition, subtraction, multiplication, division, and analytical skills.


Reasoning Ability:


• Must be able to work independently with minimal supervision and make sound decisions.


Physical Demands:


• This position involves regular walking, standing, sitting for extended periods of time, hearing, and talking.

• May occasionally involve stooping, kneeling, or crouching.

• May involve close vision, color vision, depth perception, focus adjustment, and viewing computer monitor for extended periods of time. 

• Involves manual dexterity for using keyboard, mouse, and other office equipment.

• May involve moving or lifting items under 10 pounds.


Other Skills:


• Knowledge or skill to be able to provide remediation guidance for vulnerabilities found from either manual testing or from the tools previously mentioned.

• Demonstrated experience managing multiple moderate to highly complex simultaneous projects involving cross-functional project teams within budgetary and schedule constraints.

• Ability to garner trust among project team and stakeholders.

• Drives corrective actions to mitigate project risks.

• Strong negotiation, diplomacy and conflict resolution skills.

• Ability to understand, analyze and correlate technical vulnerabilities.

• Maintaining metrics in addition to leading and analyzing security reporting.

• Understanding of risk assessment methodologies and assist with coordinating discussions with other teams.

• An understanding of a wide array of server grade applications to include DNS, SMTP, IIS, Apache, LDAP, SQL, etc.

• Remediation experience with patching and/or mitigation for findings for all the aforementioned testing/assessments.

• Risk assessment experience with computer systems and applications.

• Excellent documentation, organization, time management, and problem solving skills.

• Critical Thinking Skills:

-       Have an understanding and working knowledge of regulatory and audit mandates to ensure environments meet PCI, FFIEC, SOX and corporate standards.

-       One or more relevant certifications are a plus, such as:  CISSP, CAPM, PMP, OSCP, OSCE, OSWE, GWAPT OSWP, OSCE, GSEC, GISP, GPPA, GCUX, GCWN, GCED, GPEN, GSNA, GAWN, GXPN, or GSE.

Work Hours:


Ability to work a flexible schedule based on department and company needs.



Company Profile:


Macy’s Inc. is one of the nation’s premier retailers.  With fiscal 2016 sales of $25.778 billion and approximately 140,000 employees, the company operates more than 700 department stores under the nameplates Macy’s and Bloomingdale’s, and approximately 125 specialty stores that include Bloomingdale’s The Outlet, Bluemercury and Macy’s Backstage.  Macy’s, Inc. operates stores in 45 states, the District of Columbia, Guam and Puerto Rico, as well as, and  Bloomingdale’s stores in Dubai and Kuwait are operated by Al Tayer Group LLC under license agreements.  Macy’s, Inc. has corporate offices in Cincinnati, Ohio and New York, New York.

This job description is not all inclusive. Macy’s Inc. reserves the right to amend this job description at any time. Macy's Inc. is an Equal Opportunity Employer, committed to a diverse and inclusive work environment.