Application Security Analyst I

Johns Creek - Georgia

Date Posted: Dec. 05, 2018

Requisition ID: MAC13123


Job Overview:


The Application Security Analyst I will be responsible for assisting the Application Security Architects with developing standards and methodologies for Macy’s S-SDLC (Secure Software Development Life Cycle) program. The appropriate candidate will have a “hands-on” role working closely with engineering teams to solve real problems in ways that meet our security requirements. This will include having experience with secure coding best practices, as well as work collaboratively and effectively with engineers and architects to evaluate projects and the application of S-SDLC. Responsibilities include consulting on S-SDLC, reviewing identified bugs and vulnerabilities, and providing periodic reports to business units and leadership. The successful candidate will be responsible for using technologies ranging from mainframe development to web and mobile applications. Curiosity, openness to new ideas and a willingness to learn and adapt are essential for success in this role. Perform other duties as assigned.


Essential Functions:


Assist business units with performing threat modeling, design reviews and code reviews as part of the development lifecycle.

Provide guidance in the development and interpretation of S-SDLC as well as governance of security standards with business partners.

Assist with evaluating and deploying application security tools in a DevOps environment.

Assist with the integration of security engineering automation tools into the CI/CD pipeline.

Assist with building application security in cloud-based and virtualized environments.

Consult with development and architecture teams on Secure Development methodologies and best practices, including incident response and architecture, PCI certification and other audit and review processes.

Advise internal customers and evangelize threat modeling, secure design reviews, static code analysis and vulnerability remediation.

Applying security controls (PCI-DSS, SOX, HIPAA, ISO) as well as web application security topics such as OWASP Top 10, CWE Top 25, and authentication infrastructure (SAML, OAuth).

Regular, dependable attendance & punctuality.






Bachelor's or Master's Degree preferred and/or an equivalent combination of education and 1 – 3 years of experience

Experience in IT security, compliance and/or risk management.

An understanding of common application security vulnerabilities and core secure coding concepts.

Experience with security testing tools for SAST, DAST, IAST, RASP and Pen Testing a plus.

Experience working in a continuous delivery or DevOps team is a plus.

Experience with security solutions for data and web services a plus.

Familiarity with common programming methodologies, including agile, waterfall, etc.

Ability to establish and maintain strong partner relationships.

Certification in information systems security or willingness to obtain certifications such as CISSP, CSSLP, CEH etc.

Familiarity with development on mobile platforms desired.

Demonstrated software engineering experience in one or more programming languages such as Java, JavaScript, C, C++, C#, PHP, Objective C.


Communication Skills:


Excellent written and verbal communication skills.

Must be able to effectively discuss security-related topics with technical and non-technical audiences.


Mathematical Skills:


Basic math functions such as addition, subtraction, multiplication, division, and analytical skills.


Reasoning Ability:


Must be comfortable working in a fast evolving field; this position requires the ability to quickly absorb new information and concepts, and develop a working understanding of new technologies on a regular and ongoing basis.


Physical Demands:


• This position involves regular walking, standing, sitting for extended periods of time, hearing, and talking.

• May occasionally involve stooping, kneeling, or crouching.

• May involve close vision, color vision, depth perception, focus adjustment, and viewing computer monitor for extended periods of time. 

• Involves manual dexterity for using keyboard, mouse, and other office equipment.

• May involve moving or lifting items under 10 pounds.


Work Hours:


• Ability to work a flexible schedule based on department and company needs.


Company Profile:


Macy’s Inc. is one of the nation’s premier retailers.  With fiscal 2016 sales of $25.778 billion and approximately 140,000 employees, the company operates more than 700 department stores under the nameplates Macy’s and Bloomingdale’s, and approximately 125 specialty stores that include Bloomingdale’s The Outlet, Bluemercury and Macy’s Backstage.  Macy’s, Inc. operates stores in 45 states, the District of Columbia, Guam and Puerto Rico, as well as, and  Bloomingdale’s stores in Dubai and Kuwait are operated by Al Tayer Group LLC under license agreements.  Macy’s, Inc. has corporate offices in Cincinnati, Ohio and New York, New York.



This job description is not all inclusive. Macy’s Inc. reserves the right to amend this job description at any time. Macy's Inc. is an Equal Opportunity Employer, committed to a diverse and inclusive work environment.