Principal Architect, Security

Johns Creek - Georgia

Date Posted: Jan. 14, 2019

Requisition ID: MAC13465


Job Overview:


Principal Architect at Macy’s is a senior technologist who oversees architecture strategies for strategic initiatives spanning multiple omnichannel domains and related application systems. Principal Architect owns long-term technical vision, roadmaps and is responsible for implementing this vision through the course of enterprise-wide projects by collaborating with development and business teams. Jointly with development and platform leadership, Principal Architect will also help develop, promote and govern architecture principles, standards and strategies; coach development leads, application architects, system analysts and other technical stakeholders.  Principal Architect is ultimately responsible for the delivery of foundational architecture and other transformational initiatives for a suite of omnichannel systems. Principal architects also mentor and groom other architects and leads to make them more successful in their jobs.


The primary area of focus for Principal Security Architect is to work alongside and in conjunction with the Enterprise Security team and Corporate Information Security Officer, to design and implement security solutions for Macy’s internal IT environment. This architect should possess a combination of strong technical knowledge across multiple information security domains and a solid development background. The candidate will partner with engineering teams across Macy’s to design, develop, and implement security solutions to identify and close security gaps for cloud and on-premise environments. This architect will be an advocate and practitioner of DevSecOps implementing tools driven and highly automated approach to bake security into developer’s workflow. The candidate will serve as trust advisor to engineering teams delivering architecture guidance, leading proof of concept evaluations, and assisting in large-scale implementations. This is unique and exciting opportunity to work on and learn about the latest and greatest technologies in cloud and security.  Perform other duties as assigned.


Essential Functions:


Provide guidance and subject matter expertise on infrastructure, application & data security to engineering teams across the company.

Be strategically and closely align to the Corporate Information Security officer, providing guidance, thought leadership and technical expertise to the Enterprise Security team.

Apply risk-based thinking enabling teams to make the right security decisions and priorities.

Identify gaps in existing security architecture and design & recommend changes or enhancements.

• Advocate and practitioner of DevSecOps implementing a tool driven and highly automated approach to bake security into developer’s workflow.

Build robust and easy to use security solutions/patterns for Macy’s global customers. 

Architect security solutions (Website & Platform) that scale and perform in a multi-tenant environment. 

Build tools and automation that enable Macy’s developers to easily consume security services delivered by the security team.

Partner with platform and engineering teams to integrate security controls into continuous integration, delivery and deployment processes.

Build strong relationships with Macy’s technical teams and cultivate a culture of security awareness and ownership.

• Trusted advisor to engineering teams delivering architecture guidance, leading proof of concept evaluations, and assisting in large-scale implementations.

Regular, dependable attendance & punctuality.





Bachelor's Degree in Computer Science/Engineering and 10 years of experience OR Masters Degree in Computer Science/Engineering and 8 years of experience.

5+ years’ experience in an Information Security position.

5+ years of security and authentication related work on web applications and protocols including but not limited to security issues like XCC, CSRF etc.

Stellar Java design and programming skills, having experience with SOAP/XML/WSDL, SAML/OAuth/OpenID, PKI,SSL/OpenSSL.

Detailed, extensive experience with applied cryptography, Java Security Providers, Java key store, PKI, Certificate Authority.

Strong foundation and in-depth technical knowledge in security engineering, computer &  network security, authentication and security protocols, and applied cryptography.

Familiarity with federated identity and SSO technologies and Unix security features.

Deep understanding of web application security – AuthN/AuthZ, user flows, code logic, Java security frameworks.

Expertise and passion to think 10 steps ahead and identify potential security issues and proactively design and develop solutions.

Expertise in developing security solutions for data and service exchange across third party vendors, partners and developers.

Understanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application security.

Experience with public cloud environments and technologies, including Azure, Google Cloud or Amazon Web Services (AWS) and others.

Experience in DevOps environments and automating security controls into the CI/CD process.

Experience with Jenkins or other CI tools and knowledge of technologies like containers and microservices.

Expertise with high-availability distributed systems, across multiple geographic locations.

Cloud Security experience (on-prem/public).


Communication Skills:


Ability to communicate with high proficiency, both verbally and in writing, with all levels of management and staff, in both technical language and layman’s terms.


Mathematical Skills:


Basic math functions such as addition, subtraction, multiplication, division, and analytical skills.


Reasoning Ability:


Ability to work independently with minimum supervision.


Physical Demands:


This position involves regular walking, standing, sitting for extended periods of time, hearing, and talking.

May occasionally involve stooping, kneeling, or crouching.

May involve close vision, color vision, depth perception, focus adjustment, and viewing computer monitor for extended periods of time. 

Involves manual dexterity for using keyboard, mouse, and other office equipment.

May involve moving or lifting items under 10 pounds.


Work Hours:


• Ability to work a flexible schedule based on department and company needs.


Company Profile:


As the fastest growing part of Macy's Inc. business, is achieving record sales and broadening our workforce. offers the entrepreneurial culture of a web business with the stability and support of the best brand in retailing. Creativity and ingenuity partner with business acumen and tech savvy to build a unique business poised for substantial growth. If you're interested in being a part of that growth and want to know what it's really like to work at, get an inside look at


Our employees have long-term opportunities and are encouraged to utilize their Supervisors and Human Resources for cross-functional movement to further their careers. At we are committed to giving back to the community by partnering with local charitable organizations. By skillfully combining the power of digital technology and omnichannel integration with the best in retailing, is reaching new heights.



This job description is not all inclusive. Macy’s Inc. reserves the right to amend this job description at any time. Macy's Inc. is an Equal Opportunity Employer, committed to a diverse and inclusive work environment.