Johns Creek - Georgia
Date Posted: Mar. 08, 2019
Requisition ID: MAC14094Apply
The Staff Application Security Engineer will be responsible for collaborating closely with Application Development Teams guiding them through security requirements, analyzing software designs/architecture/implementations from a security perspective, and will serve as a dedicated security resource to identify and assist in proposing solutions to all security matters. The appropriate candidate will have a “hands-on” role working closely with engineering and development teams to solve real problems in ways that meet our security requirements. This will include having deep experience with security and agile programming best practices and applying them within complex applications and systems. Responsibilities include the application and advocation of security for Macy’s Software Development Life Cycle (SDLC), integration of tools and processes into CI/CD pipeline and recommending appropriate solutions for keeping Macy’s applications secure. The successful candidate will be responsible for using technologies ranging from legacy architectures to web and mobile applications. Openness to embrace new ideas and a willingness to learn and adapt are essential for success in this role. Perform other duties as assigned.
• Work as the Lead Security Engineer within an application development area to ensure that security best practices and internal requirements are met through the entire development lifecycle.
• Will serve as the Subject Matter Expert for secured development for one or more programing languages.
• Perform threat modeling, design reviews and code reviews with a focus on security as part of the development lifecycle.
• Integrate state-of-art technology to meet the business needs and interface with business units regarding technical planning and application security topics.
• Provide guidance in the interpretation of Secure Software Development Lifecycle (S-SDLC) as well as governance of security standards with development teams.
• Lead proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes.
• Will assess new platforms and technologies to determine the impact and changes required for Application Security.
• Lead the integration of security engineering automation tools into the CI/CD pipeline.
• Build application security in cloud-based and virtualized environments.
• Perform regular security testing, code review, and assist with remediation of identified issues.
• Consult with development and architecture teams on Secure Development, methodologies and best practices, including incident response and architecture, PCI certification and other audit and review processes.
• Advise internal customers and evangelize threat modeling, secure design reviews, static code analysis and vulnerability remediation.
• Applying security controls (PCI-DSS, SOX, HIPAA, ISO) as well as web application security topics such as OWASP Top 10, CWE Top 25, and authentication infrastructure (SAML, OAuth).
• Regular, dependable attendance & punctuality.
• Bachelor's and/or an equivalent combination of education and experience.
• At least 7 years of experience in Information Security desired.
• Experience in application development in a technical SME and leadership capacity.
• Experience building and evaluating enterprise application deployments in cloud, on-prem and hybrid scenario.
• Demonstrated understanding of core secure coding concepts.
• Familiarity with security testing tools for SAST, DAST, IAST, RASP and Pen Testing a plus.
• Experience working in a continuous delivery or DevOps team is a plus.
• Familiarity with security solutions for data and web services.
• Familiarity with agile development principles sufficient to integrate security controls without unnecessarily impeding overall project velocity.
• Demonstrated communications skills with the ability to establish and maintain strong partner relationships.
• Experience designing systems/applications with high level of complexity (e.g. many interfaces, multiple packages, platforms).
• Security certifications are a plus e.g. CISSP, CSSLP, etc.
• Excellent written and verbal communication skills.
• Must be able to effectively discuss security-related topics with technical and non-technical audiences.
• Basic math functions such as addition, subtraction, multiplication, division, and analytical skills.
• Must be able to work independently with minimal supervision.
• Must be comfortable working in a fast evolving field; this position requires the ability to quickly absorb new information and concepts, and develop a working understanding of new technologies on a regular and ongoing basis.
• This position involves regular walking, standing, sitting for extended periods of time, hearing, and talking.
• May occasionally involve stooping, kneeling, or crouching.
• May involve close vision, color vision, depth perception, focus adjustment, and viewing computer monitor for extended periods of time.
• Involves manual dexterity for using keyboard, mouse, and other office equipment.
• May involve moving or lifting items under 10 pounds.
• Ability to work a flexible schedule based on department and company needs.
Macy’s Inc. is one of the nation’s premier retailers. With fiscal 2016 sales of $25.778 billion and approximately 140,000 employees, the company operates more than 700 department stores under the nameplates Macy’s and Bloomingdale’s, and approximately 125 specialty stores that include Bloomingdale’s The Outlet, Bluemercury and Macy’s Backstage. Macy’s, Inc. operates stores in 45 states, the District of Columbia, Guam and Puerto Rico, as well as macys.com, bloomingdales.com and bluemercury.com. Bloomingdale’s stores in Dubai and Kuwait are operated by Al Tayer Group LLC under license agreements. Macy’s, Inc. has corporate offices in Cincinnati, Ohio and New York, New York.
This job description is not all inclusive. Macy’s Inc. reserves the right to amend this job description at any time. Macy's Inc. is an Equal Opportunity Employer, committed to a diverse and inclusive work environment.