At Macy’s, we’re moving fast—we’re at top speed to become America’s premiere omni-channel retailer. Macy’s technology hub, Macy’s Technology (M*Tech) strives to set the pace by providing seamless and compelling shopping experiences for our Macy’s and Bloomingdale’s customers. MST is creating innovative technology solutions to support these experiences and define the future of retailing.
Macy’s Systems & Technology is seeking a motivated Sr. Information Security Engineer for the Operations team. This is a hands-on role involving the design, deployment and support of complex Security products. The Sr. Information Security Engineer will perform the daily operation of the in place security solutions and the identification, investigation and resolution of security events and incidents detected by those systems.
The Sr. Information Security Engineer should have experience and understanding of multiple security platforms and layers including Anti-virus, Certificates, Intrusion Prevention Systems, Operating systems, Protocols. Perform other duties as assigned.
The Sr. Information Security Engineer is responsible for consultation to internal resources, defining, delivering and supporting the enterprise security architecture (certificates and key management) and ensuring its stable, operational status.
Additional responsibilities include:
- Assisting with Information Security related agent components including performing investigative follow-up, assigning responsibility for corrective action, and auditing for effective completion
- Continues to increase knowledge by tracking and understanding emerging security practices and standards by participating in educational, social or professional opportunities and organizations and/or reading publications
- Collaborates with other technical leads (Network, Server, and Application), field services technicians, project managers and data center operations and technical subject matter specialists to integrate security controls into a cohesive architecture that sufficiently mitigates risk to the company
- Mentors and coaches other Security Engineers to provide guidance and expertise in their growth
- Consistently demonstrates regular, dependable attendance & punctuality
- Other Duties as Assigned
- The Sr. Information Security Engineer makes decisions based on operational project requirements and will make recommendations to management based on actions taken, current status and potential exposure and/or risks
- The Engineer will continue to be engaged with management to provide updates and status to help clarify any decision that is needed to be made about a current security incident, risk exposure or operational stability
- College degree and 5-7 years of experience
- Minimum of 5 years’ experience in IT or Information Security
- Have experience with certificate and key management
- Strong understanding of .NET Framework and .NET application architecture
- Knowledge or skill to consult the development and application owner community on certificates/keys
- Knowledge of cryptography technologies and implementations of such
- Ability to understand, analyze and correlate security events and implement counter-measures to mitigate against intrusion attacks
- Maintaining security monitoring in addition to leading and analyzing security reporting
- Understanding of agent technologies commonly used on endpoints for protection of assets
- Strong knowledge of HTTP, FTP, authentication, virus scanning, web servers, certificates and key management, and TLS protocol
- Ability to troubleshoot certificate issues
- Identify common network and web site attacks such as SQL injection, cross site scripting, remote file inclusion and cookie manipulation
- Understanding of web applications authentication, session management, requests, form submission processes
- An understanding of a wide array of server grade applications to include email, DNS, SMTP, IIS, Apache, Active Directory, Identity Management, Patch Management, LDAP, SQL, and others
- Have an understanding and working knowledge of regulatory and audit mandates to ensure environments meet PCI, FFIEC, SOX and corporate standards
- Excellent written and verbal communication skills
- Ability to explain technical concepts to technical or non-technical personnel.
- Ability to read, write, and interpret business and technical documents
- Basic math functions such as addition, subtraction, multiplication, division, and analytical skills
- Must be able to work independently with minimal supervision
- This position involves regular walking, standing, sitting for extended periods of time, hearing, and talking
- May occasionally involve stooping, kneeling, or crouching
- May involve close vision, color vision, depth perception, focus adjustment, and viewing computer monitor for extended periods of time
- Involves manual dexterity for using keyboard, mouse, and other office equipment
- May involve moving or lifting items under 10 pounds
- Ability to work a flexible schedule based on department and company needs
Macy’s Inc. is one of the nation’s premier retailers. With fiscal 2016 sales of $25.778 billion and approximately 140,000 employees, the company operates more than 700 department stores under the nameplates Macy’s and Bloomingdale’s, and approximately 125 specialty stores that include Bloomingdale’s The Outlet, Bluemercury and Macy’s Backstage. Macy’s, Inc. operates stores in 45 states, the District of Columbia, Guam and Puerto Rico, as well as macys.com, bloomingdales.com and bluemercury.com. Bloomingdale’s stores in Dubai and Kuwait are operated by Al Tayer Group LLC under license agreements. Macy’s, Inc. has corporate offices in Cincinnati, Ohio and New York, New York.
This job description is not all inclusive. Macy’s Inc. reserves the right to amend this job description at any time. Macy's Inc. is an Equal Opportunity Employer, committed to a diverse and inclusive work environment.