Senior Security Engineer (eCommerce Operations)
Macy's Inc. - Johns Creek, Georgia
Job Overview:
Macy’s Systems & Technology is seeking a Sr. Security Engineer for our eCommerce Operations team. The Sr. Security Engineer will be responsible for the maintenance and operations of the technologies that have been implemented to protect and secure our web technologies. The selected candidate must have the ability to communicate with clients, manage project timelines, follow methodologies, and create and present clear, concise deliverables.
The qualified candidate will apply professional knowledge of engineering concepts, principals and relationships to assess specific requirements, deliver recommendation, and participate in preliminary and final design plans in support of the eCommerce security initiative. Performs other duties as assigned.
Essential Functions:
The Senior Security Engineer (eCommerce Operations) should have experience and understanding of multiple security platforms including, but not limited to: automated and manual testing tools, firewalls, proxy servers, intrusion prevention systems, logging correlation/management, operating systems, protocols and risk assessments and web application firewalls. Additionally, the qualified candidate will meet professional obligations through efficient work habits such as, meeting deadlines, honoring schedules, coordinating resources and meetings in an effective and timely manner, and demonstrating respect for others.
The Senior Security Engineer (eCommerce Operations) makes decisions based on operational status and project requirements and will make recommendations to management based on actions taken, current status and potential exposure and/or risks. The Engineer will continue to be engaged with management to provide updates and status to help clarify any decision that is needed to be made about a current security risk exposure or operational stability.
Additional responsibilities include:
• Maintenance and upgrade of solutions that protect enterprise systems, applications and data by participating in established policies, practices and change management tools.
• Collaborate with managers, project managers, architects and other technical leads to resource projects and manage the communication across all teams involved.
• Assist clients with the identification and evaluation of security gap, and help translate them into functional specifications; focusing on the infrastructure and business applications.
• Collaborates with other technical leads (Network, Server, and Application), field services technicians, project managers and data center operations and technical subject matter specialists to integrate security controls into a cohesive architecture that sufficiently mitigates risk to the company. Engineer must have critical thinking skills.
• Mentors and coaches other Security Analysts to provide guidance and expertise in their growth.
• Work closely with managed service providers, delivery, vulnerability and incident response teams.
• Consistently demonstrates regular, dependable attendance & punctuality.
• Participate in on call and change rotation.
Qualifications:
Education/Experience:
• Bachelor's Degree and 5-7 years of experience or an equivalent combination of education and experience in Information Security.
• Remediation experience with patching and/or mitigation for findings for all of the aforementioned testing / assessments.
• Risk assessment experience with computer systems and applications.
• Best practice and architecture experience with computer systems and applications.
• eCommerce experience is a plus.
• Cisco, F5, F5 ASM, Checkpoint and general networking with several vendors is preferred
• Web development and coding skills are a plus.
• Understanding of IaaS cloud security is a plus.
• One or more Certifications such as: CISSP, CCNA, CCNP, MCSE, CEH, OSCP, OSCE, OSWE, GWAPT OSWP, OSCE, GSEC, GISP, GPPA, GCUX, GCWN, GCED, GPEN, GSNA, GAWN, GXPN, or GSE.
Reasoning Ability:
• Proven ability to manage projects and handle conflicting responsibilities.
• Ability to understand, analyze and correlate technical vulnerabilities and implement counter-measures to mitigate them.
Other Skills:
• Identify common network and web site attacks such as SQL injection, cross site scripting, remote file inclusion and cookie manipulation.
• Expert level skills in manual methodologies and tools to perform the previous tasks.
• In depth knowledge and proven experience with network diagnostic and troubleshooting tools and proven experience with network capacity planning.
• Expert knowledge of network security concepts and technologies, including but not limited to firewalls, IDS / IPS, proxy servers, access control systems and web application firewalls.
• Strong knowledge of TCP/IP, HTTP, HTTPS, cookies, authentication, web servers and SSL/encryption.
• Understanding of web applications authentication, session management, and form submission processes, etc.
• An understanding of a wide array of server grade applications to include DNS, SMTP, IIS, Apache, LDAP, SQL, etc.
• Have an understanding and working knowledge of regulatory and audit mandates to ensure environments meet PCI, FFIEC, SOX and corporate standards.
Work Hours:
• Ability to work a flexible schedule based on department and company needs.
Company Profile:
Macy’s Inc. is one of the nation’s premier retailers. With fiscal 2016 sales of $25.778 billion and approximately 140,000 employees, the company operates more than 700 department stores under the nameplates Macy’s and Bloomingdale’s, and approximately 125 specialty stores that include Bloomingdale’s The Outlet, Bluemercury and Macy’s Backstage. Macy’s, Inc. operates stores in 45 states, the District of Columbia, Guam and Puerto Rico, as well as macys.com, bloomingdales.com and bluemercury.com. Bloomingdale’s stores in Dubai and Kuwait are operated by Al Tayer Group LLC under license agreements. Macy’s, Inc. has corporate offices in Cincinnati, Ohio and New York, New York.
This job description is not all inclusive. Macy’s Inc. reserves the right to amend this job description at any time. Macy's Inc. is an Equal Opportunity Employer, committed to a diverse and inclusive work environment.
Unable to retrieve job information. This job may not be available anymore. Sorry for the inconvenience. Posted: 30+ days ago
About Macy's Inc.
Macy's, Inc., with corporate offices in Cincinnati and New York, is one of the nation's premier retailers, with fiscal 2015 sales of $27.079 billion. The company operates about 870 stores in 45 states, the District of Columbia, Guam and Puerto Rico unde... more
