Principal Security Engineer 1054 views

Job Overview

Principal Security Engineer at Macy’s is a Senior Technologist who oversees architecture strategies for strategic initiatives spanning multiple omnichannel domains and related application systems. The Principal Security Engineers owns the long-term technical vision, roadmaps and is responsible for implementing this vision through the course of enterprise-wide projects by collaborating with the development and business teams. Jointly with development and platform leadership, the Principal Security Engineer will also help develop, promote and govern architecture principles, standards and strategies; coach Development Leads, Application Architects, System Analysts and other technical stakeholders. The Principal Security Engineer is ultimately responsible for the delivery of foundational architecture and other transformational initiatives for a suite of omnichannel systems. They will also mentor and groom others to make them more successful in their jobs.

The primary area of focus for the Principal Security Engineer is to work alongside and in conjunction with the Enterprise Security team and Corporate Information Security Officer, to design and implement security solutions for Macy’s internal IT environment. This Engineer should possess a combination of strong technical knowledge across multiple information security domains and a solid development background. The candidate will partner with engineering teams across Macy’s to design, develop, and implement security solutions to identify and close security gaps for cloud and on-premise environments. This Engineer will be an advocate and practitioner of DevSecOps implementing tools driven and highly automated approach to bake security into developer’s workflow. The candidate will serve as a trust advisor to engineering teams delivering architecture guidance, leading proof of concept evaluations, and assisting in large-scale implementations. This is unique and exciting opportunity to work on and learn about the latest and greatest technologies in cloud and security. Perform other duties as assigned.

Essential Functions

• Provide guidance and subject matter expertise on Infrastructure, Application & Data Security to the Engineering teams across the company.
• Be strategically and closely align to the Corporate Information Security officer, providing guidance, thought leadership and technical expertise to the Enterprise Security team.
• Apply risk-based thinking enabling teams to make the right security decisions and priorities.
• Identify gaps in existing security architecture and design & recommend changes or enhancements.
• Advocate and practitioner of DevSecOps implementing a tool driven and highly automated approach to bake security into developer’s workflow.
• Build robust and easy to use security solutions/patterns for Macy’s global customers.
• Architect security solutions (Website & Platform) that scale and perform in a multi-tenant environment.
• Build tools and automation that enable Macy’s developers to easily consume security services delivered by the security team
• Partner with platform and engineering teams to integrate security controls into continuous integration, delivery and deployment processes
• Build strong relationships with Macy’s technical teams and cultivate a culture of security awareness and ownership
• Trusted advisor to engineering teams delivering architecture guidance, leading proof of concept evaluations, and assisting in large-scale implementations.
• Regular, dependable attendance & punctuality.

Education/Experience

Qualifications:

• Bachelor’s Degree in Computer Science/Engineering and 10 years of experience OR Master’s Degree in Computer Science/Engineering and 8 years of experience.
• 5+ years’ experience in an Information Security position.
• 5+ years of security and authentication related work on web applications and protocols including but not limited to security issues like CSRF etc.
• Stellar Java design and programming skills, having experience with SOAP/XML/WSDL, SAML/OAuth/OpenID, PKI, SSL/OpenSSL.
• Detailed, extensive experience with applied cryptography, Java Security Providers, Java key store, PKI, Certificate Authority.
• Strong foundation and in-depth technical knowledge in security engineering, computer & network security, authentication and security protocols, and applied cryptography.

Familiarity with federated identity and SSO technologies and UNIX security features.

• Deep understanding of web application security – AuthN/AuthZ, user flows, code logic, Java security frameworks.
• Expertise and passion to think 10 steps ahead and identify potential security issues and proactively design and develop solutions.
• Expertise in developing security solutions for data and service exchange across third party vendors, partners and developers.
• Understanding of Software Security Architecture and Design, SDLC and the ability to clearly articulate best practices for application security.
• Experience with public cloud environments and technologies, including Azure, Google Cloud or Amazon Web Services (AWS) and others.
• Experience in DevOps environments and automating security controls into the CI/CD process.
• Experience with Jenkins or other CI tools and knowledge of technologies like containers and microservices.
• Expertise with high-availability distributed systems, across multiple geographic locations.
• Cloud Security experience (on-prem/public).

Communication Skills

• Ability to communicate with high proficiency, both verbally and in writing, with all levels of management and staff, in both technical language and layman’s terms.

Mathematical Skills

• Basic math functions such as addition, subtraction, multiplication, division, and analytical skills.

Reasoning Ability

• Must be able to work independently with minimal supervision.

Physical Demands

• This position involves regular walking, standing, sitting for extended periods of time, hearing, and talking.
• May occasionally involve stooping, kneeling, or crouching.
• May involve close vision, color vision, depth perception, focus adjustment, and viewing computer monitor for extended periods of time.
• Involves manual dexterity for using keyboard, mouse, and other office equipment.
• May involve moving or lifting items under 10 pounds.

Work Hours

• Ability to work a flexible schedule based on department and company needs.

Company Profile

Macy’s Inc. is one of the nation’s premier retailers. With fiscal 2016 sales of $25.778 billion and approximately 140,000 employees, the company operates more than 700 department stores under the nameplates Macy’s and Bloomingdale’s, and approximately 125 specialty stores that include Bloomingdale’s The Outlet, Bluemercury and Macy’s Backstage. Macy’s, Inc. operates stores in 45 states, the District of Columbia, Guam and Puerto Rico, as well as macys.com, bloomingdales.com and bluemercury.com. Bloomingdale’s stores in Dubai and Kuwait are operated by Al Tayer Group LLC under license agreements. Macy’s, Inc. has corporate offices in Cincinnati, Ohio and New York, New York.

This job description is not all inclusive. Macy’s Inc. reserves the right to amend this job description at any time. Macy’s Inc. is an Equal Opportunity Employer, committed to a diverse and inclusive work environment.