Security Engineer Lead

Macy's Johns Creek , GA 30097

Posted 2 months ago

About:
Macy's is proudly America's Department Store. For more than 160 years, Macy's has served generations at every stage of their lives. Customers come to us for fashion, value and celebration. Macy's is also known for giving back to our communities.

Now is an exciting time to join Macy's. The face of retail is changing, and change requires innovation. With endless opportunities, you can begin anywhere and go everywhere at Macy's. Join a team of colleagues who are committed to excellence and leadership development. We want talent like you.

  • Job Overview:The Lead Application Security Engineer will be responsible for collaborating closely with application development teams to guide them through security requirements, analyze software designs/architecture/implementations from a security perspective, and serve as a dedicated security resource to identify and assist in proposing solutions to all security matters. The appropriate candidate will have a "hands-on" role working closely with engineering and development teams to solve real problems in ways that meet our security requirements. This will include having experience with security and agile programming best practices and applying them within complex applications and systems. Responsibilities include the application and advocation of security for Macy's Software Development Life Cycle (SDLC), integration of tools and processes into CI/CD pipeline and recommending appropriate solutions for keeping Macy's applications secure.

  • Essential Functions:*

  • Work with the lead security engineer within an application development area to ensure that security best practices and internal requirements are met through the entire development lifecycle

  • Perform threat modeling, design reviews and code reviews with a focus on security as part of the development lifecycle

  • Assist with integrating state-of-art technology to meet the business needs and interface with business units regarding technical planning and application security topics.

  • Provide guidance in the interpretation of Secure Software Development Lifecycle (S-SDLC) as well as governance of security standards with development teams

  • Assist with proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes

  • Build application security in cloud-based and virtualized environments

  • Perform regular security testing, code review, and assist with remediation of identified issues

  • Consult with development and architecture teams on Secure Development methodologies and best practices, including incident response and architecture, PCI certification and other audit and review processes

  • Advise internal customers and evangelize threat modeling, secure design reviews, static code analysis and vulnerability remediation.

  • Applying security controls (PCI-DSS, SOX, HIPAA, ISO) as well as web application security topics such as OWASP Top 10, CWE Top 25, and authentication infrastructure (SAML, OAuth).

  • Education/Experience:*

  • Bachelor's and/or an equivalent combination of education and experience.

  • Should have at least 4 or more years of experience in IT.

  • Experience in application development.

  • Experience building and evaluating enterprise application deployments in cloud, on-prem and hybrid scenario

  • Demonstrated understanding of core secure coding concepts

  • Familiarity with security testing tools for SAST, DAST, IAST and Pen Testing a plus

  • Experience working in a continuous delivery or DevOps team is a plus

  • Familiarity with security solutions for data and web services

  • Familiarity with agile development principles sufficient to integrate security controls without unnecessarily impeding overall project velocity

  • Demonstrated communications skills with the ability to establish and maintain strong partner relationships

  • Experience designing systems/applications with high level of complexity (e.g. many interfaces, multiple packages, platforms)

  • Experience in software engineering in programming languages such as Java, JavaScript, C, C++, C#, PHP, Objective C

  • Security certifications are a plus e.g. CISSP, CSSLP, etc.

icon no score

See how you match
to the job

Find your dream job anywhere
with the LiveCareer app.
Mobile App Icon
Download the
LiveCareer app and find
your dream job anywhere
App Store Icon Google Play Icon
lc_ad

Boost your job search productivity with our
free Chrome Extension!

lc_apply_tool GET EXTENSION

Similar Jobs

Want to see jobs matched to your resume? Upload One Now! Remove
Security Engineer Lead

Macy's, Inc.

Posted 2 months ago

VIEW JOBS 12/3/2021 12:00:00 AM 2022-03-03T00:00 About: Macy's is proudly America's Department Store. For more than 160 years, Macy's has served generations at every stage of their lives. Customers come to us for fashion, value and celebration. Now is an exciting time to join Macy's, Inc. The face of retail is changing, and change requires innovation. Macy's Tech provides modern tools, platforms, and services to all parts of the business. Our team supports millions of customers in connected commerce across the technology hub at Macy's Join our team to help shape the future of e-commerce and set the pace in retail technology. Whether focused on store technology, supply chain tech, application security, merchandising systems, or the mobile app - you'll have opportunities to grow your career while finding meaningful ways to make a difference. Job Overview: The Lead Application Security Engineer will be responsible for collaborating closely with application development teams to guide them through security requirements, analyze software designs/architecture/implementations from a security perspective, and serve as a dedicated security resource to identify and assist in proposing solutions to all security matters. The appropriate candidate will have a "hands-on" role working closely with engineering and development teams to solve real problems in ways that meet our security requirements. This will include having experience with security and agile programming best practices and applying them within complex applications and systems. Responsibilities include the application and advocation of security for Macy's Software Development Life Cycle (SDLC), integration of tools and processes into CI/CD pipeline and recommending appropriate solutions for keeping Macy's applications secure. Essential Functions: * Work with the lead security engineer within an application development area to ensure that security best practices and internal requirements are met through the entire development lifecycle * Perform threat modeling, design reviews and code reviews with a focus on security as part of the development lifecycle * Assist with integrating state-of-art technology to meet the business needs and interface with business units regarding technical planning and application security topics. * Provide guidance in the interpretation of Secure Software Development Lifecycle (S-SDLC) as well as governance of security standards with development teams * Assist with proof-of-concept and proof-of-technology testing for integrating new 3rd party security products into the development and deployment processes * Build application security in cloud-based and virtualized environments * Perform regular security testing, code review, and assist with remediation of identified issues * Consult with development and architecture teams on Secure Development methodologies and best practices, including incident response and architecture, PCI certification and other audit and review processes * Advise internal customers and evangelize threat modeling, secure design reviews, static code analysis and vulnerability remediation. * Applying security controls (PCI-DSS, SOX, HIPAA, ISO) as well as web application security topics such as OWASP Top 10, CWE Top 25, and authentication infrastructure (SAML, OAuth). Qualifications and Competencies: * Bachelor's and/or an equivalent combination of education and experience. * Should have at least 4 or more years of experience in IT. * Experience in application development. * Experience building and evaluating enterprise application deployments in cloud, on-prem and hybrid scenario * Demonstrated understanding of core secure coding concepts * Familiarity with security testing tools for SAST, DAST, IAST and Pen Testing a plus * Experience working in a continuous delivery or DevOps team is a plus * Familiarity with security solutions for data and web services * Familiarity with agile development principles sufficient to integrate security controls without unnecessarily impeding overall project velocity * Demonstrated communications skills with the ability to establish and maintain strong partner relationships * Experience designing systems/applications with high level of complexity (e.g. many interfaces, multiple packages, platforms) * Experience in software engineering in programming languages such as Java, JavaScript, C, C++, C#, PHP, Objective C * Security certifications are a plus e.g. CISSP, CSSLP, etc. TECH00 Macy's, Inc. Johns Creek GA

Security Engineer Lead

Macy's