Senior Application Security Engineer
Macy's Inc. - Johns Creek, Georgia
Job Overview:
The Sr. Application Security Engineer will work closely with engineers, architects and senior management to standardize application security strategies appropriate for Macy’s application development teams. Responsibilities include consulting on S-SDLC (Secure Software Development Life Cycle), evaluating potential security solution vendors, and recommending appropriate strategies for keeping our applications secure. This is a hands-on role working closely with engineering teams to solve real problems in ways that meet our security requirements. The successful candidate will be able to work collaboratively and effectively with a wide range of engineering teams using technologies ranging from mainframe development to web and mobile applications. Perform other duties as assigned.
Essential Functions:
• Provide guidance in the development and interpretation of Security Software Development Lifecycle (S-SDLC) as well as governance of security standards with business partners.
• Consult with development and architecture teams on Secure Development methodologies and best practices.
• Stay up-to-date on the evolving threat landscape and provide updates and recommendations on emerging technologies specifically relevant to our business.
• Advise internal customers and evangelize threat modeling, secure design reviews, static code analysis and vulnerability remediation.
• Applying security controls (PCI-DSS, SOX, HIPAA, ISO) as well as web application security topics such as OWASP Top 10, CWE Top 25, and authentication infrastructure (SAML, OAuth).
• Evaluate and deploy application security tools in a DevOps environment.
• Building application security in cloud-based and virtualized environments.
• Participate in PCI certification and other audit and review processes.
• Participate in incident response and architecture review processes.
• Regular, dependable attendance and punctuality.
Qualifications:
Education/Experience:
• B.S. Computer Science, Software Engineering or equivalent experience.
• 5 years of hands-on coding experience in application engineering with a demonstrated understanding of core secure coding concepts.
• Experience with implementing automated testing. Familiarity with security testing tools for SAST, DAST, IAST, RASP and Pen Testing a plus.
• Experience working in a continuous delivery or devops team a plus.
• Familiarity with federated identity and SSO technologies and Unix security features.
• Expertise with security solutions for data and web services.
• Familiarity with agile development principles sufficient to integrate security controls without unnecessarily impeding overall project velocity.
• Demonstrated ability to establish and maintain strong partner relationships.
• Certification in information systems security, or willingness to obtain certifications.
• Demonstrated software engineering experience in programming languages such as Java, JavaScript, C, C , C#, PHP, Objective C.
• Experience with Mainframes and COBOL a plus.
• Curiosity, openness to new ideas and a willingness to learn and adapt are essential for success in this role.
Communication Skills:
• Excellent written and verbal communication skills.
• Must be able to effectively discuss security-related topics with technical and non-technical audiences.
Reasoning Ability:
• Must be able to work independently with minimal supervision.
• Must be comfortable working in a fast evolving field; this position requires the ability to quickly absorb new information and concepts, and develop a working understanding of new technologies on a regular and ongoing basis.
Work Hours:
• Ability to work a flexible schedule based on department and store/company needs.
Company Profile:
Macy’s Inc. is one of the nation’s premier retailers. With fiscal 2016 sales of $25.778 billion and approximately 140,000 employees, the company operates more than 700 department stores under the nameplates Macy’s and Bloomingdale’s, and approximately 125 specialty stores that include Bloomingdale’s The Outlet, Bluemercury and Macy’s Backstage. Macy’s, Inc. operates stores in 45 states, the District of Columbia, Guam and Puerto Rico, as well as macys.com, bloomingdales.com and bluemercury.com. Bloomingdale’s stores in Dubai and Kuwait are operated by Al Tayer Group LLC under license agreements. Macy’s, Inc. has corporate offices in Cincinnati, Ohio and New York, New York.
This job description is not all inclusive. Macy’s Inc. reserves the right to amend this job description at any time. Macy's Inc. is an Equal Opportunity Employer, committed to a diverse and inclusive work environment.
Unable to retrieve job information. This job may not be available anymore. Sorry for the inconvenience. Posted: 30+ days ago
About Macy's Inc.
Macy's, Inc., with corporate offices in Cincinnati and New York, is one of the nation's premier retailers, with fiscal 2015 sales of $27.079 billion. The company operates about 870 stores in 45 states, the District of Columbia, Guam and Puerto Rico unde... more
