Lead Security Engineer - Threat Management and Response

Be part of an amazing story.

Macy's is more than just a store. We're a story. One that's captured the hearts and minds of America for more than 160 years. A story about innovations and traditions...about inspiring stores and irresistible products...about the excitement of the Macy's 4th of July Fireworks, and the wonder of the Thanksgiving Day Parade. We've been part of memorable moments and milestones for countless customers and colleagues. Those stories are part of what makes this such a special place to work..

Job Overview

The Lead Incident Response Security Engineer oversees detection/alerting and response efforts across various platforms. This will drive root cause analysis, assessment of impact and guidance on automation initiatives to improve the efficiency and effectiveness of the entire Security Operations program. This role involves collaborating with team members to monitor and investigate both routine and escalated security events, assess risk and exposure, and conduct forensic investigations to understand the impact and mitigation. The Lead Incident Response Security Engineer also mentors other engineers, guiding them to manage and resolve multiple incidents simultaneously while prioritizing based on risk.

This is a position for an experienced Security Engineer that will receive minimal supervision from management and will be required to lead and make decisions on day-to-day activities and security initiatives. This position will be required to have good written and oral communication skills to present the results of the technical analysis and research of alerting methodologies and automation initiatives. The Lead makes decisions based on security events as they arise, providing final recommendations to management regarding actions taken, incident status, and potential exposure or risks. The Lead Engineer remains actively engaged with management, offering updates and assisting in decision-making related to ongoing security incidents or risk exposure. Additionally, the Lead is responsible for improving and implementing standard operating procedures to increase efficiency. The Lead also participates in proof-of-concept product testing, evaluating how new tools and products can be integrated into daily activities and forensic investigations, and assessing their impact on the team. The Lead has the authority to determine whether a security event is a false positive or a real security incident, mentoring junior engineers in making this assessment.

What You Will Do

• Respond to escalated security events or incidents, implementing countermeasures to reduce or mitigate further exposure.
• Perform triage on events reported by various detection devices, filtering out false positives and known accepted activities.
• Lead and manage security investigations from discovery to resolution, acting as the incident response manager for each security incident.
• Generate reports to identify trends and provide overall statistics based on correlated security incidents and event data, producing monthly exception and management reports.
• Mentor, train, and support Level 1 Engineers, helping them grow in their roles.
• Develop and implement standard operating procedures and processes to streamline investigations, daily monitoring, and analysis. Ensure all analysts are following the same guidelines to maintain consistency and effectiveness.
• Consistently demonstrate reliable attendance and punctuality.
• Foster an environment of acceptance and respect that strengthens relationships, and ensures authentic connections with colleagues, customers, and communities
• In addition to the essential duties mentioned above, other duties may be assigned.

Skills You Will Need

• 5+ years direct experience
• Experience working with Host Security Event Logs.
• Working knowledge of Host or Network based Honeypots.
• Have an understanding and working knowledge of regulatory and audit mandates to ensure environments meet PCI, FFIEC, SOX and corporate standards.
• Understanding of web applications authentication, session management, requests, form submission processes.
• Ability to identify common network and web site attacks such as SQL injection, cross site scripting, remote file inclusion and cookie manipulation.
• Ability to decode and understand netflow and traffic flow at packet level traces (skilled with TCPDUMP, PCAPs, traffic generators, etc.).
• Knowledge or skill to create correlation rules to detect threats.
• Ability to understand, analyze and correlate security events and implement counter-measures to mitigate against intrusion attacks.
• Maintaining security monitoring and reporting appliances in addition to leading and analyzing security reporting.
• Experience or working knowledge of various networking devices and/or technologies like routers, switches and aggregators.
• Have experience with using or managing SIEM technologies.
• Strong knowledge of TCP/IP, HTTP, FTP, cookies, authentication, virus scanning, web servers, SSL/encryption and reporting packages.
• An understanding of a wide array of server grade applications to include Lotus Notes, Exchange, DNS, SMTP, IIS, Apache, SharePoint, Active Directory, Identity Management, Patch Management, LDAP, SQL, and others.
• Experience with a host based FIM (File Integrity Monitoring) solutions.
• Experience or working knowledge of Authentication technologies like Radius or Tacacs.
• Working knowledge of Two-Factor Authentication solutions.
• Working knowledge of Intrusion Detection Systems/Technologies.
• Practices open and continuous communication, values keeping others informed, effectively presenting information in a clear, concise manner.
• Excellent leadership, facilitation, and interpersonal skills, with the ability to work across functional lines and at many levels.
• Ability to think creatively, strategically and technically
• Ability to work a flexible schedule based on department and Company needs

Who You Are

• Candidates with a Bachelor's degree or equivalent work experience in a related field are encouraged to apply. 5+ years of experience in Information Security or an equivalent combination of education and experience.
• Regularly required to sit, talk, hear; use hands/fingers to touch, handle, and feel. Occasionally required to move about the workplace and reach with hands and arms. Requires close vision.
• Able to work a flexible schedule based on department and company needs.

What We Can Offer You

Join a team where work is as rewarding as it is fun! We offer a dynamic, inclusive environment with competitive pay and benefits. Enjoy comprehensive health and wellness coverage and a 401(k) match to invest in your future. Prioritize your well-being with paid time off and eight paid holidays. Grow your career with continuous learning and leadership development. Plus, build community by joining one of our Colleague Resource Groups and make a difference through our volunteer opportunities.

Some additional benefits we offer include:

• Merchandise discounts
• Performance-based incentives
• Annual merit review
• Employee Assistance Program with mental health counseling and legal/financial advice
• Tuition reimbursement

Access the full menu of benefits offerings here.

About Us

This is a great time to join Macy's! Whether you're helping a customer find the perfect gift, streamlining operations in one of our distribution centers, enhancing our online shopping experience, buying in-style and on-trend merchandise to outfit our customers, or designing a balloon for the Thanksgiving Day Parade, we offer unique opportunities to be part of some of the most memorable moments in people's lives.

Join us and help write the next chapter in our story - Apply Today!

This job description is not all-inclusive. Macy's, Inc. reserves the right to amend this job description at any time. Macy's, Inc. is an Equal Opportunity Employer, committed to a diverse and inclusive work environment.

LEGALRE00

TECH00