Lead Security Engineer - Threat Management and Response (Remote)

Bring Your Amazing Self to Work

At Macy's, Inc. we're on a mission to create a brighter future with bold representation for all. This is our Mission Every One. We know that each person here is unique. So we respect and invest in each individual to create growth, pride, and satisfaction. If we are able to bring our whole selves to work, it translates into a more abundant and wider array of ideas and energy for all to benefit from. Our success will be built on amazing colleagues, working together.

Job Overview

The Lead Incident Response Security Engineer oversees detection/alerting and response efforts across various platforms. This will drive root cause analysis, assessment of impact and guidance on automation initiatives to improve the efficiency and effectiveness of the entire Security Operations program. This role involves collaborating with team members to monitor and investigate both routine and escalated security events, assess risk and exposure, and conduct forensic investigations to understand the impact and mitigation. The Lead Incident Response Security Engineer also mentors other engineers, guiding them to manage and resolve multiple incidents simultaneously while prioritizing based on risk.

This is a position for an experienced Security Engineer that will receive minimal supervision from management and will be required to lead and make decisions on day-to-day activities and security initiatives. This position will be required to have good written and oral communication skills to present the results of the technical analysis and research of alerting methodologies and automation initiatives. The Lead makes decisions based on security events as they arise, providing final recommendations to management regarding actions taken, incident status, and potential exposure or risks. The Lead Engineer remains actively engaged with management, offering updates and assisting in decision-making related to ongoing security incidents or risk exposure. Additionally, the Lead is responsible for improving and implementing standard operating procedures to increase efficiency. The Lead also participates in proof-of-concept product testing, evaluating how new tools and products can be integrated into daily activities and forensic investigations, and assessing their impact on the team. The Lead has the authority to determine whether a security event is a false positive or a real security incident, mentoring junior engineers in making this assessment.

What You Will Do

• Respond to escalated security events or incidents, implementing countermeasures to reduce or mitigate further exposure. 
• Perform triage on events reported by various detection devices, filtering out false positives and known accepted activities.
• Lead and manage security investigations from discovery to resolution, acting as the incident response manager for each security incident.
• Generate reports to identify trends and provide overall statistics based on correlated security incidents and event data, producing monthly exception and management reports.
• Mentor, train, and support Level 1 Engineers, helping them grow in their roles.
• Develop and implement standard operating procedures and processes to streamline investigations, daily monitoring, and analysis. Ensure all analysts are following the same guidelines to maintain consistency and effectiveness.
• Consistently demonstrate reliable attendance and punctuality.
• In addition to the essential duties mentioned above, other duties may be assigned.

Skills You Will Need

• 5+ years direct experience
• Experience working with Host Security Event Logs.
• Working knowledge of Host or Network based Honeypots. 
• Have an understanding and working knowledge of regulatory and audit mandates to ensure environments meet PCI, FFIEC, SOX and corporate standards.
• Understanding of web applications authentication, session management, requests, form submission processes. 
• Ability to identify common network and web site attacks such as SQL injection, cross site scripting, remote file inclusion and cookie manipulation. 
• Ability to decode and understand netflow and traffic flow at packet level traces (skilled with TCPDUMP, PCAPs, traffic generators, etc.). 
• Knowledge or skill to create correlation rules to detect threats.
• Ability to understand, analyze and correlate security events and implement counter-measures to mitigate against intrusion attacks.
• Maintaining security monitoring and reporting appliances in addition to leading and analyzing security reporting.
• Experience or working knowledge of various networking devices and/or technologies like routers, switches and aggregators.
• Have experience with using or managing SIEM technologies.
• Strong knowledge of TCP/IP, HTTP, FTP, cookies, authentication, virus scanning, web servers, SSL/encryption and reporting packages.
• An understanding of a wide array of server grade applications to include Lotus Notes, Exchange, DNS, SMTP, IIS, Apache, SharePoint, Active Directory, Identity Management, Patch Management, LDAP, SQL, and others.
• Experience with a host based FIM (File Integrity Monitoring) solutions.
• Experience or working knowledge of Authentication technologies like Radius or Tacacs.
• Working knowledge of Two-Factor Authentication solutions.
• Working knowledge of Intrusion Detection Systems/Technologies.
• Practices open and continuous communication, values keeping others informed, effectively presenting information in a clear, concise manner. 
• Excellent leadership, facilitation, and interpersonal skills, with the ability to work across functional lines and at many levels.
• Ability to think creatively, strategically and technically
• Ability to work a flexible schedule based on department and Company needs

Who You Are

• Dedicated to fulfilling ideals of diversity, inclusion, and respect that Macy’s aspires to achieve every day in every way.
• Candidates with a Bachelor’s degree or equivalent work experience in a related field are encouraged to apply. 5+ years of experience in Information Security or an equivalent combination of education and experience. 
• Regularly required to sit, talk, hear; use hands/fingers to touch, handle, and feel. Occasionally required to move about the workplace and reach with hands and arms. Requires close vision.
• Able to work a flexible schedule based on department and company needs.

What We Can Offer You

• An inclusive, challenging, and refreshingly fun work environment
• Competitive pay and benefits rooted in principles of equity
• Performance incentives and annual merit review
• Merchandise discounts
• Health and Wellness Benefits across medical, dental, vision, and additional insurance
• Retirement Savings Plan with 401k match opportunity
• Employee Assistance Program (mental health counseling and legal/financial advice)
• Resources for continuous learning, career growth, and leadership development
• 8 paid holidays
• Paid Time Off (first year prorated depending on start date)
• Tuition reimbursement program
• Colleague Resource Groups (CRGs) and give-back/volunteer opportunities
• Empowerment and autonomy to perform impactful work with tangible results

About Macy’

Now is an exciting time for a Macy's career as we continue to focus on creating exciting and memorable experiences for every Macy's customer, whether their journey starts online or in the store. Our opportunities in Sales, Merchandise, Operations, Customer Service, Warehouse, Marketing, and other areas let you express your creativity and commitment to excellence, grow your career and make a difference to your Macy's colleagues and customers.

Bring your creativity, energy, and ideas to the Macy's team – Apply Today!

LEGALRE00

TECH00