Job DescriptionJob OverviewThe Staff, Vulnerability Engineer is a specialist in Penetration Testing and Information Security Vulnerability Management. This hands-on role involves conducting penetration tests and vulnerability assessments on complex applications, operating systems, and wired and wireless networks. In response to an ever-changing threat landscape, they establish a proactive program to assess Macy's resilience against real-world tactics, techniques, and procedures (TTPs).
What You Will Do- Establish a risk-based approach for evaluating and prioritizing new and emerging threats.
- Stay current on emerging technology trends and the threat landscape, providing subject matter knowledge on specific adversarial threats and risks to assist with mitigation strategies.
- Design, coordinate, and lead simulations based on organizationally defined threat scenarios.
- Participate in reviewing and developing security strategies, best practices, policies, and procedures.
- Provide leadership, share knowledge, and mentor team members.
- Build working relationships with Macy's TMRC, leadership, and third parties to identify top threats.
- Develop standard Rules of Engagement for real-time testing.
- Document detailed findings, analysis, and recommendations.
Skills You Will NeedRegulatory Compliance: Strong knowledge of regulatory compliance requirements, including PCI-DSS, SOX, and GLBA.
Security Infrastructure: Advanced knowledge in security infrastructure design and architecture for both new implementations and existing infrastructure.
Enterprise Security: Experience in designing and implementing enterprise-wide security strategies, policies, and standards.
Threat Protection: Experience protecting large enterprise environments from internal and external attacks.
Vulnerability Management: Strong understanding of network, physical, application, and web security as it relates to vulnerability management. Advanced knowledge of common vulnerabilities, testing approaches, and remediation strategies.
Security Technologies: Expert understanding of current and emerging security technologies, defense strategies, and industry standards. Ability to determine and recommend security-related products and activities, influencing decision-making processes.
Interpersonal Skills: Advanced leadership, facilitation, and interpersonal skills to work across functional lines and at various levels.
Communication: Excellent written and verbal communication skills, with the ability to read, write, and interpret instructional documents.
Certifications: One or more certifications such as CISSP, OSCP, OSCE, OSWE, etc.
Who You Are- This role involves performing essential job functions such as communication, collaboration, and use of office and computer systems. Responsibilities include the ability to access and review written and electronic information, and to move within the work environment and interact with workplace materials as needed to carry out job responsibilities.
What We Can Offer You- An inclusive, challenging, and refreshingly fun work environment
- Competitive pay and benefits rooted in principles of equity
- Performance incentives and annual merit review
- Merchandise discounts
- Health and Wellness Benefits across medical, dental, vision, and additional insurance
- Retirement Savings Plan with 401k match opportunity
- Employee Assistance Program (mental health counseling and legal/financial advice)
- Resources for continuous learning, career growth, and leadership development
- 8 paid holidays
- Paid Time Off (first year prorated depending on start date)
- Tuition reimbursement program
- Colleague Resource Groups (CRGs) and give-back/volunteer opportunities
- Empowerment and autonomy to perform impactful work with tangible results