Senior, Security Engineer - Cloud Security

Job Overview

The Senior, Security Engineer reviews, develops, and manages security solutions to reduce risk for Macy's, Inc. This role actively engages with management to provide timely updates and clear status, enabling informed decisions related to security risk exposure and operational stability.

• Translate business requirements into well-engineered, tested, and deployed application systems; provide ongoing production support.
• Partner with internal customers to identify efficient, cost-effective solutions and lead the design, development, testing, installation, and deployment of software applications.
• Develop solutions using a variety of software technologies, including new code development, enhancements to existing modules, configuration, and package implementation.
• Contribute to the development of new systems and applications for moderate to small projects with higher technical complexity, working from functional specifications.
• Perform coding and configuration in accordance with documented requirements, using standard procedures and best practices.
• Monitor the performance and operational efficiency of existing application systems and coordinate proactive maintenance.
• Review, analyze, and modify application systems, including coding, testing, debugging, and deployment for large-scale environments.
• Maintain accurate documentation of program development, changes, and revisions.
• Provide technical support and lead effective problem resolution for customer inquiries and production issues.
• Collaborate with technical leads across network, server, and application teams, as well as field services, project managers, data center operations, and subject matter experts, to integrate security controls into a cohesive, risk-mitigating architecture.
• Apply strong critical-thinking skills to assess issues, evaluate options, and drive sound technical decisions.
• Mentor and coach Security Analysts, providing guidance and expertise to support their development.
• Work closely with managed service providers and delivery, vulnerability, and incident response teams.
• Participate in on-call and change management rotations.
• Demonstrate consistent, dependable attendance and punctuality.
• Foster an environment of acceptance and respect that strengthens relationships, and ensures authentic connections with colleagues, customers, and communities.
• In addition to the essential duties mentioned above, other duties may be assigned.

Vulnerability Management & Risk Mitigation: Proven experience identifying, analyzing, and correlating technical vulnerabilities, implementing effective countermeasures, and remediating findings through patching or mitigation strategies.

Secure Software Development: Ability to translate business requirements into well-engineered, tested, and deployed application systems, applying secure coding best practices (including OWASP Top Ten) and enhancing existing modules or configurations.

Web & Network Security: Strong knowledge of TCP/IP, HTTP/HTTPS, cookies, SSL/encryption, authentication, session management, web servers (IIS, Apache), DNS, SMTP, LDAP, SQL, and server-grade applications.

Incident Response & Fraud Prevention: Experience defending web applications and e-commerce platforms from attacks such as DDoS, account takeover, gift card fraud, and checkout fraud, while coordinating with vulnerability and incident response teams.

Systems Monitoring & Operational Support: Skilled at monitoring performance and operational efficiency of application systems, performing proactive maintenance, and providing production support for complex environments.

Risk Assessment & Architecture: Ability to assess security risks across computer systems and applications, apply best practices, and contribute to secure, scalable architecture decisions.

Analytical & Problem-Solving

Skills:

Strong critical-thinking skills to evaluate complex issues, drive technical decisions, and provide effective solutions to production and customer-facing problems.

Documentation & Communication: Ability to create detailed technical documentation, write clear problem descriptions and instructions, and communicate effectively with cross-functional teams and leadership.

Leadership & Mentorship: Experience mentoring and coaching Security Analysts, providing guidance to support their professional growth, and leading security programs across functional teams.

Collaboration & Cross-Functional Partnership: Proven ability to work with network, server, application teams, field services, project managers, and service providers to integrate security controls into cohesive, risk-mitigating solutions.

Project Management & Strategic Thinking: Ability to manage multiple projects, handle conflicting responsibilities, think creatively and strategically about security architecture, and implement tactical security solutions aligned with organizational strategy.

• Candidates with a bachelor's degree or equivalent work experience in a related field are…