Macy's is proudly America's Department Store. For more than 160 years, Macy's has served generations at every stage of their lives. Customers come to us for fashion, value and celebration. Now is an exciting time to join Macy's, Inc. The face of retail is changing, and change requires innovation.
Macy's Tech provides modern tools, platforms, and services to all parts of the business. Our team supports millions of customers in connected commerce across the technology hub at Macy's Join our team to help shape the future of E-commerce and set the pace in retail technology. Whether focused on store technology, supply chain tech, application security, merchandising systems, or the mobile app - you'll have opportunities to grow your career while finding meaningful ways to make a difference.
The Staff Threat Intel Engineer will be responsible for monitoring and analyzing threat intelligence from a wide range of sources to determine risk and impact to Macy's. The Threat Intel Engineer shall track remediation and mitigation efforts in addition to disseminating the threat Intel to downstream systems
This position will investigate normal and escalated security events to determine risk and exposure and perform additional forensics investigations to understand impact and mitigation. This position will mentor more junior level Analysts as a technical leader and work closely with them to manage & resolve multiple incidents simultaneously and prioritize based on risks. This position requires the individual to understand vulnerabilities, exploitation, ransomware, threat hunting and incident response to work closely with other colleagues in the threat hunting space, penetration testing and Intel.
The Staff, Threat Intel Engineer should have experience and understanding of multiple security platforms and layers including Anti-virus, Firewalls, Proxy servers, Intrusion Prevention Systems, Logging Correlation/management, Operating systems, Protocols and Incident Response. Perform other duties as assigned.
Daily research and intelligence analysis across multiple sources to understand current risk exposure. Creates reports to display threat trends and overall statistics based on correlated Intel and event data to produce monthly management reports. Responds to escalated security events or incidents and implements countermeasures to reduce and/or mitigate further exposure. The Analyst performs triage on events which are reported by various detection devices to filter out things such as false positives and known accepted activities. Leads and manages security investigations from discovery to resolution and works as an incident response manager for each security incident. Responsible for mentoring, training and support of other Engineers. The Information Security Response Engineers provides 24x7 monitoring of security detection devices in order to detect potential attacks as they occur and to provide information to on previous malicious network attacks. Creates and implements standard operating procedures and processes to help streamline investigations, daily monitoring and analysis research to ensure all analysts are effective and following the same guidelines. Consistently demonstrates regular, dependable attendance and punctuality.
Bachelor's degree and 4+ years of experience in IT or Information Security preferred. Understanding of Incident response methodologies and assist with coordinating security incidents. Perform Open Source Intelligence (OSINT) collection activities, analysis, reporting. Monitor internal and external cyber threat sources for new threats and/or exploitation techniques and determine the impact to Macy's. Deep knowledge and experience with MITRE ATT&CK or NIST Cyber Security framework Working experience with Threat Intel Platforms like MISP and ThreatConnect Ability to identify common network and web site attacks such as SQL injection, cross site scripting, remote file inclusion and cookie manipulation. Advanced Experience in gathering, assessing and distributing threat intelligence Ability to perform IDS/IPS Real Time monitoring analysis and/or network forensics. Knowledge or skill to create correlation rules to detect threats. Ability to understand, analyze and correlate security events and implement counter-measures to mitigate against intrusion attacks. Maintaining security monitoring and reporting appliances in addition to leading and analyzing security reporting. Have experience with using or managing SIEM technologies (ELK/LogRhythm). Strong knowledge of TCP/IP, HTTP, FTP, cookies, authentication, virus scanning, web servers, TLS/encryption and reporting packages. An understanding of a wide array of server grade applications to include Office 365, DNS, SMTP, IIS, Apache, SharePoint, Active Directory, Identity Management, Patch Management, LDAP, SQL, and others. Experience with a host based FIM (File Integrity Monitoring) solutions and a working knowledge of VPN Remote Access Technologies. Experience or working knowledge of Authentication technologies like Radius or Tacacs. Working knowledge of Two-Factor Authentication solutions. Working knowledge of Intrusion Detection/Prevention Systems.
Excellent written and verbal communication skills. Ability to create detailed and/or focused documentation, reports or standard procedures. Instructs users on advanced features/functions of business and multiple applications software. Writes clear problem descriptions and instructions to aid other individuals or groups in problem duplication and resolution.
Basic math functions such as addition, subtraction, multiplication, division, and analytical skills.
Must be able to work independently with minimal supervision and make sound decisions. Have an understanding and working knowledge of regulatory and audit mandates to ensure environments meet PCI, FFIEC, SOX and corporate standards. Understanding of web applications authentication, session management, requests, form submission processes.
This position involves regular walking, standing, sitting for extended periods of time, hearing, and talking. May occasionally involve stooping, kneeling, or crouching. May involve close vision, color vision, depth perception, focus adjustment, and viewing computer monitor for extended periods of time. Involves manual dexterity for using keyboard, mouse, and other office equipment. May involve moving or lifting items under 10 pounds.
Ability to work a flexible schedule based on department and company needs.
This job description is not all-inclusive, and Macy's Inc. reserves the right to amend this job description at any time. Macy's Inc. is an Equal Opportunity Employer and is committed to a diverse and inclusive work environment. Candidates for positions in San Francisco ONLY can review their rights and the Company's obligations under SFPC Art. 49 here. Candidates for positions in Los Angeles ONLY can review their rights and the Company's obligations under LA MC Ch. XVIII Art. 9 here. Candidates for positions in Philadelphia ONLY can review their rights and the Company's obligations under PC Ch. 9-3500 here.