Sr Engineer, Information Security

About The Position

Requirements

• Bachelor’s degree in Computer Science, CIS, Engineering, Cybersecurity, or related field, or equivalent years of experience in lieu of education requirement, if applicable
• 5 years of experience in technology system support, software development, or a related field
• 2 years of experience with information security applications and systems.
• 2 years of experience in IAM or Vulnerability Management.
• 2 years of scripting experience using Python, JavaScript, and Node.js

Nice To Haves

• Master’s degree in Computer Science, CIS, Business Administration, or related field
• 3 years of experience evaluating entire applications (Container, Infrastructure, host platform) to identify potential threats and vulnerabilities
• 1 year of DevOps experience
• 3 years of experience evaluating entire applications (Container, Infrastructure, host platform) to identify potential threats and vulnerabilities
• 3 years of experience in the custom enhancement or development of applications using secure coding techniques to reduce the threat of remote or local vulnerabilities
• 5 years of IT experience developing and implementing business systems within an organization
• 5 years of experience working with defect or incident tracking software
• 5 years of experience writing technical documentation in a software development environment
• 3 years of experience working with an IT Infrastructure Library (ITIL) framework
• 3 years of experience leading teams, with or without direct reports
• 5 years of experience working with source code control systems
• Experience working with Continuous Integration/ Continuous Deployment tools
• Experience with Cloud technologies
• PCI ISA OSCP GPen

Responsibilities

• Lead the design, construction, and enhancement of advanced cybersecurity platforms, leveraging expert-level scripting methodologies and custom code development to ensure superior security infrastructure and resilience.
• Lead the implementation and maintenance of assigned information security solutions to ensure successful deployment and operation; develops and documents detailed standards (e.g., guidelines, processes, procedures)
• Assist the Information Security team in monitoring security systems, reviewing logs, and managing information security systems.
• Collaborate with other technology teams, including Engineering, to design and implement remediation solutions.
• Identifies reports and provides assistance during information security incidents as part of an Incident Response Team; reviews and responds to security alerts to investigate malicious activity.
• Support evaluation of new security technologies that address both current and future needs based on emerging threats and industry trends
• Keep up to date with exploits relevant to the retail sales environment.
• Solve complex architecture/design and business problems; solutions are extensible; works to simplify, optimize, remove bottlenecks, etc.
• Provide mentoring and guidance to more junior-level engineers; may provide feedback and direction on specific engineering tasks.
• Respond to escalated security issues for enterprise systems; facilitates advanced diagnosis and troubleshooting when necessary.
• Provide input into security breach response procedures; helps lead security breach response activities.
• Lead break/fix activities, escalating problems to senior management and/or vendors as appropriate.
• Analyze the output of industry-standard cybersecurity tools and identify remediations to reduce risk and exposure of applications.
• Complete custom enhancements of applications using secure coding techniques to reduce the threat of remote or local vulnerabilities
• Evaluate entire applications (Container, Infrastructure, host platform) to identify potential threats and vulnerabilities.
• Design, build, and enhance automated security services and internal platforms, using advanced scripting and software engineering practices to improve the accuracy, efficiency, and scalability of security capabilities across the enterprise.
• Lead implementation and ongoing maintenance of DevSecOps-driven security solutions, ensuring they are well-documented, reliable, and aligned with enterprise standards, guidelines, and operational practices.
• Develop API integrations, data pipelines, and automated workflows that collect, normalize, and present security data to partner teams, enabling measurable and actionable security insights.
• Collaborate closely with security and engineering teams to translate requirements into practical, automated solutions—often supporting teams without development expertise by engineering tools and processes on their behalf.
• Maintain and enhance internal applications, including an Express.js–based platform, ensuring secure coding practices, high availability, and effective data handling.
• Support incident response activities by providing engineering expertise, tool automation, and data enrichment that improve investigation and remediation accuracy.
• Evaluate emerging security technologies, automation tools, and engineering approaches to address current and future security needs; participates in technical proofs of concept and adoption planning.
• Identify opportunities to simplify or optimize existing security workflows, removing bottlenecks and improving the reliability and consistency of automated security processes.
• Provide technical mentorship and guidance to junior engineers on the DevSecOps team, particularly in automation, scripting, and secure development techniques.
• Respond to escalations relating to the team’s automation services and internal applications, performing advanced troubleshooting and coordinating with partner teams or vendors when necessary.
• Analyze outputs from security tools and data sources—such as vulnerability, configuration, or access management systems—to identify systemic issues and develop automated remediation or reporting solutions.
• Review applications, containers, and supporting infrastructure components to identify vulnerabilities and misconfigurations; contribute engineering solutions that reduce risk exposure through automation rather than manual processes.