Staff Security Engineer - Cyber Security

Macy's•Johns Creek, GA

About The Position

Macy’s is seeking a Staff Information Security Engineer to join its Cloud Security team. This position plays a pivotal role in designing, implementing, and operating secure solutions across the enterprise. As a recognized technical leader, the engineer will provide guidance on information security concepts, ensuring that Macy’s systems and processes align with business objectives while maintaining a strong security posture. The role involves leading security planning, assessment, testing, and implementation activities, as well as documenting standards, policies, and procedures. The engineer will mentor team members, coordinate resources, and define configuration and operational requirements for security projects. Collaboration with Infrastructure, divisional, and Domain management is central, as is providing technical leadership to Platform & Development teams. The ideal candidate is curious, creative, and tenacious, with a passion for cloud security and continuous learning. They will drive improvements in visibility, manageability, and resilience of Macy’s GCP and Azure platforms, while sharing knowledge and fostering growth across the team. This is an opportunity to make a meaningful impact on Macy’s security landscape and contribute to the future of secure, innovative cloud solutions.

Requirements

Deep knowledge of enterprise security architectures, technologies, protocols, and configurations; ability to assess system vulnerabilities, design secure solutions, and guide implementation aligned with business needs.
Proficient in evaluating risks, conducting vulnerability analyses, interpreting complex technical data, and generating clear, actionable risk statements to strengthen the company’s security posture.
Strong ability to lead complex security initiatives, define scope and deliverables, coordinate resources, manage timelines, drive stakeholder alignment, and ensure successful project completion.
Excellent written and verbal communication skills, with the ability to articulate technical concepts to non-technical audiences, influence decision-making, and represent leadership in meetings, briefings, and executive updates.
Comprehensive understanding of large-scale enterprise systems—including cloud, mobile, wireless, messaging, directory services, DNS, databases, collaboration tools, virtualization, and multiple operating systems - to ensure secure design and operations.
Ability to evaluate vendors, tools, and methodologies; recommend technology investments; identify resource needs; and contribute meaningfully to security strategy, standards, and policies.
Skilled at coaching and developing junior associates, providing guidance on technical standards, best practices, and problem-solving approaches.
Expert-level troubleshooting and analytical skills, including the ability to resolve high-complexity issues, synthesize data trends, and provide escalation support to primary technical teams.
Demonstrated ability to manage multiple projects, balance competing priorities, and adjust to evolving business and security needs while maintaining high-quality outcomes.
Strong initiative and ownership mindset, with a commitment to driving secure solutions, improving processes, and ensuring the effective delivery of security programs.

Nice To Haves

Candidates with a Bachelor’s degree or equivalent work experience in a related field are encouraged to apply.
7+ years of direct experience.
Regularly required to sit, talk, hear; use hands/fingers to touch, handle, and feel. Occasionally required to move about the workplace and reach with hands and arms. Requires close vision.
Able to work a flexible schedule based on department and company needs.

Responsibilities

Partner with Development and Platform teams to assess needs, identify security gaps, and translate requirements into secure specifications.
Define security architectures, standards, and compliance requirements; conduct vulnerability analyses and risk assessments; and implement preventive, detective, and reactive measures.
Lead security initiatives and project teams by managing scope, objectives, deliverables, and stakeholder expectations, ensuring successful execution.
Drive a “security as code” approach by building and maintaining Terraform Policy as Code modules, developing self service workflows, and embedding security earlier in the development lifecycle (“shift left”).
Continuously improve the security posture baseline by defining metrics, conducting assessments, and creating response plans.
Mentor and coach Security Analysts, providing guidance and expertise to support their professional growth.
Collaborate closely with managed service providers, vulnerability management, and incident response teams to strengthen operational resilience.
Provide expert level support for complex security issues and ensure consistent, accurate documentation of standards, configurations, and procedures.
Participate in on call and change rotations to support ongoing operations.
Demonstrate regular, dependable attendance and punctuality to ensure consistent delivery.
In addition to the essential duties mentioned above, other duties may be assigned.

Benefits

Comprehensive health and wellness coverage
401(k) match
Paid time off
Eight paid holidays
Continuous learning and leadership development
Merchandise discounts
Performance-based incentives
Annual merit review
Employee Assistance Program with mental health counseling and legal/financial advice
Tuition reimbursement