"Alerted.org

This is a hybrid role with 1-3 days in the office in Irvington, NY. We are seeking candidates who will not require sponsorship now or in the future

We are seeking a Security Engineer to join our team and protect the systems, networks, and data essential to our business. In this position, you will focus on securing our corporate IT infrastructure, maintaining regulatory compliance, and ensuring the safety of our e-commerce platforms.

Dimensions and Contacts

Internal Collaboration

The Security Engineer collaborates extensively with various cross-functional teams within the organization. These include IT Operations, Network Engineering, Software Development, Cloud Infrastructure, and Governance, Risk, and Compliance (GRC). In this capacity, the Security Engineer offers technical security guidance, supports project teams during the solution design phase, and works directly with system owners to implement secure configurations and controls.

Business Stakeholders

This role involves frequent interaction with product managers, business analysts, and departmental leaders to fully understand business requirements. The Security Engineer assesses the potential security impacts of business initiatives and communicates related risks in clear and actionable terms, ensuring all stakeholders remain informed and engaged.

Security and Incident Response

The Security Engineer coordinates closely with the Cybersecurity team, Security Operations Center (SOC) analysts, and incident responders during threat investigations, vulnerability remediation, and security events. The individual may also serve as a technical escalation point for security-related issues, providing expertise and leadership during critical incidents.

External Contacts

Interaction with external parties is a key aspect of this role. The Security Engineer engages with vendors, managed service providers, penetration testers, and auditors to evaluate new technologies, validate security controls, and support both security assessments and compliance activities for the organization.

Cross-Organizational Influence

The Security Engineer plays an influential role across the enterprise by providing security training, raising awareness, and offering consultation to various teams. Additionally, the individual contributes to architectural decisions and participates in the development of security policies and standards.

Summary of Responsibilities

+ Ensure that Eileen Fisher, Inc. consistently upholds PCI compliance across both retail and e-commerce channels.

+ Establish protection goals, objectives, and metrics in alignment with the corporate strategic plan and IT governance requirements. Lead the annual risk assessment and policy review processes.

+ Work with 3rd-party providers and vendors to configure, monitor, and optimize Web Application Firewalls (WAFs) to protect e-commerce and customer-facing websites.

+ Direct the development, implementation, and maintenance of IT security policies, standards, and procedures to support ongoing security efforts.

+ Provide day-to-day management for operational security responsibilities, including network, email, endpoint, application systems security, and system access controls.

+ Supervise incident response activities and investigations of security breaches, ensuring the appropriate dissemination of information related to such events.

+ Oversee patch management and additional security operations functions, including sensitive data handling and certificate management.

+ Review and analyze data from various security logging systems, scanners, and tools to identify potential threats and incidents.

+ Collaborate with IT infrastructure and application teams to embed security best practices within development and deployment workflows.

+ Maintain comprehensive security documentation, encompassing policies, standards, and procedures.

+ Design, implement, and sustain security technologies, tools, and processes (e.g., IDS/IPS, honeypot, SIEM, endpoint protection)

PERFORMS OTHER RELATED DUTIES AND ASSIGNMENTS AS REQUIRED.

Required SkillsRequired Experience

+ Minimum of 3-5 years of experience with managing all aspects of PCI Compliance

+ Experience with e-commerce security, including securing payment gateways, APIs, and customer data

+ Knowledge of web application security (OWASP Top 10, WAF, bot mitigation)

+ Experience configuring and managing honeypots, IDS/IPS, and endpoint protection

+ Familiarity with cloud security (AWS IAM, Microsoft Defender, Azure Defender, GCP Security Command Center)

+ Conducting penetration testing, vulnerability management, and remediation.

+ Experience with identity and access management (IAM) and SSO/MFA integrations (Okta, Azure AD,)

+ Strong understanding of encryption, TLS/SSL, PKI, and key management.

+ Scripting/automation skills in Python, Bash, or PowerShell.

+ Hands-on experience with SIEM solutions

+ Experience with securing AWS and Linux environments, preferably in a regulated environment subject to HIPAA or PCI-DSS

+ An automation-first mindset

+ Preferred certifications include:

o PCIP

o Security+ or SSCP

o Firewall/network

o Cloud security certification

Education: Bachelors degree or equivalent experience.

The salary range for this position is $80,000 - 100,000/year depending on relevant experience. We offer a competitive total package, including health benefits, generous paid time off, wellness reimbursement, etc.

EILEEN FISHER, Inc. is an equal-opportunity employer and is committed to providing a workplace free from harassment and discrimination. We are committed to recruiting, hiring, training and promoting qualified people of all backgrounds, and make all employment decisions without regard to any protected status.