Johns Creek, Fulton, US
Text size
aA+ aA-
Click here to print

Security Engineer Lead - Threat Hunting

Country : USA USA

State : Georgia

County : Fulton County

Town : Johns Creek

Category : Logistics

Contract type : Permanent

Availability : Full time

Company presentation

Macy's is proudly America's Department Store. For more than 160 years, Macy's has served generations at every stage of their lives. Customers come to us for fashion, value and celebration. Now is an exciting time to join Macy's, Inc. The face of retail is changing, and change requires innovation.
Macy's Tech provides modern tools, platforms, and services to all parts of the business. Our team supports millions of customers in connected commerce across the technology hub at Macy's Join our team to help shape the future of e-commerce and set the pace in retail technology. Whether focused on store technology, supply chain tech, application security, merchandising systems, or the mobile app - you'll have opportunities to grow your career while finding meaningful ways to make a difference.
Job Overview
The Lead, Threat Hunter will monitor and investigate normal and escalated security events to determine risk and exposure and perform additional forensics investigations to understand impact and mitigation. This position will actively hunt within our tools for TTPS used by threat actors to detect malicious activities or events. Work side-by-side with our Lead Threat Intel engineers, Staff Threat Hunter, Incident Response and Vulnerability teams to analyze and examine new threats and assess the risk to Macy's Inc.
The Lead, Threat Hunter should have experience and understanding of multiple security platforms and layers including Network/Host EDR, Anti-Virus/Anti-Malware, Firewalls, Proxy servers, Intrusion Prevention Systems, Logging Correlation/management, Operating systems, Protocols and Incident Response.

Job description

Essential Functions:

  • Responds to escalated security events or incidents and implements counter-measures to reduce and/or mitigate further exposure. The Threat Hunter performs triage on events which are reported by various detection devices to filter out things such as false positives and known accepted activities.
  • Leads and manages security investigations from discovery to resolution and works as an incident response leader for each security incident and accountable to Threat Hunt findings developed.
  • Creates reports to display trends and overall statistics based on correlated security incidents and event data to produce monthly exception and management reports.
  • Responsible for mentoring, training and support of other Engineers.
  • Participate in Purple team exercises and provide guidance & recommendations on risk/gaps.
  • Creates and implements standard operating procedures and processes to help streamline investigations, daily monitoring and analysis research to ensure all analysts are effective and following the same guidelines.
  • Consistently analyzing Threat Feeds for new threats and implementing mitigations against new attacks.




  • Bachelor's degree and 4+ years of experience in Information Security preferred.
  • Understanding of Incident response methodologies and assist with coordinating security incidents.
  • Stay current on threat actors and Advanced Persistent Threats (APT) and help to implement mitigation and/or detection against techniques, tools, and procedures (TTP).
  • Pro-efficient in Elastic (ELK) Queries to monitor, hunt or detection anomalies
  • In-depth knowledge in Operating Systems (Windows, Linux, Mac) to understand event-ids, registry, filemods, processes and network connections.
  • Ability to identify common network and web site attacks such as SQL injection, cross site scripting, remote file inclusion and cookie manipulation.
  • Experience with Threat Intel feeds and analyzing IOCs
  • Ability to perform IDS / IPS real-time monitoring analysis and/or network forensics.
  • Knowledge or skill to create correlation rules (ELK Signals) to detect threats
  • Ability to understand, analyze and correlate security events and implement counter-measures to mitigate against attacks.
  • Experience performing Purple Teaming Exercises
  • In-Depth knowledge of Windows based attacks via powershell, file injection/manipulation, etc.
  • Strong knowledge of TCP/IP, HTTP, FTP, cookies, authentication, virus scanning, web servers, SSL/encryption and reporting packages.
  • An understanding of a wide array of server grade applications to include Microsoft Office 365, DNS, SMTP, IIS, Apache, SharePoint, Active Directory, Identity Management, Patch Management, LDAP, SQL, and others.
  • Experience with a host based FIM (File Integrity Monitoring) solutions and a working knowledge of VPN Remote Access Technologies.
  • Working knowledge of Two-Factor Authentication solutions.
  • Ability to decode and understand traffic flow at packet level traces (skilled with TCPDUMP, PCAPs, traffic generators, etc.).
Communication Skills:

  • Excellent written and verbal communication skills.
  • Strong ability to verbally socialize findings and observations to a less technical audience.
  • Ability to create detailed and/or focused documentation, reports or standard procedures.
  • Instructs users on advanced features/functions of business and multiple applications software.
  • Writes clear problem descriptions and instructions to aid other individuals or groups in problem duplication and resolution.
Mathematical Skills:

  • Basic math functions such as addition, subtraction, multiplication, division, and analytical skills.
Reasoning Ability:

  • Must be able to work independently with minimal supervision and make sound decisions.
  • Have an understanding and working knowledge of regulatory and audit mandates to ensure environments meet PCI, FFIEC, SOX and corporate standards.
  • Understanding of web applications authentication, session management, requests, form submission processes.
Physical Demands:

  • This position involves regular walking, standing, sitting for extended periods of time, hearing, and talking.
  • May occasionally involve stooping, kneeling, or crouching.
  • May involve close vision, color vision, depth perception, focus adjustment, and viewing computer monitor for extended periods of time.
  • Involves manual dexterity for using keyboard, mouse, and other office equipment.
  • May involve moving or lifting items under 10 pounds.
Click here to print

Fashion Jobs

Asset Protection Door Guard

| Permanent | Lawrenceville