Skip Navigation
Loading...

Sr. Security Engineer (Hybrid in Irvington, NY)



Corporate

Irvington, NY
 • 
ID: 305111-616
 • 
Full-Time/Regular

**This is a hybrid role with 1-2 days/week in the office in Irvington, NY.  We are seeking candidates who will not require sponsorship now or in the future**

We are seeking a Senior IT Security Engineer to serve as the primary owner of information security across EILEEN FISHER’s entire technology landscape. This is a hands-on leadership role responsible for managing all aspects of IT security—from PCI-DSS compliance and IT governance to WAF management, e-commerce protection, and safeguarding the systems and devices used by employees across retail, corporate, and remote environments. The ideal candidate is a seasoned security professional who can operate independently, build and mature a security program, and serve as the go-to expert for all security matters within the organization.

Summary of Duties and Responsibilities:

PCI-DSS & Compliance Ownership

     Own end-to-end PCI-DSS compliance across all retail point-of-sale, e-commerce, and payment processing environments

     Lead annual PCI assessments, QSA engagements, and remediation tracking to ensure continuous compliance

     Maintain and enforce the cardholder data environment (CDE) scope, segmentation, and documentation

     Coordinate PCI evidence collection, SAQ/ROC preparation, and audit readiness across all relevant systems

 

IT Governance & Security Program Management

     Develop, implement, and continuously improve IT security policies, standards, and procedures aligned with business strategy and frameworks (NIST CSF, CIS Controls, ISO 27001)

     Lead the annual enterprise risk assessment process, tracking findings and driving remediation to closure

     Establish and report on security KPIs and metrics to IT leadership and the executive team

     Own the security technology roadmap and prioritize investments in tools, controls, and capabilities

 

WAF & E-Commerce Security

     Serve as the primary owner of the organization’s WAF provider relationship—managing configuration, tuning, rule sets, and escalations to protect e-commerce and customer-facing platforms

     Monitor and respond to WAF alerts, DDoS events, bot activity, and web application threats

     Secure payment gateways, APIs, and customer data flows in alignment with PCI-DSS and OWASP best practices

     Partner with the e-commerce and development teams to embed security into the SDLC and deployment workflows

 

Employee & Endpoint Security

     Oversee endpoint protection across all employee devices, including corporate laptops, retail POS terminals, and mobile devices

     Manage email security, IAM, SSO/MFA (Okta, Azure AD), and privileged access controls

     Design and deliver security awareness training to protect employees from phishing, social engineering, and insider threats

     Enforce policies for secure remote work, BYOD, and store-level IT environments

 

Security Operations

     Direct day-to-day security operations including network monitoring, SIEM management, IDS/IPS, vulnerability scanning, and patch management

     Supervise incident response activities from detection through post-incident review and lessons learned

     Manage certificate lifecycle, sensitive data handling, and encryption standards (TLS/SSL, PKI, key management)

     Conduct and coordinate penetration testing and vulnerability management programs, tracking remediation to resolution

 

Cloud & Infrastructure Security

     Own security controls across cloud environments (AWS, Azure) including IAM, security groups, logging, and compliance tooling

     Collaborate with IT infrastructure teams to harden systems, enforce least-privilege, and maintain secure baselines

     Ensure secure configurations for SaaS applications, APIs, and third-party integrations

PERFORMS OTHER RELATED DUTIES AND ASSIGNMENTS AS REQUIRED.


Required Experience

Education:  Bachelors degree in Computer Science or equivalent experience.
 

•     7+ years of progressive IT security experience, with at least 3 years in a senior or lead security role

•     Demonstrated end-to-end ownership of PCI-DSS compliance—including QSA engagement, CDE scoping, SAQ/ROC preparation, and continuous compliance across retail POS and e-commerce channels

•     Hands-on experience managing WAF platforms (e.g., Cloudflare, Imperva, Akamai, AWS WAF) including rule tuning, alert response, and vendor relationship management

•     Experience securing e-commerce environments: payment gateways, APIs, and customer data in alignment with PCI-DSS and OWASP Top 10

•     Proven experience building and managing IT governance programs—policies, risk assessments, KPIs, and security roadmaps

•     Ability to manage security across a distributed workforce including retail stores, corporate offices, and remote employees

•     Experience with cloud security across AWS and/or Azure (IAM, security groups, logging, Microsoft Defender, Azure Defender)

•     Strong knowledge of identity and access management (IAM), SSO/MFA (Okta, Azure AD/Entra ID), and privileged access controls

•     Experience with SIEM platforms, IDS/IPS, endpoint detection & response (EDR), and vulnerability management tools

•     Strong understanding of encryption, TLS/SSL, PKI, and key management

•     Scripting/automation skills in Python, Bash, or PowerShell

•     Excellent communication skills with the ability to present security risk to executive and non-technical audiences

•     Industry certifications preferred: CISSP, CISM, PCI-ISA/QSA, or equivalent

The salary range for this position is $120,000 - 135,000/year depending on relevant experience. We offer a competitive total package, including health benefits, generous paid time off, wellness reimbursement, etc.
 
EILEEN FISHER, Inc. is an equal-opportunity employer and is committed to providing a workplace free from harassment and discrimination. We are committed to recruiting, hiring, training and promoting qualified people of all backgrounds, and make all employment decisions without regard to any protected status.

 


close