Sr. Security Engineer (Hybrid in Irvington, NY)
Indexed description
We are seeking a Senior IT Security Engineer to serve as the primary owner of information security across EILEEN FISHER’s entire technology landscape. This is a hands-on leadership role responsible for managing all aspects of IT security—from PCI-DSS compliance and IT governance to WAF management, e-commerce protection, and safeguarding the systems and devices used by employees across retail, corporate, and remote environments. The ideal candidate is a seasoned security professional who can operate independently, build and mature a security program, and serve as the go-to expert for all security matters within the organization.
Summary of Duties and Responsibilities:
PCI-DSS & Compliance Ownership
- Own end-to-end PCI-DSS compliance across all retail point-of-sale, e-commerce, and payment processing environments
- Lead annual PCI assessments, QSA engagements, and remediation tracking to ensure continuous compliance
- Maintain and enforce the cardholder data environment (CDE) scope, segmentation, and documentation
- Coordinate PCI evidence collection, SAQ/ROC preparation, and audit readiness across all relevant systems
- Develop, implement, and continuously improve IT security policies, standards, and procedures aligned with business strategy and frameworks (NIST CSF, CIS Controls, ISO 27001)
- Lead the annual enterprise risk assessment process, tracking findings and driving remediation to closure
- Establish and report on security KPIs and metrics to IT leadership and the executive team
- Own the security technology roadmap and prioritize investments in tools, controls, and capabilities
- Serve as the primary owner of the organization’s WAF provider relationship—managing configuration, tuning, rule sets, and escalations to protect e-commerce and customer-facing platforms
- Monitor and respond to WAF alerts, DDoS events, bot activity, and web application threats
- Secure payment gateways, APIs, and customer data flows in alignment with PCI-DSS and OWASP best practices
- Partner with the e-commerce and development teams to embed security into the SDLC and deployment workflows
- Oversee endpoint protection across all employee devices, including corporate laptops, retail POS terminals, and mobile devices
- Manage email security, IAM, SSO/MFA (Okta, Azure AD), and privileged access controls
- Design and deliver security awareness training to protect employees from phishing, social engineering, and insider threats
- Enforce policies for secure remote work, BYOD, and store-level IT environments
- Direct day-to-day security operations including network monitoring, SIEM management, IDS/IPS, vulnerability scanning, and patch management
- Supervise incident response activities from detection through post-incident review and lessons learned
- Manage certificate lifecycle, sensitive data handling, and encryption standards (TLS/SSL, PKI, key management)
- Conduct and coordinate penetration testing and vulnerability management programs, tracking remediation to resolution
- Own security controls across cloud environments (AWS, Azure) including IAM, security groups, logging, and compliance tooling
- Collaborate with IT infrastructure teams to harden systems, enforce least-privilege, and maintain secure baselines
- Ensure secure configurations for SaaS applications, APIs, and third-party integrations
Education: Bachelors degree in Computer Science or equivalent experience.
- 7+ years of progressive IT security experience, with at least 3 years in a senior or lead security role
- Demonstrated end-to-end ownership of PCI-DSS compliance—including QSA engagement, CDE scoping, SAQ/ROC preparation, and continuous compliance across retail POS and e-commerce channels
- Hands-on experience managing WAF platforms (e.g., Cloudflare, Imperva, Akamai, AWS WAF) including rule tuning, alert response, and vendor relationship management
- Experience securing e-commerce environments: payment gateways, APIs, and customer data in alignment with PCI-DSS and OWASP Top 10
- Proven experience building and managing IT governance programs—policies, risk assessments, KPIs, and security roadmaps
- Ability to manage security across a distributed workforce including retail stores, corporate offices, and remote employees
- Experience with cloud security across AWS and/or Azure (IAM, security groups, logging, Microsoft Defender, Azure Defender)
- Strong knowledge of identity and access management (IAM), SSO/MFA (Okta, Azure AD/Entra ID), and privileged access controls
- Experience with SIEM platforms, IDS/IPS, endpoint detection & response (EDR), and vulnerability management tools
- Strong understanding of encryption, TLS/SSL, PKI, and key management
- Scripting/automation skills in Python, Bash, or PowerShell
- Excellent communication skills with the ability to present security risk to executive and non-technical audiences
- Industry certifications preferred: CISSP, CISM, PCI-ISA/QSA, or equivalent
EILEEN FISHER, Inc. is an equal-opportunity employer and is committed to providing a workplace free from harassment and discrimination. We are committed to recruiting, hiring, training and promoting qualified people of all backgrounds, and make all employment decisions without regard to any protected status.
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search