Engineer II (Secure Delivery & Vulnerability Management)

Welcome to Ross Stores, Inc., where our differences make us stronger… At Ross and dd’s, inclusion is a way of life. We care about our Associates and the communities we serve and we value their differences. We are committed to building diverse teams and an inclusive culture. We respect and celebrate the diversity of backgrounds, identities, and ideas of those who work and shop with us. Come join us as we continue our diversity, equality and inclusion journey!

GENERAL PURPOSE:
The Security Engineer provides technical advice on a wide variety of information security issues, concerns, and problems. This position is also responsible for making sure that all business applications developed in-house or developed by outsiders on behalf of the company to include adequate control measures. By working on committees and task forces throughout the company, diligently assists with the improvement of security of information systems.

ESSENTIAL FUNCTIONS:

• Provides users and management with technical support on matters related to information security such as the criteria to use when selecting information security products

• Reviews the effectiveness and practicality of existing information security procedures and systems, and makes recommendation for the improvement of these same procedures and systems

• Interprets information security policies, standards, and other requirements in light of specific information systems, and assists with the implementation of these and other information security requirements

• Participates in, and acts as a technical leader in, periodic information systems risk assessments including those associated with the development of new or significantly enhanced business applications.

• Ensure that business strategy, IT enterprise security and implementation are aligned. Provide input to technical designs in enterprise security solutions, specifically around tools and systems that would best support the design.

• Develop action plans, schedules, budgets, status and metrics reports as well as other management communications intended to improve the secure SDLC program at Ross.

• Stays informed about the latest developments in the information security field, including new products and services, through on-line news services, technical magazines, professional association memberships, industry conferences, special training seminars, and other methods.

• Monitors current and proposed laws, regulations, industry standards, and ethical requirements related to information security and privacy, so that the company is warned in advance and is ready to be fully compliant with these requirements.

COMPETENCIES:

• Technical Competence and Expertise

• Customer Focus

• Problem Solving

• Approachability

• Communication

• Time Management

• Drive fro Results

QUALIFICATIONS AND SPECIAL SKILLS REQUIRED:

• At least 7 years' experience supporting IT systems, processes or capabilities

• At least 7 years' of Information Technology Security, at least 5 years with large enterprise

• Bachelor's degree

• An understanding of industry best practices for Information security; specific demonstrated experience mapping business processes and comparing those processes to industry best practices

• The ability to work closely with Business and development and a thorough understanding of the balance between Business and Security requirements

• Knowledge of network, system and application security

• Knowledge of OWASP framework and application security best practices

• Excellent analytical, organizational and communication skills

• Customer Focused

• Team-oriented, yet able to work independently; self-motivated

• Strong attention to detail

• Able to articulate issues, build consensus around recommendations, and define next steps

• Ability to respond promptly and consistently to changing customer needs and circumstances

• A high sense of responsibility - to our customers, our business partners, our colleagues, and to the quality and timeliness of one's own work; a willingness to "do what it takes" to support our company's systems - sometimes during non-standard work hours
Preferred Qualifications:

• Experience with Microsoft Office Suite, Microsoft Project and Visio

• Graduate degree

• Certified Information Systems Security Professional (CISSP), or other Information Security related certification

PHYSICAL REQUIREMENTS/ADA:
Job requires ability to work in an office environment, primarily on a computer.
Requires sitting, standing, walking, hearing, talking on the telephone, attending in-person meetings, typing, and working with paper/files, etc.
Consistent timeliness and regular attendance.
Vision requirements: Ability to see information in print and/or electronically.
This role requires regular in-office presence, including to engage in in-person team interaction, meetings and collaboration, client support, mentoring, coaching, and/or feedback. However, this role can perform duties effectively using a combination of in-office and remote work.

SUPERVISORY RESPONSIBILITIES:
None

DISCLAIMER:
This job description is a summary of the primary duties and responsibilities of the job and position. It is not intended to be a comprehensive or all-inclusive listing of duties and responsibilities. Contents are subject to change at management's discretion.

Ross is an equal employment opportunity employer. We consider individuals for employment or promotion according to their skills, abilities and experience. We believe that it is an essential part of the Company's overall commitment to attract, hire and develop a strong, talented and diverse workforce. Ross is committed to complying with all applicable laws prohibiting discrimination based on race, color, religious creed, age, national origin, ancestry, physical, mental or developmental disability, sex (which includes pregnancy, childbirth, breastfeeding and medical conditions related to pregnancy, childbirth or breastfeeding), veteran status, military status, marital or registered domestic partnership status, medical condition (including cancer or genetic characteristics), genetic information, gender, gender identity, gender expression, sexual orientation, as well as any other category protected by federal, state or local laws.