Staff, Software Engineer, Information Security - Managed File Transfer Security Transformation
Walmart · Bentonville, AR · 3 wk ago
On-siteInformation Technology$110k–$220k/yrFull-time
Position Summary
We are seeking a highly experienced and forward-thinking Staff, Systems and Infrastructure Engineer to lead the security transformation of our enterprise Managed File Transfer (MFT) platform. This role will serve as a technical authority in secure file transfer architecture, SSH authentication modernization, and enterprise data protection strategies.
What you'll do...
- MFT Architecture & Modernization
- Serve as the subject matter expert (SME) for Managed File Transfer platforms (e.g., SFTP, FTPS, HTTPS-based transfers, enterprise MFT solutions).
- Define and drive the strategic roadmap for modernizing MFT authentication and authorization models.
- Lead the transition from static SSH key-based authentication to SSH certificate-based authentication at enterprise scale.
- Establish architectural standards and patterns for secure file movement across internal, cloud, and third-party environments.
- Provide technical leadership for high-availability, scalable, and secure MFT infrastructure.
- SSH & Authentication Strategy Design and Implementation
- Design and implement SSH certificate authority (CA) architecture and lifecycle management processes.
- Develop automation frameworks for SSH key and certificate provisioning, rotation, revocation, and auditing.
- Reduce risk associated with unmanaged or orphaned SSH keys through governance, discovery, and remediation programs.
- Integrate SSH certificate-based authentication into CI/CD pipelines and automated workloads.
- Collaborate with Identity & Access Management (IAM) teams to align MFT authentication with enterprise identity strategies.
- Data Security & Cryptography
- Ensure secure configuration and hardening of secure transport protocols (SSH, TLS, etc.).
- Provide guidance on cryptographic standards, cipher selection, and protocol configurations.
- Assess and mitigate risks related to data-in-transit, key management, and machine-to-machine authentication.
- Partner with security architecture teams to align MFT solutions with enterprise security controls and regulatory requirements.
- Governance, Risk & Operational Excellence
- Define security guardrails, policies, and best practices for onboarding partners and internal application teams to MFT platforms.
- Lead security reviews, threat modeling exercises, and risk assessments for file transfer workflows.
- Improve observability, logging, and monitoring for anomalous file transfer and authentication activity.
- Develop metrics and reporting to measure authentication hygiene and modernization progress.
- Mentor engineers and elevate the overall security maturity of the MFT organization.
Deep Expertise
- Advanced knowledge of SSH authentication mechanisms, including: SSH key generation and management, key rotation strategies, key governance challenges, SSH certificate-based authentication design and implementation.
- Strong understanding of Public Key Infrastructure (PKI), certificate authorities, and certificate lifecycle management.
- Experience designing secure machine-to-machine authentication models at scale.
- Strong knowledge of encryption, data-in-transit protection, and secure protocol configuration.
- Experience automating infrastructure and security controls using scripting or infrastructure-as-code tools.
- Ability to design scalable, resilient, and highly available infrastructure solutions.
- Strong analytical and problem-solving skills.
- Excellent communication skills with the ability to influence both technical and non-technical stakeholders.
- Prowledge in leading cross-functional initiatives in complex enterprise environments.
Preferred Qualifications
- Experience implementing SSH certificate authorities in large enterprise environments.
- Familiarity with cloud-based MFT architectures and hybrid environments.
- Experience with secrets management and key vault technologies.
- Knowledge of regulatory and compliance frameworks impacting data transfer (PCI, SOX, HIPAA, etc.).
- Relevant certifications (CISSP, CISM, GIAC, etc.) are a plus.
What You’ll Drive
- Elimination of unmanaged SSH keys.
- Enterprise adoption of certificate-based authentication for file transfers.
- Improved cryptographic posture for machine-to-machine data exchange.
- Standardized, automated, and secure onboarding for internal and external partners.
- A measurable uplift in the security maturity of our MFT ecosystem.
Company Benefits
- Competitive pay as well as performance-based bonus awards and other great benefits for a happier mind, body, and wallet.
- Health benefits include medical, vision and dental coverage.
- Financial benefits include 401(k), stock purchase and company-paid life insurance.
- Paid time off benefits include PTO (including sick leave), parental leave, family care leave, bereavement, jury duty, and voting.
- Other benefits include short-term and long-term disability, company discounts, Military Leave Pay, adoption and surrogacy expense reimbursement, and more.
Minimum Qualifications
- Option 1: Bachelor's degree in computer science, information technology, engineering, information systems, cybersecurity, or related area and 4 years’ experience in software engineering or related area at a technology, retail, or data-driven company.
- Option 2: 6 years’ experience in software engineering or related area at a technology, retail, or data-driven company.
Preferred Qualifications
- Certification in Security+, GISF, CISSP, CCSP, or GSEC, Master’s degree in computer science, information technology, engineering, information systems, cybersecurity or related area and 2 years’ experience leading information security or cybersecurity projects.
- We value candidates with a background in creating inclusive digital experiences, demonstrating knowledge in implementing Web Content Accessibility Guidelines (WCAG) 2.2 AA standards, assistive technologies, and integrating digital accessibility seamlessly.