Staff, Software Engineer, Information Security - Managed File Transfer Security Transformation
Walmart
Software Engineering, IT
Posted on Feb 25, 2026
Position Summary...
We are seeking a highly experienced and forward-thinking Staff, Systems and Infrastructure Engineer to lead the security transformation of our enterprise Managed File Transfer (MFT) platform. This role will serve as a technical authority in secure file transfer architecture, SSH authentication modernization, and enterprise data protection strategies.As a key member of the team, you will lead the evolution of our MFT ecosystem — including the strategic transition from SSH key-based authentication to SSH certificate-based authentication — while strengthening data security, cryptographic hygiene, and operational resilience across the enterprise.
This is a transformational role focused on modernization, automation, and security-first design.
What you'll do...
MFT Architecture & Modernization
- Serve as the subject matter expert (SME) for Managed File Transfer platforms (e.g., SFTP, FTPS, HTTPS-based transfers, enterprise MFT solutions).
- Define and drive the strategic roadmap for modernizing MFT authentication and authorization models.
- Lead the transition from static SSH key-based authentication to SSH certificate-based authentication at enterprise scale.
- Establish architectural standards and patterns for secure file movement across internal, cloud, and third-party environments.
- Provide technical leadership for high-availability, scalable, and secure MFT infrastructure.
SSH & Authentication Strategy
- Design and implement SSH certificate authority (CA) architecture and lifecycle management processes.
- Develop automation frameworks for SSH key and certificate provisioning, rotation, revocation, and auditing.
- Reduce risk associated with unmanaged or orphaned SSH keys through governance, discovery, and remediation programs.
- Integrate SSH certificate-based authentication into CI/CD pipelines and automated workloads.
- Collaborate with Identity & Access Management (IAM) teams to align MFT authentication with enterprise identity strategies.
Data Security & Cryptography
- Ensure secure configuration and hardening of secure transport protocols (SSH, TLS, etc.).
- Provide guidance on cryptographic standards, cipher selection, and protocol configurations.
- Assess and mitigate risks related to data-in-transit, key management, and machine-to-machine authentication.
- Partner with security architecture teams to align MFT solutions with enterprise security controls and regulatory requirements.
- Stay current on emerging security threats and evolving best practices in secure file transfer and cryptographic authentication.
Governance, Risk & Operational Excellence
- Define security guardrails, policies, and best practices for onboarding partners and internal application teams to MFT platforms.
- Lead security reviews, threat modeling exercises, and risk assessments for file transfer workflows.
- Improve observability, logging, and monitoring for anomalous file transfer and authentication activity.
- Develop metrics and reporting to measure authentication hygiene and modernization progress.
- Mentor engineers and elevate the overall security maturity of the MFT organization.
- Deep expertise in Managed File Transfer technologies and secure file transfer protocols (SFTP, FTPS, SCP, HTTPS, etc.).
- Advanced knowledge of SSH authentication mechanisms, including:
- SSH key generation and management
- Key rotation strategies
- Key governance challenges
- SSH certificate-based authentication design and implementation
- Strong understanding of Public Key Infrastructure (PKI), certificate authorities, and certificate lifecycle management.
- Experience designing secure machine-to-machine authentication models at scale.
- Strong knowledge of encryption, data-in-transit protection, and secure protocol configuration.
- Experience automating infrastructure and security controls using scripting or infrastructure-as-code tools.
- Ability to design scalable, resilient, and highly available infrastructure solutions.
- Strong analytical and problem-solving skills.
- Excellent communication skills with the ability to influence both technical and non-technical stakeholders.
- Proven ability to lead cross-functional initiatives in complex enterprise environments.
Preferred Qualifications
- Experience implementing SSH certificate authorities in large enterprise environments.
- Familiarity with cloud-based MFT architectures and hybrid environments.
- Experience with secrets management and key vault technologies.
- Knowledge of regulatory and compliance frameworks impacting data transfer (PCI, SOX, HIPAA, etc.).
- Relevant certifications (CISSP, CISM, GIAC, etc.) are a plus.
What You’ll Drive
- Elimination of unmanaged SSH keys.
- Enterprise adoption of certificate-based authentication for file transfers.
- Improved cryptographic posture for machine-to-machine data exchange.
- Standardized, automated, and secure onboarding for internal and external partners.
- A measurable uplift in the security maturity of our MFT ecosystem.
Eligibility requirements apply to some benefits and may depend on your job classification and length of employment. Benefits are subject to change and may be subject to a specific plan or program terms.
For information about benefits and eligibility, see One.Walmart.
Bentonville, Arkansas US-09050: The annual salary range for this position is $110,000.00 - $220,000.00
Herndon, Virginia US-10710: The annual salary range for this position is $132,000.00 - $264,000.00 Additional compensation includes annual or quarterly performance bonuses. Additional compensation for certain positions may also include :
- Stock
ㅤ
ㅤ
ㅤ
ㅤ
Minimum Qualifications...
Outlined below are the required minimum qualifications for this position. If none are listed, there are no minimum qualifications.
Option 1: Bachelor's degree in computer science, information technology, engineering, information systems, cybersecurity, or related area and 4years’ experience in software engineering or related area at a technology, retail, or data-driven company.Option 2: 6 years’ experience in software engineering or related area at a technology, retail, or data-driven company.
Preferred Qualifications...
Outlined below are the optional preferred qualifications for this position. If none are listed, there are no preferred qualifications.
Certification in Security+, GISF, CISSP, CCSP, or GSEC, Master’s degree in computer science, information technology, engineering, information systems, cybersecurity or related area and 2 years’ experience leading information security or cybersecurity projects, We value candidates with a background in creating inclusive digital experiences, demonstrating knowledge in implementing Web Content Accessibility Guidelines (WCAG) 2.2 AA standards, assistive technologies, and integrating digital accessibility seamlessly. The ideal candidate would have knowledge of accessibility best practices and join us as we continue to create accessible products and services following Walmart’s accessibility standards and guidelines for supporting an inclusive culture.
