Senior Cloud Security Engineer

Job Title: Senior Security Engineer I
Reports to: Manager, Security Engineering
Job Location: San Diego, CA, USA
Job Status: Exempt, FT
About SHEIN
SHEIN is a global fashion and lifestyle e-retailer committed to making the beauty of fashion accessible to all. We use on-demand manufacturing technology to connect suppliers to our agile supply chain, reducing inventory waste and enabling us to deliver a variety of affordable products to customers around the world. From our global offices, we reach customers in more than 150 countries.
Founded in 2012, SHEIN has nearly 10,000 employees operating from offices around the world, with U.S. Headquarters located in Los Angeles and Global Headquarters located in Singapore. In SHEIN, we work with outstanding, creative, and capable peers. We share an energetic and open culture for capable people to discern, work and ignite as a team.
Position Summary
SHEIN Global Security and Risk Management (GSRM) is a global security organization that oversees security infrastructure, risk management, data privacy, business fraud, governance, and regulatory compliance across SHEIN's global footprint. It is composed of a team of security professionals, innovators and thought leaders that have had decades of global security experience, led large scale transformations, and served in Fortune 500 executive roles.
We are looking for Senior Cloud Security Engineer (Official Title: Senior Security Engineer I) for our San Diego, CA-based office hub, who will focus on the company's cloud security, including but not limited to network security (WAF, Surricata/Zeek, CDN), and endpoint security for SHEIN Technology a global company. You will inventory the company's assets into functional and scalable groups, evaluate industry standards, and architect recommended changes/solutions to protect the assets meeting standards and new requirements.
You will design, implement, and execute asset, policy, playbook, and protocol development for security engineering. Work closely with the global security engineering and operations (SOC) teams on data ingestion, incident response, and vulnerability management. You will ensure that all production security controls and technologies are evaluated, enabled, monitored, and built to meet or exceed industry guidelines. You will contribute to baseline established policies and SLAs across all aspects of the security operating framework and make recommendations for continuous improvement, keeping the business secure and customer experience in mind.
Job Responsibilities

• Must have experience with EDR and XDR Technologies
• Must have experience with WAF, Surricata/Zeek, CDN and/or associated technologies
• Must have knowledge and experience with Crowdstrike SAAS, Palo Alto, and Uptycs platforms.
• Demonstrated knowledge and experience with open-source software
• Work directly with the business to wholistically account for all assets by organizational or functional group
• Evaluate the current endpoint protection capabilities of the laptops/servers/hand-helds/tablets/cameras/badge systems and other wired/wireless connecting devices
• Evaluate the currently configured capabilities for tuning of said devices, strengthening the security posture
• Test/Recommend/LAB and keep current the company's software and patching
• Engineer, analyze and develop of MAC/Windows/servers security agent standards and protocol
• Have the ability to validate pre/prod changes prior to production implementation in order to maintain stability and great user experience
• Understanding and implementation of drive encryption, browser protection, user management, apps and SW revisions
• Ensure compliance with risk management guidelines and objectives.
• Troubleshoot and operationalize Operating Systems, Endpoint Security Agents, Encryption Technologies, Threat Intelligence Feeds, DLP, NAC, VPN, FW, SIEM and others
• Troubleshoot, triage and maintain client-based tooling inclusive but not limited to client FW, IPS/IDS, URL Filtering, image, patching strategy, interoperability, subscription, life-cycle and more.
• Understand and be able to troubleshoot end-to-end user connectivity to internet, cloud-based infrastructure systems and services
• Collaborate with the global security engineering, change management, global intelligence center, threat hunting, vulnerability management and incident response functions and participate in any day-to-day cross functional relationships to fulfill business needs
• Creating and updating new strategy, project plans and policy documents based on security and data protection requests that map to SHEIN's business requirements
• Work directly with global business units to facilitate change requests, incident response protocols, data analysis, solution requirements and technology roadmaps to ensure compliance with industry and regulatory standards
• Establish credibility throughout the organization by earning the reputation for being a proactive cloud security engineer
• Demonstrates continuous effort to improve system security while maintaining the best possible performance, streamline work processes and work cooperatively to provide quality customer experience

Job Requirements

• Minimum of 5 years of experience in endpoint security coupled with network security
• Possess a Bachelor's degree or higher in the field of engineering, computer science or equivalent advance technology field of study
• Knowledge of privacy regulations and guidelines such as GDPR, CCPA, PCI, CPA etc.
• Knowledge of cybersecurity frameworks such as NIST, ISO/IEC 27001 & 27002, SOC 2, etc.
• Experience building and running from ground up segmented, secure & platform managed systems/applications, ultimately integrating into the security framework
• Must have experience partnering with external governance and compliance parties on meeting regulatory requirements and assessing emerging threats and mitigations.
• Strong working and practical knowledge of security monitoring, threat hunting, log management, SIEM and data analytics.
• Experience with change management lifecycle, development and regular preparation of management status and key metrics reports
• Should have strong process, procedure ownership experience, and documentation for audit and control systems
• Ability to translate cyber security threats from a technical perspective to business-line understanding and execution
• Ability to work with extremely technical staff working on very sensitive subject areas with extremely sensitive information
• High level of personal integrity, self-driven, with the ability to professionally handle confidential matters and exercises the appropriate level of judgment and maturity
• Must be able to support on-call, escalation, high-paced/fast tempo production in a global environment
• Relevant cyber security certifications, such as CISSP, CCSP, GIAC, GSEC, CISA are highly desired
• Experience in at least one coding language: C/C++, C#, Python, Perl, Ruby, Bash, Java, HTML, Javascript, PHP, ASP, ASPX
• Troubleshoot open-source software and code review to ensure integrity and reliability
• Experience with infrastructure automation, server administration, TCP/IP networking, vulnerability identification and exploitation, vulnerability exploit code development, offensive security operation coordination and communication, vulnerability tracking and remediation, cross functional collaborations
• Experience working with security technology and products such as WAF, Firewalls, IDS, IPS, VPC, CSPM
• Having a good understanding of cloud vulnerabilities and how to address them
• Prior experience in e-commerce or technology industry preferred
• Must be a strong communicator with exceptional verbal and written communication skills to translate the vision and strategy into clear priorities and direction, both internally and externally

Pay
$118,500.00 min - $202,000.00 max annually, Bonus & RSU offered.
Benefits and Culture
Healthcare (medical, dental, vision, prescription drugs)
Health Savings Account with Employer Funding
Flexible Spending Accounts (Healthcare and Dependent care)
Company-Paid Basic Life/AD&D insurance
Company-Paid Short-Term and Long-Term Disability
Voluntary Benefit Offerings (Voluntary Life/AD&D, Hospital Indemnity, Critical Illness, and Accident)
Employee Assistance Program
Business Travel Accident Insurance
401(k) savings plan with discretionary company match and access to a financial advisor
Vacation, Paid holidays and sick days
Employee Discounts
Perks (HQ Location)
Free weekly catered lunch at HQ
Dog-Friendly office
Free Gym Access at HQ
Free Swag Giveaways
Annual Holiday Party
Invitations to pop-ups and other company events
Complimentary daily office snacks and beverages
Free Shuttle Service from HQ to LA Union Station
SHEIN Distribution is an equal opportunity employer committed to a diverse workplace environment.