Senior Security Engineer - Information (REMOTE)

Job Summary: 

The Senior InfoSec Engineer is responsible for implementation and administration of information security policies, practices, procedures, and technologies to ensure securely architected systems, applications, databases, cloud services, networks, and data in a hybrid cloud ecommerce environment.

The Senior InfoSec Engineer designs, implements, and oversees activities related to deploying, monitoring, improving, and managing iHerb’s security stack and security strategy across the enterprise.  With regular reporting and feedback from management, manages and leads the implementation of information security processes, tools, and services.

This position is an advanced hands-on practitioner and representative of the cybersecurity defense team. The role is technical, and candidates must possess a solid understanding of multiple information security domains.  The candidate must understand applications, operating systems, networking, cloud infrastructure, attacker tactics, techniques, and procedures (TTPs).  The candidate is expected to maintain a high level of rigor to stay up to date with advancements in technology, while also retaining knowledge of older systems and applications in use.

This role will be responsible for overseeing, monitoring, analyzing, improving, and troubleshooting security systems, Red/Purple Team (offensive security) and Blue Team (defensive security) exercises, evaluation of security controls/services/solutions, as well as provide recommendations for enhancement and improvement.

We seek out Information Security Engineers with a broad range of skills who can pivot to other technologies, and who can passionately learn other skills and technologies.  At iHerb, you will have the ability to ‘choose your own adventure’ a percentage of the time in other areas of Cyber Security, including and not limited to:  Incident Response, Incident Handling, SOC and Intrusion Analysis, Automation, Cyber Threat Intelligence, Cyber Defense, Offensive Security, etc.

Job Expectations: 

Knowledge, Skills and Abilities:

• Strong knowledge of multiple security tools for both Cloud and On-Prem scenarios.

• Good knowledge of AWS (Amazon Web Services), GCP (Google Cloud Platform), Azure, or other cloud platforms and related technologies is strongly desired. 

• Strong knowledge of SIEM, such as Splunk, and related tooling and automation.

• Experience with Content Delivery Networks (CDN), Web Application Firewall (WAF), Bot Management and Distributed Denial of Service (DDOS) tooling strongly desired.

• Provide support for strategic business process/reengineering consulting as appropriate and work on multiple technically complex high-profile projects. 

• Demonstrate an understanding of key IT operational policies, processes and methodologies applicable to governance, risk management and compliance. 

• Demonstrable experience with integration in Splunk or other SIEMs for various security tools. 

• General understanding of security fundamentals (cryptography, least privilege, segregation of duties, …) and general security technologies, including operating systems, network security (firewalls, VPNs, EDR, Web Content Filtering, etc.), security incident and event management, business continuity, physical security, identity management, directory services, etc. 

• Knowledge of Active Directory, DDNS, Group Policy (GPO), Microsoft Windows Server and Desktop operating systems, Linux, MacOS.

• Maintain knowledge of new and emerging tools, tactics and techniques that may post threats and risks to the organization. Advise and implement threat mitigations.

• Research, recommend, and implement changes to enhance systems security and develop appropriate security controls to address vulnerabilities found during assessments.

• Strong work ethic, including consistent documentation and tracking of activities.

• Possess an understanding of PCI Compliance and EU GDPR Requirements. Participate in audit response management and provide ongoing guidance on solutions to achieve and maintain security compliance.

• Ability to work in fast paced, rapidly changing environment and a strong desire to learn.

• You are a self-starter and require only minimal guidance to produce results.

• This position may require on-call activities at off-hours.

• High degree of accuracy and attention to detail.

• Excellent organization skills and ability to multi-task.

Equipment Knowledge: 

• Experience with cloud, systems, email, and network security.

• Experience with containers (Docker, Kubernetes, …) strongly desired.

• Experience with various tooling in the Information Security space.

• Experience working with and setting up alerts and queries in Splunk or other SIEM tools.

• Experience with OpenText Encase Forensics, or similar forensics tooling.

• Knowledge of IT/Information Security Audit and assessment. 

• Knowledge of PCI DSS and EU GDPR.

• Knowledge researching, analyzing, and recommending information security solutions.

• A working knowledge of information security practices and concepts including intrusion detection/ prevention, EDR, NetFlow analysis, access controls, risk analysis, vulnerability scanning, application whitelisting and data encryption.

• Experience with Microsoft Office Suite (e.g., Word, Excel, PowerPoint, etc.).

• Experience with Google Business Suite (e.g., Gmail, Drive, Docs, Sheets, Forms. etc.) preferred.

Experience Requirements:

• 5+ years of experience in information systems as a security engineer, cloud administrator or network administrator with at least one of those with direct incident response / incident management duties.

Education Requirements: 

• Bachelor’s Degree in Information Technology, Information Security, Computer Science, or related field preferred.

• Advanced industry certification is strongly desired, i.e., SANS GIAC certifications or equivalent, CompTIA, CISSP, CISM, or others.

Judgment/Reasoning Ability:  Able to identify, troubleshoot and resolve problems quickly using sound judgment, poise, and diplomacy.  Ability to use judgment and reasoning skills, and determine when to escalate issues, as required, in a timely manner.

Physical Demands:  The physical demands described here are representative of those that must be met by a Team Member to successfully perform the essential functions of this job.  While performing the duties of this job, the Team Member is regularly required to talk and hear. The Team Member is frequently required to sit, walk, climb stairs, use hands and fingers, bend, stoop and reach with hands and arms.  Reaching above shoulder heights, below the waist or lifting as required to file documents or store materials throughout the workday.  The Team Member may occasionally lift or move office products and supplies up to 25 pounds.  Proper lifting techniques required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Work Environment:  The noise in the work environment is usually moderate.  Other factors are:

• Hectic, fast-paced with multi-level distractions

• Professional, yet casual work environment

• Office / Warehouse environment

• Ability to work extended hours as required 

#LI-JC1