Sr. InfoSec Engineer (CloudSec focus)

Job Summary:The Cybersecurity Engineer position is a hands-on role that involves evaluating and enforcing cybersecurity and compliance controls. This position plays an integral role in protecting iHerb from internal and external threats and works closely with our technology teams to define and implement the security best practices, perform architecture and design reviews, threat modeling, conduct security assessments, and support the identification, interpretation, and remediation of threats and vulnerabilities across iHerb’s tech stack.Job Expectations:Design and develop cloud security solutions in AWS and other technologies to drive automation to secure critical and sensitive data, services, applications, and infrastructure across our fast-growing organization.Design, develop, coordinate, and document the secure operation of information systems and develop best practices for securing enterprise-wide data and information systems.Develop and deploy automated security solutions by leveraging security toolchains in the cloud environments to detect, prevent, and remediate security issues.Collaborate and develop “Security as code” that enables the technology and security engineering team to operate at high speed and widescale.Develop procedures to automate security tasks that seamlessly integrate into code builds and deployments.Participate in architecture and design reviews with development/DevOps staff to incorporate effective security standards into design.Evaluate and respond to global information technology security threats in relation to cloud technologies, systems, and recommend security changes in response to emergent threats.Must be able to perform hands-on support for a wide range of security technologies including, but not limited to: Pipeline security, DevSecOps, CloudFormation templates, Terraform, Docker, Kubernetes, SIEM, IPS, and Vulnerability Scanners.Knowledge, Skills, and Abilities:Required:Bachelor’s degree in related field of study or equivalent work-related experience.4+ years of experience in system, network, cloud security, and risk management.Hands-on experience with Python and Infrastructure as Code for cloud environments.Good experience with a wide range of AWS tools, AWS native Security Services, and practical experience with AWS cloud.Experience implementing security practices in CI/CD environment – Ansible, Harness, Jenkins, etc.Excellent at multitasking, and open to constant learning.Excellent problem-solving and analytical skills; outstanding oral and written communication skills.

#J-18808-Ljbffr