Senior Cloud Security Engineer

Summary

Join iHerb as a Cybersecurity Engineer and play a crucial role in protecting our systems from internal and external threats. This hands-on position involves designing and developing cloud security solutions, implementing security practices in CI/CD environments, and collaborating with technology teams. You will evaluate and respond to global IT security threats, conduct security assessments, and support remediation efforts. The ideal candidate possesses a Bachelor's degree or equivalent experience, along with 4+ years of relevant experience in system, network, and cloud security. iHerb offers a competitive salary and benefits package, including health insurance, retirement plan, paid time off, and potential bonuses.

Requirements

• Bachelor’s degree in related field of study or equivalent work-related experience
• 4+ years of experience in system, network, cloud security, and risk management
• Hand-on experience with Python and Infrastructure as Code for cloud environments
• Good experience with a wide range of AWS tools, AWS native Security Services, and practical experience with AWS cloud
• Experience implementing security practices in CI/CD environment – Ansible, Harness, Jenkins, etc
• Excellent at multitasking, and open to constant learning
• Excellent problem solving and analytical skills; outstanding oral and written communication skills

Responsibilities

• Design, and develop, cloud security solutions in AWS and other technologies to drive automation to secure critical and sensitive data, services, applications, and infrastructure across our fast-growing organization
• Design, develop, coordinate, and document the secure operation of information systems and develop best practices for securing enterprise-wide data and information systems
• Develop and deploy automated security solutions by leveraging security toolchains in the cloud environments to detect, prevent and remediate security issues
• Collaborate and develop “Security as code” that enables the technology and security engineering team to operate at high speed and widescale
• Develop procedures to automate security tasks that seamlessly integrate into code builds and deployments
• Participate in architecture and design reviews with development/DevOps staff to incorporate effective security standards into design
• Evaluate and respond to global information technology security threats in relation to cloud technologies, systems and recommend security changes in response to emergent threats
• Must be able to perform hands-on support for a wide range of security technologies including, but not limited to: Pipeline security, DevSecOps, CloudFormation templates, Terraform, Docker, Kubernetes, SIEM, IPS, and Vulnerability Scanners

Benefits

• Medical, dental, vision, and basic life insurance programs
• Company’s 401(k) plan
• Time Off and Paid Sick Leave
• Paid holidays
• Restrict Stock Units
• Annual bonuses