Job Summary: 

The Information Security Engineer II – Splunk, will be responsible for the implementation and administration of Splunk information security policies, practices, procedures, and technologies in order to ensure Splunk, and other systems, are securely architected and optimized including servers, agents, applications, and databases in a hybrid cloud ecommerce environment.


This role, in conjunction with the iHerb LLC security team will be responsible for security operations such as the installation, configuration, administration, development, and maintenance of Splunk technologies, and other security tools.  These activities include, and are not limited to log parsing, dashboards, alerts, reports, custom queries, building apps for specific use cases (nice to have), security role administration, automation, and Cyber Threat Intelligence.


Job Expectations: 

  • Assist with architecture, design, support, and maintenance of Splunk infrastructure

  • Design, build, and maintain dashboards, alerts, reports, custom queries, and optionally build apps for specific use cases (nice to have)

  • Manage and standardize Splunk agent and server deployment, configuration and maintenance

  • Troubleshoot and solve Splunk agent and server integration and configuration issues

  • Monitor Splunk agent and server infrastructure for capacity planning and optimization

  • Support Splunk on Unix, Linux, MacOS and Windows-based platforms

  • Perform analysis and data mining, utilizing various queries and reporting methods

  • Perform technical writing of documentation: architecture diagrams, technical designs, SOPs, etc.

  • Drive standardization, automation and documentation of Splunk infrastructure, systems, and tools

  • Maintain knowledge of new and emerging threats and risks to the organization: tactics, techniques and procedures of advanced attackers

  • Participate in compliance efforts (such as PCI-DSS) by documenting, implementing and maintaining controls, gathering and examining evidence for compliance to standards

  • Ability to choose your own adventure, a percentage of the time in other areas of Cyber Security, including and not limited to:  Incident Response, Incident Handling, Analysis, Automation, Cyber Threat Intelligence, Cyber Defense, Offensive Security


The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job.  Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.


Knowledge, Skills and Abilities:

  • Intermediate to Advanced knowledge with Splunk Enterprise Security notable workflow, Asset and Risk workflow, etc.

  • Hands on experience with Splunk as an Analyst, Security Engineer, or Content Developer

  • Knowledge of Splunk configuration files, system log files, architecture, related tooling and automation, etc.

  • Experience with Splunk Cloud

  • Intermediate knowledge in Splunk SPL Search query language

  • Experience with Splunk Alert and Report building

  • Experience with Splunk App and Technology Add-On concepts

  • Experience with Splunk Lookup Tables

  • Experience with Splunk Inputs Data Manager instance a bonus

  • Experience with Okta SSO

  • Experience with Incident Response workflow

  • Experience with syslog engines

  • Experience with VPN

  • Experience with Web Content Filters

  • Experience with EDR tools

  • Experience with Threat Intelligence Platforms

  • Experience with multiple log data sources

  • Knowledge tuning and building Correlated Searches a bonus

  • Knowledge of Unix CLI and proficiency with a scripting language(s) such as:  Python, Perl, Bash, PowerShell

  • Intermediate understanding of Active Directory (users, groups, computers), DDNS, Group Policy (GPO), Microsoft Windows Server and Desktop operating systems, Linux, MacOS

  • Knowledge of multiple security tools for both Cloud and On-Prem scenarios

  • Knowledge of AWS (Amazon Web Services), GCP (Google Cloud Platform), Azure, or other cloud platforms and related technologies

  • Knowledge of Content Delivery Networks (CDN), Web Application Firewall (WAF), Bot Management and Distributed Denial of Service (DDOS) tooling

  • Demonstrate an understanding of key IT operational policies, processes and methodologies applicable to governance, risk management and compliance

  • General understanding of security fundamentals (cryptography, least privilege, segregation of duties, …) and general security technologies, including operating systems, network security (firewalls, VPNs, EDR, Web Content Filtering, etc.), security incident and event management, business continuity, physical security, identity management, etc. 

  • Maintain knowledge of new and emerging tools, tactics and techniques that may post threats and risks to the organization. Advise and implement threat mitigations 

  • Research, recommend, and implement changes to enhance systems security and develop appropriate security controls to address vulnerabilities found during assessments 

  • Ability to write regular expressions and queries

  • Excellent organization skills, accuracy, attention to detail, and ability to multitask

  • A strong passion and ability to learn and work in a fast paced and dynamic environment

  • A self-starter and team player, who requires minimal guidance to garner results

  • Strong Work Ethic, including consistent documentation and tracking of activities

  • Strong verbal and written communication skills, and the ability to describe highly technical concepts in non-technical terms


Equipment Knowledge: 

  • Security information and event management (Splunk) systems

  • Experience working with and setting up alerts and queries in Splunk

  • Experience with cloud, systems, email and network security

  • Experience with containers (Docker, Kubernetes, …) desired

  • Experience with various tooling in the Information Security space

  • Knowledge of IT/Information Security Audit and assessment 

  • Knowledge of PCI DSS and EU GDPR

  • Knowledge researching, analyzing and recommending information security solutions

  • Knowledge of information security practices and concepts including firewalls, intrusion detection/prevention, EDR, NetFlow analysis, access controls, risk analysis, vulnerability scanning, web content filtering, web proxy systems, DFIR, application whitelisting and data encryption

  • Security awareness and enterprise phish testing systems

  • Experience with Microsoft Office Suite (e.g., Word, Excel, PowerPoint, etc.)

  • Experience with Google Business Suite (e.g., Gmail, Drive, Docs, Sheets, Forms. etc.) preferred


Experience Requirements:


Generally, requires a minimum of three (3) years of general work experience and one (1) year of relevant experience in functional responsibility. A minimum two (2) years of experience utilizing, architecting, configuring, deploying, and customizing Splunk.


Education Requirements: 


BA/BS or MA/MS in Engineering, Computer Science, Information Security, or Information Systems, or comparable training/experience, or a combination of education and equivalent work experience. Splunk Architect or Splunk Administrator certification preferred


At iHerb we strive for innovation, targeted at delivering a customer-centric experience while transforming the online shopping experience. We change direction and define ourselves in the idea that individually we are incredible but united our growth is infinite and paramount to our success. iHerb strives to be the global industry leader!

iHerb is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. iHerb provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment.

Apply for this Job

* Required

U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at iHerb are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.