Job Summary:

The Senior Information Security Engineer specializing in Infrastructure Security is a pivotal role within our organization, responsible for implementing and administering information security policies, practices, procedures, and technologies. This role ensures the protection of networks, systems, applications, facilities, and data. The Senior Information Security Engineer collaborates with various teams to define and enforce security best practices, conduct risk assessments, implement security controls, and ensure compliance with industry regulations and laws. The Senior Information Security Engineer will have an active role in supporting and conducting SOC “Blue Team” operations responsibilities including continuous monitoring, alert analysis and triage, incident response, threat intelligence, and more.


Job Expectations:

  • Research, recommend, and implement changes to procedures and systems to enhance data systems security, addressing vulnerabilities found during assessments.
  • Advise users on security best practices and recognize potential threats and risks, including intrusion detection and threat mitigation.
  • Monitor reports, conduct analysis on internet access, connectivity, and threats.
  • Configure and manage firewalls, review vendor solutions, and provide best practices for firewall utilization.
  • Automate repetitive tasks by reconciling data from multiple sources and creating scheduled tasks using code.
  • Conduct technical information security assessments for networks, systems, applications, and databases.
  • Complete internal and external audits for regulatory compliance, working with other business units.
  • Participate in audit response management and provide ongoing guidance on achieving and maintaining security compliance.
  • Coordinate and conduct Risk Assessments according to client policies and standards, collaborating with the business on risk remediation.
  • Support continuous monitoring, incident response, threat intelligence, and other SOC/“Blue Team” responsibilities
  • Assist with incident response as events are escalated, including triage, remediation, and documentation.
  • Investigate and document events to aid incident responders, managers and other SOC team members on security issues and the emergence of new threats.
  • Evaluate SOC policies and procedures and recommend updates to management as appropriate.


Knowledge, Skills, and Abilities Required:

  • Strong understanding of security standards and compliance requirements, especially PCI DSS and CIS Center for Information Security Benchmarks.
  • Proficiency in intrusion detection systems, firewalls, vulnerability scanners, encryption technologies, and antivirus software.
  • Knowledge of identity management processes and project management skills.
  • Experience with incident response program management and strategic business process consulting.
  • In-depth understanding of IT operational policies, processes, and methodologies related to governance, risk management, and compliance.
  • Broad knowledge of security fundamentals and technologies, including operating systems, network security, security event management, business continuity, and identity management.
  • Familiarity with LANs, WANs, Microsoft Active Directory, Windows server, desktop operating systems, DD, SQL Server, GWS and other web services.
  • Proficiency with Cloud Platforms such as AWS, GCP, Azure, and Alibaba Cloud.
  • Bachelor’s degree in related field of study or equivalent work-related experience 
  • 4+ years of experience in system, network, cloud security, and risk management.
  • Good experience with a wide range of AWS tools, AWS native Security Services, and practical experience with AWS cloud.
  • Experience implementing security practices in CI/CD environment – Ansible, Harness, Jenkins, etc.
  • Hands-on experience with Python and Infrastructure as Code for cloud environments.
  • Excellent problem-solving and analytical skills, with the ability to work independently and make sound judgments.
  • Able to identify, troubleshoot, and resolve problems quickly using sound judgment and diplomacy.
  • Capable of prioritizing tasks and escalating issues when necessary.
  • Adaptable to changing tasks and deadlines, with the ability to work independently with minimal supervision.
  • Excellent at multitasking, and open to constant learning
  • Experience with Blue Team and/or Red/Purple Team and/or MSSP experience preferred.
  • Experience working with SIEM systems, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS)
  • Experience with Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP).
  • Understanding of AWS services: EC2, VPC, IAM, AWS Systems Manager, etc.

Preferred Qualifications:

  • Bachelor’s Degree in Computer Information Systems, Computer Science or equivalent.
  • Professional Certifications in related field (OSCP, OSEP, CISSP, CEH, CompTIA Security+, AWS Certifications, GSEC, CCSP, GCIH, etc).
  • Knowledge of PCI DSS and e-commerce.
  • Strong self-management skills, ability to prioritize workload, and work effectively in a team environment.
  • Up-to-date expertise in e-commerce.
  • Effective oral and written communication skills.


The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job.  Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.


The anticipated pay scale for this position can be found below, however the pay range applicable to you may vary by geographic location based on where the job is located or where you work.  The final pay offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and years of experience within the job, the type of years and experience within the industry, education, etc.  iHerb, LLC is a multi-state employer and this pay scale may not reflect positions that work in other states or locations.

Employees (and their families) that meet eligibility criteria as outlined in applicable plan documents are eligible to participate in our medical, dental, vision, and basic life insurance programs and may enroll in our company’s 401(k) plan. Employees will also be eligible for Time Off and Paid Sick Leave pursuant to the company’s policies. Employees will enjoy paid holidays throughout the calendar year.  Eligibility requirements for these benefits will be controlled by applicable plan documents.

Hired applicant may be awarded Restrict Stock Units and receive annual bonuses pursuant to eligibility and performance criteria defined in the respective plan documents and policies.
For more information on iHerb benefits, visit us at

Anticipated Pay Scale:
$162,190$221,169 USD

Staffing Agency Submission Notice
iHerb does not accept unsolicited 3rd party ("Agency") candidates. If you are an Agency, please send any requests to be considered as a supplier in our Vendor Management System to Do not contact iHerb employees directly. If requested to work on a role, any Agency candidates would be presented through the internal recruiting organization.

About iHerb
iHerb is on a mission to make health and wellness accessible to all. We offer Earth’s best-curated selection of health and wellness products, at the best possible value, delivered with the most convenient experience.

We’re the world’s largest eCommerce platform dedicated to vitamins, minerals, and supplements, and other health and wellness products. For more than 25 years, we’ve been making it simple for people all over the world to purchase the highest quality products. From supplements to skincare to grocery items, we ship over 30,000 products, from over 1,200 brands direct to our customers in 185+ countries.

Our vision is to become the #1 destination for health and wellness across the world.

With a passion for wellness and a mind for innovative solutions, iHerb team members share a vision for a healthier world that drives them each day. Our 5 Shared Values unite our global team:

Focus on the Customer · Empower Our People · Be Entrepreneurial & Pivot Quickly ·
Embrace Diversity & Inclusion · Strive for Simplicity

iHerb Benefits
At iHerb, we are dedicated to offering programs designed to help our employees and their families stay healthy, live well, and plan for their financial future. Built on a strong foundation, our programs provide options and upgrades with flexibility, protection, and security in mind. For the comprehensive benefits list, visit For our international team members, you may be eligible for benefits depending on the country where you are employed. The Talent Acquisition Partner/local HR representative will go over the benefits you are eligible for. 

iHerb is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. iHerb provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment.

Apply for this Job

* Required

resume chosen  
(File types: pdf, doc, docx, txt, rtf)
cover_letter chosen  
(File types: pdf, doc, docx, txt, rtf)

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in iHerb’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Voluntary Self-Identification of Disability

Form CC-305
Page 1 of 1
OMB Control Number 1250-0005
Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

  • Alcohol or other substance use disorder (not currently using drugs illegally)
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
  • Blind or low vision
  • Cancer (past or present)
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or serious difficulty hearing
  • Diabetes
  • Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
  • Epilepsy or other seizure disorder
  • Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
  • Intellectual or developmental disability
  • Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
  • Missing limbs or partially missing limbs
  • Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
  • Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
  • Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
  • Partial or complete paralysis (any cause)
  • Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
  • Short stature (dwarfism)
  • Traumatic brain injury

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

Our system has flagged this application as potentially being associated with bot traffic. Please turn off any VPNs, clear your browser cache and cookies, or try submitting your application in a different browser. If this issue persists, please reach out to our support team via our help center.
Please complete the reCAPTCHA above.