Job Summary:

The Senior Information Security Engineer specializing in Infrastructure Security is a pivotal role within our organization, responsible for implementing and administering information security policies, practices, procedures, and technologies. This role ensures the protection of networks, systems, applications, facilities, and data. The Senior Information Security Engineer collaborates with various teams to define and enforce security best practices, conduct risk assessments, implement security controls, and ensure compliance with industry regulations and laws. The Senior Information Security Engineer will have an active role in supporting and conducting SOC “Blue Team” operations responsibilities including continuous monitoring, alert analysis and triage, incident response, threat intelligence, and more.

Job Expectations:

Research, recommend, and implement changes to procedures and systems to enhance data systems security, addressing vulnerabilities found during assessments.
Advise users on security best practices and recognize potential threats and risks, including intrusion detection and threat mitigation.
Monitor reports, conduct analysis on internet access, connectivity, and threats.
Configure and manage firewalls, review vendor solutions, and provide best practices for firewall utilization.
Automate repetitive tasks by reconciling data from multiple sources and creating scheduled tasks using code.
Conduct technical information security assessments for networks, systems, applications, and databases.
Complete internal and external audits for regulatory compliance, working with other business units.
Participate in audit response management and provide ongoing guidance on achieving and maintaining security compliance.
Coordinate and conduct Risk Assessments according to client policies and standards, collaborating with the business on risk remediation.
Support continuous monitoring, incident response, threat intelligence, and other SOC/“Blue Team” responsibilities
Assist with incident response as events are escalated, including triage, remediation, and documentation.
Investigate and document events to aid incident responders, managers and other SOC team members on security issues and the emergence of new threats.
Evaluate SOC policies and procedures and recommend updates to management as appropriate.

Knowledge, Skills, and Abilities Required:

Strong understanding of security standards and compliance requirements, especially PCI DSS and CIS Center for Information Security Benchmarks.
Proficiency in intrusion detection systems, firewalls, vulnerability scanners, encryption technologies, and antivirus software.
Knowledge of identity management processes and project management skills.
Experience with incident response program management and strategic business process consulting.
In-depth understanding of IT operational policies, processes, and methodologies related to governance, risk management, and compliance.
Broad knowledge of security fundamentals and technologies, including operating systems, network security, security event management, business continuity, and identity management.
Familiarity with LANs, WANs, Microsoft Active Directory, Windows server, desktop operating systems, DD, SQL Server, GWS and other web services.
Proficiency with Cloud Platforms such as AWS, GCP, Azure, and Alibaba Cloud.
Bachelor’s degree in related field of study or equivalent work-related experience
4+ years of experience in system, network, cloud security, and risk management.
Good experience with a wide range of AWS tools, AWS native Security Services, and practical experience with AWS cloud.
Experience implementing security practices in CI/CD environment – Ansible, Harness, Jenkins, etc.
Hands-on experience with Python and Infrastructure as Code for cloud environments.
Excellent problem-solving and analytical skills, with the ability to work independently and make sound judgments.
Able to identify, troubleshoot, and resolve problems quickly using sound judgment and diplomacy.
Capable of prioritizing tasks and escalating issues when necessary.
Adaptable to changing tasks and deadlines, with the ability to work independently with minimal supervision.
Excellent at multitasking, and open to constant learning
Experience with Blue Team and/or Red/Purple Team and/or MSSP experience preferred.
Experience working with SIEM systems, threat intelligence platforms, security automation and orchestration solutions, intrusion detection and prevention systems (IDS/IPS)
Experience with Amazon Web Services (AWS), Microsoft Azure, or Google Cloud Platform (GCP).
Understanding of AWS services: EC2, VPC, IAM, AWS Systems Manager, etc.

Preferred Qualifications:

Bachelor’s Degree in Computer Information Systems, Computer Science or equivalent.
Professional Certifications in related field (OSCP, OSEP, CISSP, CEH, CompTIA Security+, AWS Certifications, GSEC, CCSP, GCIH, etc).
Knowledge of PCI DSS and e-commerce.
Strong self-management skills, ability to prioritize workload, and work effectively in a team environment.
Up-to-date expertise in e-commerce.
Effective oral and written communication skills.

The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job. Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.

#LI-JC1

The anticipated pay scale for this position can be found below, however the pay range applicable to you may vary by geographic location based on where the job is located or where you work. The final pay offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and years of experience within the job, the type of years and experience within the industry, education, etc. iHerb, LLC is a multi-state employer and this pay scale may not reflect positions that work in other states or locations.

Employees (and their families) that meet eligibility criteria as outlined in applicable plan documents are eligible to participate in our medical, dental, vision, and basic life insurance programs and may enroll in our company’s 401(k) plan. Employees will also be eligible for Time Off and Paid Sick Leave pursuant to the company’s policies. Employees will enjoy paid holidays throughout the calendar year. Eligibility requirements for these benefits will be controlled by applicable plan documents.

Hired applicant may be awarded Restrict Stock Units and receive annual bonuses pursuant to eligibility and performance criteria defined in the respective plan documents and policies.

For more information on iHerb benefits, visit us at iHerbBenefits.com.

Anticipated Pay Scale:

$162,190—$221,169 USD

Staffing Agency Submission Notice
iHerb does not accept unsolicited 3rd party ("Agency") candidates. If you are an Agency, please send any requests to be considered as a supplier in our Vendor Management System to staffingvendors@iherb.com. Do not contact iHerb employees directly. If requested to work on a role, any Agency candidates would be presented through the internal recruiting organization.

About iHerb
iHerb is on a mission to make health and wellness accessible to all. We offer Earth’s best-curated selection of health and wellness products, at the best possible value, delivered with the most convenient experience.

We’re the world’s largest eCommerce platform dedicated to vitamins, minerals, and supplements, and other health and wellness products. For more than 25 years, we’ve been making it simple for people all over the world to purchase the highest quality products. From supplements to skincare to grocery items, we ship over 30,000 products, from over 1,200 brands direct to our customers in 185+ countries.

Our vision is to become the #1 destination for health and wellness across the world.

With a passion for wellness and a mind for innovative solutions, iHerb team members share a vision for a healthier world that drives them each day. Our 5 Shared Values unite our global team:

Focus on the Customer · Empower Our People · Be Entrepreneurial & Pivot Quickly ·
Embrace Diversity & Inclusion · Strive for Simplicity

iHerb Benefits
At iHerb, we are dedicated to offering programs designed to help our employees and their families stay healthy, live well, and plan for their financial future. Built on a strong foundation, our programs provide options and upgrades with flexibility, protection, and security in mind. For the comprehensive benefits list, visit www.iHerbBenefits.com. For our international team members, you may be eligible for benefits depending on the country where you are employed. The Talent Acquisition Partner/local HR representative will go over the benefits you are eligible for.

iHerb is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. iHerb provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment.

Apply for this Job

* Required

First Name *

Last Name *

Email *

Phone *

Location (City) *

Resume/CV *

Dropbox Google Drive

(File types: pdf, doc, docx, txt, rtf)

Cover Letter

Dropbox Google Drive

(File types: pdf, doc, docx, txt, rtf)

Are you currently an iHerb Core Team Member? *

If you answered "Yes" that you are currently an iHerb core team member, what is your Employee ID? (say N/A if you are not currently an iHerb core team member) *

Have you previously been employed by iHerb as a Core Team Member? *

Do you have any relatives currently working at iHerb? *

If "Yes", please provide the name(s) of iHerb employee(s) you are related to. If "No", you can say N/A. *

How did you first hear about this position? *

Were you referred to this position by a current iHerb employee? If "Yes", please note that person's name below. If "No", you can say N/A. *

Are you currently, or have you ever been yourself or related related by blood, marriage or adoption to any officer, director or employee of PricewaterhouseCoopers (PwC) or any of its subsidiaries or affiliates (Price Waterhouse or Coopers & Lybrand)? *

Are you engaged in any business activities that would be in direct conflict with iHerb's business or customers? *

If "Yes" list business activities here. If "No", you can say N/A. *

Are you 18 or older? *

Please select the country of the position you are applying to. *

Are you legally authorized to work in the country where this job is located? Proof of legal authorization to work in-country will be required upon employment. *

Will you now, or will you in the future, require sponsorship for employment visa status (e.g., H-1B visa status; Transfer of Sponsorship, etc.) to work legally in the country where this job is located? *

What are your compensation expectations (gross) for the position you have applied for today? (enter numbers only) *

What is the name of your current company?

What is your current job title?

LinkedIn Profile

Careers Privacy Statement *

iHerb, LLC. and its subsidiaries, including iHerb Netherlands B.V. (collectively, "iHerb") collects personal information from you as part of its job application and recruitment process. The entity that is responsible for this information is the iHerb entity for which you apply for a job. The personal information you provide on this form will be used by iHerb to process your application and manage career opportunities at iHerb. This information also will be shared with our service providers who perform recruitment services on our behalf, including our service provider who operates this careers site on our behalf. For more information about our use of your personal information and the rights available to you under applicable law, please see our Careers Privacy Notice.

Employment Application - Certification *

I certify that all responses and attachments herein are true and complete to the best of my knowledge. I authorize the investigation of all statements and attachments in the application for employment, as may be necessary in arriving at an employment decision. In the event of employment, it is understood that false or misleading information given or attached in my application or interview(s) may result in discharge.

By typing my name below, I understand I am electronically signing the application and that this is a legal representation of my signature.

Voluntary Self-Identification

For government reporting purposes, we ask candidates to respond to the below self-identification survey. Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

As set forth in iHerb’s Equal Employment Opportunity policy, we do not discriminate on the basis of any protected group status under any applicable law.

Gender

Are you Hispanic/Latino?

Please identify your race

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to the Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.

Veteran Status

Voluntary Self-Identification of Disability

Form CC-305

Page 1 of 1

OMB Control Number 1250-0005

Expires 04/30/2026

Why are you being asked to complete this form?

We are a federal contractor or subcontractor. The law requires us to provide equal employment opportunity to qualified people with disabilities. We have a goal of having at least 7% of our workers as people with disabilities. The law says we must measure our progress towards this goal. To do this, we must ask applicants and employees if they have a disability or have ever had one. People can become disabled, so we need to ask this question at least every five years.

Completing this form is voluntary, and we hope that you will choose to do so. Your answer is confidential. No one who makes hiring decisions will see it. Your decision to complete the form and your answer will not harm you in any way. If you want to learn more about the law or this form, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

A disability is a condition that substantially limits one or more of your “major life activities.” If you have or have ever had such a condition, you are a person with a disability. Disabilities include, but are not limited to:

Alcohol or other substance use disorder (not currently using drugs illegally)
Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, HIV/AIDS
Blind or low vision
Cancer (past or present)
Cardiovascular or heart disease
Celiac disease
Cerebral palsy
Deaf or serious difficulty hearing
Diabetes
Disfigurement, for example, disfigurement caused by burns, wounds, accidents, or congenital disorders
Epilepsy or other seizure disorder
Gastrointestinal disorders, for example, Crohn's Disease, irritable bowel syndrome
Intellectual or developmental disability
Mental health conditions, for example, depression, bipolar disorder, anxiety disorder, schizophrenia, PTSD
Missing limbs or partially missing limbs
Mobility impairment, benefiting from the use of a wheelchair, scooter, walker, leg brace(s) and/or other supports
Nervous system condition, for example, migraine headaches, Parkinson’s disease, multiple sclerosis (MS)
Neurodivergence, for example, attention-deficit/hyperactivity disorder (ADHD), autism spectrum disorder, dyslexia, dyspraxia, other learning disabilities
Partial or complete paralysis (any cause)
Pulmonary or respiratory conditions, for example, tuberculosis, asthma, emphysema
Short stature (dwarfism)
Traumatic brain injury

Disability Status

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.

Our system has flagged this application as potentially being associated with bot traffic. Please turn off any VPNs, clear your browser cache and cookies, or try submitting your application in a different browser. If this issue persists, please reach out to our support team via our help center.

Please complete the reCAPTCHA above.

Sr. InfoSec Engineer (Infrastructure Focus)

Apply for this Job

Voluntary Self-Identification

Voluntary Self-Identification of Disability