iHerb is a multi-channel retailer of vitamins, nutrition, supplements and natural products. With over 30,000 products on our website and distribution to over 150 countries we are disrupting the E-Commerce industry with our low costs and quick delivery. Located in the business capital of Orange County, iHerb-Technology is less than 15 minutes from the beautiful California coast. We are a thriving company, only looking for the best talent. We are looking for dedicated employees to help expand our business.
We are a highly distributed e-commerce company with several different in-house developed systems that deal with the huge volume of data flowing throughout the system. We are looking for a Vulnerability Management Engineer to join our growing security division.
- You are a subject matter expert in systems engineering, network architecture and security tooling
- You can use both automated scanners and manual penetration testing to assess the security posture of the environment.
- You can document policies, standards and processes related to Vulnerability Management, and keep them current.
- You can keep track of remediation of vulnerabilities as they are handed off to the other teams.Where needed, you can update or create documentation for the overall Vulnerability Management Program, use of security tools, such as SOPs, architecture documentation,
- You will support our compliance programs (such as PCI) by helping implementing and documenting controls, examining evidence for compliance to standards.
- You can run Scans and Penetration Testing.
- You have 3-5 years of experience in Information Security
- You have a Bachelor’s Degree in Information Technology, Information Security, Computer Science, or related fields
- Advanced industry certification strongly desired, e.g. SANS GIAC, CompTIA Security+, CISSP, CISM, Certified Cloud Security Professional (CCSP), Certified Ethical Hacker (CEH)
- Prior experience in Vulnerability Management and its related processes and procedures.
- Possess an understanding of PCI Compliance and EU GDPR Requirements
- Strong knowledge of multiple security tools for both Cloud and On-Prem scenarios.
- Good knowledge of AWS (Amazon Web Services), GPC (Google Private Cloud), Azure, or other cloud platforms and related technologies is strongly desired.
- Strong knowledge of SIEM, such as Splunk, and related tooling and automation.
- Strong Knowledge of Vulnerability Management solutions.
- Provide support for strategic business process/reengineering consulting as appropriate and work on multiple technically complex high profile projects.
- Demonstrate an understanding of key IT operational policies, processes and methodologies applicable to governance, risk management and compliance.
- General understanding of security fundamentals (cryptography, least privilege, segregation of duties,…) and general security technologies, including operating systems, network security (firewalls, VPNs, etc.), security event management, business continuity, physical security, identity management, directory services, etc.
- Knowledge of Active Directory, DDNS, Group Policy, Microsoft Windows Server and Desktop
What we offer:
- An opportunity to get involved and build the tech foundation in a highly elastic distributed system deployed across 17 different datacenters in 3 different clouds.
- Competitive compensation
- Growth potential. We rapidly advance team members who have an outsized impact.
- Flexible vacation policy.
- Equity award program