Junior Security Architect
Job Summary:
The Junior Security Architect executes routine information security architecture activities related to standards, documentation, design, integration, deployment, monitoring, analyzing, and improving systems. With guidance from management and senior team members, supports the implementation and maintenance of appropriate application and information security standards, procedures and products. Assists senior staff in the evaluation, development, implementation and operational aspects of security standards, procedures and guidelines for multiple platforms and diverse systems environments. This role follows the architecture track for career advancement and partners with our infrastructure and development teams to ensure architectures are sound, conform to standards and are built efficiently and securely.
Job Expectations:
Assist in security reviews of architectures, ensuring standards are adhered to, documenting standards
Respond to security events, analyze flagged events, and partner with others in the security team to research the patterns of those events
Understand the active incident detection and response patterns in order to facilitate building automation and architecture to remediate and reporting
Learn to configure and tune tools related to monitoring security
Assist in managing remediation of any findings from internal or external assessments
Perform security reviews on request of new modules, components, systems and integrations
Assist in SOAR (Security Orchestration and Automated Response) , utility and script development to improve automation around threat identification and threat hunting
Research, validate and deploy solutions meeting security and business needs
Integrate and support security tools
Remain current with new security threats and assess systems to ensure they can defend the business
Constantly research capabilities of current and new disruptive solutions on the market and make recommendations to security leadership
Create and maintain, with guidance, architectural models and architectural threat models of systems
Possess a DevOps focus across technology and security architecture, automation, integration and distribution
Support our compliance programs (such as PCI-DSS) by helping implement and document controls, examining evidence for compliance to standards and perform recurring pen-tests of applications in scope
Conduct engineering performance testing to stress the limitations of security solutions while at the same time ensuring business innovation and day-to-day processes are not negatively impacted
The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job. Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.
Knowledge, Skills and Abilities:
Required:
Ability to work in a fast paced, rapidly changing environment and a strong desire to learn
Current understanding of modern DevOps practices, software design patterns and architectures
Experience with prevalent cloud environments (e.g. AWS, GCP, Azure, …)
A working knowledge of application security practices and concepts including intrusion detection/ prevention, authentication, authorization and access controls, risk assessment, vulnerability mitigations, code integrity, and data encryption
Understanding of PCI-DSS and EU GDPR
Knowledge researching, analyzing and recommending information security solutions
High degree of accuracy and attention to detail
Excellent organizational skills and ability to multitask
Experience with agile development and introducing product security stories
Ability to drive security efficiencies, enabling security team members to work on more advanced tasks
Experience designing or reviewing designs of resilient systems in public and private clouds including containerized workloads
Experience with various tooling in information security
Equipment Knowledge:
Experience with Microsoft Office Suite (Word, Excel, PowerPoint)
Experience with Google Business Suite (Gmail, Drive, Docs, Sheets, Forms) preferred
Experience Requirements:
Generally two (2) or more years experience within information security. Experience in cloud environments strongly preferred ( AWS, GCP, Azure, etc) and some experience identifying, assessing, and remediating technical security vulnerabilities preferred.
Education Requirements:
Bachelor’s Degree or higher in Information Technology, Information Security, Computer Science, or a related field strongly preferred. Advanced industry certification, e.g. CCSK, CCSP, TOGAF, Offensive Security Certified Professional (OSCP), Offensive Security Web Expert (OSWE), CISSP, preferred. A demonstrable strong experience may be considered as a replacement for a college degree.
#LI-KF1
At iHerb we strive for innovation, targeted at delivering a customer-centric experience while transforming the online shopping experience. We change direction and define ourselves in the idea that individually we are incredible but united our growth is infinite and paramount to our success. iHerb strives to be the global industry leader!
iHerb is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. iHerb provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment.