Senior Security Engineer

The Honest Company   •  

Playa Vista, CA

Industry: Retail & Consumer Goods

  •  

8 - 10 years

Posted 125 days ago

This job is no longer available.

The Role

The Honest Company is looking for a Senior Security Engineer to join our dynamic Technology team. In this role, you’ll be responsible for selecting and designing application security controls across a range of technologies with a focus on networking, application development in the Cloud, and embedding security principles into projects. You’ll perform technical and operational tasks to design, develop, implement and maintain information security solutions using technologies and processes to uphold the confidentiality, integrity and availability of The Honest Company’s information assets. The Security Engineer will work across teams and will collaborate closely with the Information Technology team to deliver solutions for the company business, consistent with the enterprise Information Security strategy.

What You’ll Do:

  • Manage the support and ongoing capabilities of a SIEM (Security Incident and Event Management)
  • Lead the analysis of the intrusion prevention system (IPS) events and escalate as needed
  • Leads PCI compliance assessment, provides documents and address issues found in a timely manner to ensure compliance with credit card networks
  • Provide forensic analysis of security violations
  • Conduct periodic self-assessment and gap analysis related to information security controls and manage the remediation to correct the gaps
  • Verify network, wireless and firewall security systems by conducting reviews and policy assessments.
  • Review network changes relevant to security design including wireless network
  • Document and execute integration processes and standards
  • Document and report performance measurements for information security related products in service
  • Conduct system security and vulnerability analyses and risk assessments
  • Implement, and model security practices for enterprise & cloud environments using an intelligence and threat-driven defense model
  • Clearly articulates vulnerabilities and remedies to technical and non-technical audiences
  • Support in designing, implementing, deploying, and maintaining systems with security best practices and controls embedded from inception and throughout their lifecycle
  • Interact with technology teams to understand business imperatives, document use and abuse cases, and generate security requirements
  • Leverage technical understanding of vulnerabilities and exploits using knowledge of secure application development & cloud deployments to select and implement appropriate controls
  • Articulate system compromise and abuse scenarios based upon an understanding of security weaknesses and vulnerabilities
  • Produce threat models and attack trees as part of security engagements
  • Determine technical solutions to address security weaknesses and work with relevant stakeholders to implement them
  • Escalate and brief senior management on issues affecting technology delivery
  • Performs other related duties as assigned or requested

You’ll love this job if you are:

  • A strong communicator and collaborator. You work effectively with all members of the organization, from individual contributors to top execs
  • Dedicated and fast-moving. You’re known to operate with passion, urgency, focus, and discipline
  • A talented juggler. You successfully manage competing priorities, and you make it look easy
  • Results oriented and a self starter. You love to exceed set goals and take on new projects
  • The definition of integrity. You represent and inspire the highest ethical standards.
  • Adaptable and ambitious. You will enthusiastically take on other assignments as needed to support your team!

What You’ll Need:

  • 7+ years of hands-on experience managing IT systems and infrastructure
  • 5+ years experience in information security
  • Thorough in-depth technical and engineering knowledge of Information Security tools, practices, policies and processes in a multi-vendor environment
  • Experience with system security design, maintenance and testing, with in depth technical knowledge of technologies to defend from hackers and breaches, information processing platforms, operating systems and networks, wireless technologies, security technology associated with networking infrastructure components, remote access products, single sign-on, multi-factor authentication, biometrics, firewalls, computer system architecture, auditing techniques and risk analysis principles
  • Strong understanding of and experience in TCP/IP networking protocols, firewalls, local area network, VoIP, VPN, security assessments, access control, HTTPS, SSL, SSH, DNS, S/FTP, DMARC, and DKIM
  • Experience securing SalesForce Commerce Cloud (SFCC)
  • Experience in securing Amazon Web Service (AWS) and its security tools
  • Hands on experience with Windows, Mac, Linux operating systems, and their associated Command Line Interfaces and shell scripting
  • Hands on experience in managing Active Directory, LDAP, security groups, federated SSO (SAML, OAuth/OpenID), and Okta Federated SSO, policy management and apps integration
  • Knowledge of cloud and enterprise scanning tools (e.g., evident.io, whitehat.com, SecurityCenter, tenable.io), log monitoring software, vulnerability management tools, and database vulnerability and monitoring tools.
  • Knowledge of PCI Compliance and associated requirements
  • Experience configuring and managing IDS/IPS and MSSP systems, anti-malware, anti-virus detection software; experience with IPS and NGAV system and forensics is a plus
  • Working knowledge of design, implementation, and maintenance of security incident and event management (SIEM)
  • Experience managing risk using the NIST Risk Assessment Framework

Bonus points for certifications in:

  • CISSP, GIAC, GISP, GSEC, SSCP, GISF, CBCP, CISCO