Back to jobs
I

Sr. Security Engineer II

Home Office (CA)Posted Yesterday
Full-timeonsite

Job Description

For A Better You

At iHerb, we believe that living a healthy and balanced life should be easy and accessible to everyone. As a team member, we’ll empower you to live this promise each day as you make a truly global impact in your career. 

We constantly strive for innovation, while transforming and improving the online shopping experience for our customers. We believe that individually we are incredible, but when we come together, our growth is infinite. In an industry that is constantly evolving, we are on a mission to make an impact on the global market, and the individual and collaborative efforts of our people are paramount to helping us succeed.

Whether you work in one of our logistics centers, technology hubs, corporate offices or even from home, your role at iHerb will take you beyond what’s expected, turning challenge into change. If you're ready for it, we want you to join our team. Get started now.



About the Role

We are looking for a hands-on Security Automation Engineer and builder who thrives on creating automated, secure cloud environments and scaling security operations. You will design and maintain infrastructure-as-code, cloud security automations, and modern security tooling — with a strong focus on AWS, Splunk Enterprise Security, Splunk SOAR, and Okta Identity. This role combines deep cloud infrastructure expertise with security orchestration and identity management to strengthen our overall defensive posture.

Key Responsibilities

  • Design, develop, and maintain automation frameworks and scripts (Python, Bash, Terraform) to streamline security processes and workflows.

  • Deploy and manage secure, scalable infrastructure on AWS using Terraform via Scalr and Harness, with additional presence in GCP and Azure.

  • Build, support, and optimize AWS Step Functions, Lambda, and EventBridge workflows from a centralized tooling account that operates across multiple spoke accounts in the AWS Organization.

  • Maintain Kubernetes clusters using Helm charts, including in-house security automations on pods that integrate with CSPM tools and Jira ticketing processes.

  • Develop and enforce cloud security guardrails using OPA, Guardrails, Service Control Policies (SCPs), IaC security gates, and tag policies.

  • Architect, build, and maintain Splunk Enterprise Security (ES) integrations, including onboarding log sources, managing indexes, tuning correlation searches, and configuring automated response actions.

  • Design and implement Splunk SOAR playbooks to automate security tasks, reduce Mean Time to Respond (MTTR), and scale SOC capabilities.

  • Serve as the subject matter expert for Okta Identity Engine (OIE) — building and managing scalable SSO policies, modern authentication (SAML/OIDC), and identity lifecycle processes.

  • Leverage AWS security services (GuardDuty, Macie, IAM, Control Tower, KMS, CloudTrail, EventBridge) to build event-driven automations for threat detection and response.

  • Own the in-house Jira management process for CSPM findings and the supporting data pipeline that feeds AWS QuickSight dashboards.

  • Collaborate with cross-functional teams (Dev, Platform, Security, and SOC) to integrate security automation into CI/CD pipelines and shift security left.

  • Conduct risk assessments, enforce security best practices, and continuously improve our defensive posture through automation and tooling.

  • Monitor, troubleshoot, and optimize cloud infrastructure and security systems to ensure high availability, performance, and compliance.

  • Stay current with AWS best practices, security trends, and emerging technologies to drive continuous improvement.

Required Skills & Qualifications

  • 10+ years of experience.

  • Strong hands-on experience with:

    • Terraform, Kubernetes (EKS + Helm), Docker, and scripting in Python & Bash

    • AWS services including Step Functions, Lambda, EventBridge, GuardDuty, Macie, IAM, Organizations, and QuickSight

    • Policy-as-code tools (OPA, Guardrails, SCPs) and IaC security scanning

    • Splunk Enterprise Security (ES) administration, log onboarding, correlation search tuning, and automated responses

    • Splunk SOAR playbook development and automation

    • Okta Identity Engine (OIE), SSO, SAML, and OIDC protocols

  • Proven ability to work independently with minimal supervision while collaborating effectively with cross-functional teams and providing technical guidance.

  • Experience designing automation solutions that reduce MTTD and MTTR.

  • Solid understanding of cloud security principles, compliance frameworks, and secure infrastructure design.

Preferred Qualifications

  • Experience with Scalr, Harness, or similar IaC deployment platforms.

  • Familiarity with GCP and/or Azure cloud environments.

  • Prior experience integrating security tools with Jira and building data pipelines for visualization (QuickSight or similar).

  • Security certifications (AWS Security Specialty, CKS, Splunk-related certifications, or Okta certifications) are a plus.

#LI-JC1


Compensation:

The expected salary range for this role is $162,000.00 - $190,000.00 USD. The actual base pay offered will be determined by factors such as the candidate's relevant experience, education, geographic location, and internal equity.

If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us!


Staffing Agency Submission Notice
iHerb does not accept unsolicited 3rd party ("Agency") candidates. If you are an Agency, please send any requests to be considered as a supplier in our Vendor Management System to [email protected]. Do not contact iHerb employees directly. If requested to work on a role, any Agency candidates would be presented through the internal recruiting organization.


iHerb is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. iHerb provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment.

Sr. Security Engineer II at Iherb | Renata