Job Description

Description

Core Values:

CUSTOMER

F - Fearless & Fast …We are not afraid to fail! We embrace risk and drive change with urgency.

I - Inclusive …We honor, respect and encourage diversity and differences! We celebrate wins by collaborating, sharing goals, supporting each other and having fun.

R - Results Driven …We are passionate about customers and business results! We achieve results through talent nurturing, intentional goal setting, data-driven decisions and execution.

S - Serve Communities …We give back to the communities to which we owe our success! Our customers, colleagues, partners, family, friends and neighbors.

T - Trust & Accountability …We empower and hold each other accountable to deliver on commitments, and trust each other’s positive intent.

Our Mission:

To help people change their life and become their best self!

GENERAL DESCRIPTION

The Senior Security Engineer/Architect will serve as subject matter expert and have the responsibility for ensuring that proposed system security designs follow Bodybuilding.com security polices, standards, and regulatory requirements.

RESPONSIBILITIES/ TASK

  • Establish security guidelines, policies and practices for Bodybuilding.com's internal and customer facing infrastructure.
  • Audit and evaluate aspects of IT security, operational security, systems security, and software security.
  • Perform reviews of approved security architectures, systems and environments to confirm compliance with information security policies, standards and processes.
  • Provide security design consulting to company lines of business
  • Maintain expert proficiency in emerging trends in information security.
  • Follow-up on implementation of corrective actions from engineering design reviews, assessments and incidents, and provide direct guidance for security remediation activities.
  • Communicate effectively about technical security issues and translate into terms that are understood by business stakeholders.
  • Lead incident response team in the event of a security incident
  • Proactively threat hunt for indicators of compromise
  • Regularly update executive teams regarding security improvements and projects
  • Provide new hire orientation security training and quarterly employee security training

QUALIFICATIONS

  • Hands on experience with enterprise security architecture, engineering and implementation.
  • Strong knowledge of securing AWS Cloud architectures
  • Expert-level knowledge of Application-Layer Firewalls, Cloud-based Web Application Firewalls, IDS/IPS systems, URL filters, malware sandboxes, and network segmentation/protocols.
  • Experience with web application scanning tools (Tenable, Rapid7 Nexpose, Qualys)
  • Experience with attack proxy configuration and usage (BurpSuite or OWASP ZAP)
  • Experience with manual web application testing techniques (XSS, CSRF, SQLi, RFI, LFI, etc)
  • Expert-level knowledge in Linux system administration
  • Knowledge of database security principles
  • Strong knowledge of encryption technologies and architectures
  • Experience with logging and log analysis tools such as ELK
  • Experience with identity and access management principles and technology
  • Experience with security tools, including anti-malware/anti-exploit, endpoint detection and response, user awareness platforms, data-loss prevention, and cloud access security brokers.
  • BA or BS degree in CS, Information Systems or 10 Years relevant experience
  • Understanding of PCI compliance and how it relates to E-Commerce companies

Skills and ability: strong organizational skills; detail-oriented, highly proactive, able to work with a minimum direct-supervision, and strong communication skills. Comfortable working in a fast-paced environment.

Bodybuilding.com offers its employees several benefits such as: health, dental and vision insurance; 401(k); Competitive bonuses; Gym Membership Reimbursement; Employee Discount

Bodybuilding.com is an Equal Opportunity Employer. The above information has been designed to indicate the general nature and level of work performed by employees in this classification. It is not designed to contain or to be interpreted as a comprehensive inventory of all duties, responsibilities, and qualifications required of the employee assigned to this job.

Application Instructions

Please click on the link below to apply for this position. A new window will open and direct you to apply at our corporate careers page. We look forward to hearing from you!

Apply Online