Sr. Security Engineer

HELP US BRING THE GIFT OF HEALTH TO LIFE.

Working at Pharmavite is an experience like no other. With a focus on complete nutrition for all, each endeavor is urgent and every day counts. You'll have the opportunity to work on the #1 selling national vitamin and supplement brand, Nature Made, as well as an exciting portfolio of other products that are shaping the future of the healthy living industry. Consumer-driven innovation, high quality products and a promising portfolio, all driven by a team with a shared sense of purpose -- that's Pharmavite. Join us to bring the gift of health to life.

This role is not available for sponsorship, including I-983 participation. 

Position Summary: 

The Senior Security Engineer plays a key role in safeguarding our organization's digital assets and ensuring the integrity, confidentiality, and availability of our systems and data. This position demands a deep understanding of cybersecurity principles, technologies, and best practices, along with the ability to implement and manage robust security solutions. This individual is responsible for implementing, monitoring, and measure the necessary standards, controls, and procedures to protect the organization’s technology systems. Protecting the company from unauthorized access, modification, or destruction. The individual is responsible for maintaining integrated programs to protect the integrity, confidentiality, and availability of the organization’s technology infrastructure and information resources. 

Critical success factors for this role: 

• Expected to establish and execute a structured approach to analyzing security alerts and potential incidents.  
• Lead day-to-day investigation of security alerts, identifying and assessing potential threats, unauthorized activity, and policy violations. Serve as Incident Response Team lead for high-severity incidents and potential breaches, driving coordinated response efforts including containment, remediation, communication, and post-incident review. 
• Respond to information system security incidents, including investigation of, countermeasures to, and recovery from computer-based attacks, unauthorized access, and policy breaches.  
• Collaborates with leadership, IT teams, and other departments to align and execute security priorities and initiatives with business objectives.  
• Conduct regular vulnerability assessments and penetration tests to identify and remediate security weaknesses. Implement and manage vulnerability management programs to ensure timely patching and mitigation of vulnerabilities. 
• Develop and deliver security awareness training programs to educate employees on cybersecurity best practices and raise awareness of emerging threats. Foster a culture of security across the organization. 
• Provide guidance and support to IT and business stakeholders on security-related matters. Collaborate with cross-functional teams to integrate security into the organization's processes and projects from inception to completion. 

Responsibilities: 

• Provide front-line support for all information security-related issues, guiding secure infrastructure deployments and consulting on secure application development. 
• Manage SSL certificates and encryption keys. Monitoring and responding to emerging threats.  
• Lead security compliance efforts across partner organizations, performing risk analysis on large-scale compliance/remediation efforts, partnering with legal and other business units as needed.  
• Coordinate security compliance efforts by performing regular application and infrastructure vulnerability assessments, evaluating, and recommending operating systems and application patches. Review and recommend new security products as necessary.  
• Conducts regular audits of systems to ensure security standards and processes are being followed. Participates in and leads internal and external security audit interactions. 
• Conduct thorough risk assessments to identify potential security vulnerabilities and threats. Develop risk mitigation strategies and prioritize security controls to address high-risk areas effectively.  
• Ensure compliance with relevant regulations, standards, and frameworks by conducting security audits and assessments. Develop and enforce security policies, procedures, and guidelines to align with regulatory requirements and industry best practices. 
• Provides consultancy to internal customers on risk assessment, threat modeling, and fixing vulnerabilities. Collaborates with peers and user communities to define projects and prioritize resources. 
• Contributes to the development of security policies and processes and fosters a culture of security awareness among employees through regular training programs and communication initiatives.  
• Stay abreast of emerging technologies and trends in cybersecurity and evaluate and implement appropriate solutions to address evolving threats. 

Education: 

• Requires a four (4) year college or university degree in Computer Science, Business Administration, or related field and/or relevant equivalent experience. An advanced degree is desired.  

Certification: 

•  CISA, CISM, GSEC, CISSP, and/or other security certifications preferred. 

Experience: 

• Minimum of 6 years of experience in enterprise cybersecurity with a proven track record of leading security initiatives, managing security projects, and providing strategic guidance on security matters.  Minimum of 3 years of experience with secure data handling methodologies, data leakage prevention, and development. 

Knowledge/Skills/Abilities: 

• Deep understanding of cybersecurity principles, technologies, and best practices, along with strong analytical and problem-solving skills. 
• An understanding of the organization's industry, business model, and objectives is crucial for aligning security efforts with business goals. Ability to articulate how security initiatives support the organization's overall success. 
• Technical knowledge across a broad spectrum of security engineering, including systems and network security, database security, authentication and security protocols, cryptography, and application security (including secure code development techniques). 
• The ability to develop and execute cybersecurity strategies that align with business objectives and can anticipate future threats and develop proactive measures to mitigate risks. 
• Deep knowledge of risk management principles and practices, and adept at assessing cybersecurity risks, implementing controls to mitigate those risks, and effectively managing incidents when they occur. 
• Strong technical background in areas such as network security, cloud security, cryptography, and penetration testing. Understanding of the technical aspects of security and the ability to effectively communicate with technical teams.  
• Hands-on experience leading one or more of the following functions: GLBA/privacy, third-party risk management, cyber resilience planning/response, or strategy/board reporting. 
• Detailed understanding of network and web-related protocols (e.g., TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols). Knowledge of industry-standard security methodologies. 
• Broad and current knowledge of regulatory and voluntary standards for information security and privacy. 
• Background in selecting and partnering with external partners on technology development and ongoing support. 
• Exceptional communication skills and the ability to facilitate crucial conversations at all levels of the organization. 

Physical Requirements: 

• General office environment, ability to sit for long periods of time.  Ability to move about an office. 

Environment: 

• Exposure to disagreeable elements is negligible. 

Safety: 

• The incumbent must be able to perform this job safely without endangering the health or safety of self or others. 

Supervisory Responsibility: 

• The incumbent may have direct supervisory responsibility for highly technical managers and staff.  

OUR OFFER

Here, career paths aren't predefined, and bureaucratic limitations don't exist -- you have the opportunity to grow, learn from industry pioneers, and develop the way you want to. Pharmavite is investing more in the development of our team -- to help us deliver on our purpose and help you achieve your career aspirations. Our environment is geared to fuel curiosity, encourage experimentation, and generate learning as this is the way we develop ourselves and our organization.

Pharmavite is committed to meeting the needs of our employees and their families with a Total Rewards package that's as comprehensive as the vitamins and supplements we deliver to consumers. With competitive compensation programs and standout benefits, we provide employees with optimal health and well-being -- as well as peace of mind. These rewards -- plus our new recognition program -- ensure employees feel supported both at work and home.

National Target Base Pay Range: $112,000.00 - $190,000.00 

The salary range for this position is based on national standards. For candidates in California and the New York metro, the Target Base Pay Range is $124,000.00 - $212,000.00, to reflect the cost of living and market conditions in those areas. 

Actual compensation will take into account a wide range of factors that are unique to each candidate, including but not limited to geographic location, education, experience, qualifications and job-related skills. It is not typical for an individual to be hired above the midpoint of the range for their role, and compensation decisions depend on the facts and circumstances of each case. This information is provided to applicants in accordance with state and local laws. 

Base pay is only one component of our total rewards offerings, and we will take the full offering into consideration when presenting an offer of employment.  Our total rewards package for this position may also include an annual performance bonus, Medical, dental, and vision benefits, 401K match, and other wellness benefits.  

Visit Pharmavite.com/careers to learn more about our mission and discover an opportunity that's right for you. Health and wellness begins with us.

Pharmavite is an equal employment and affirmative action employer F/M/Disability/Vet/Sexual Orientation/Gender Identity. All qualified applicants are encouraged to apply and will receive consideration for employment without regard to their protected veteran or disabled status, or any protected status. We do not discriminate in employment based on race, color, religion, age, sex, sexual orientation, gender identity, national origin, or any other basis covered by applicable law. All employment is decided based on qualifications, merit, and business need.

Disclaimer

The above information on this description has been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties, responsibilities and qualifications of employees assigned to this job.

CALIFORNIA FAIR CHANCE ACT:

Qualified Applicants with arrest or conviction records will be considered for Employment in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

JOB ALERT FRAUD:

We have become aware of scams from individuals, organizations, and internet sites claiming to represent Pharmavite in recruitment activities in return for disclosing financial information.

Our hiring process does not include text-based conversations or interviews and never requires payment or fees from job applicants. All of our career opportunities are regularly published and updated on Pharmavite.com’s Careers section.

If you have already provided your personal information, please report it to your local authorities. Any fraudulent activity should be reported to: recruiting@pharmavite.com.

#WIM