Security Engineer (Contract)

Job Description

Job Description

Why We Exist and What We Do :

At Dr. Squatch (www.drsquatch.com), we're raising the bar on men's personal care with our line of natural, high-performance products. We're on a high-growth, fast-moving ride, continually introducing new product categories, launching into retailers nationwide, and growing internationally. We have been recognized and certified by Great Place to Work® multiple times, and we achieved status as a certified B Corp in 2023. We are looking for passionate, talented people who want to join us in our mission to inspire and educate men to be happier and healthier!

About the Role :

We're looking for a Security and Privacy Engineer to support our efforts on a contractual basis to support the eCommerce team in securing our Shopify storefronts, maintaining our consent management solution, and standardizing and automating enterprise permissions at scale. This contract is ideal for someone who thrives at applying consistent permission structures to inconsistent SaaS applications to improve and standardize security across the company.

This role will be accountable to the Associate Director, Cybersecurity & Privacy.

Ideally, this contractor should be in the Los Angeles Metropolitan area.

The contractor term is anticipated to be up to 30 hours per week for approximately 12 weeks.

What You'll Do :

Security Responsibilities

You'll be an embedded resource for our eCommerce and Data team and review our Shopify and GitHub environments to identify vulnerabilities and remediate the findings.

• You'll identify, classify, and remediate the high-risk findings to improve our website's security posture
• You'll deploy Aikido, train the teams on how to use it, and remediate the high-risk findings
• You'll encourage secure SDLC processes within the engineering team
• You'll be the security SME for the engineering team
• You'll help develop and secure our Shopify DTC storefront
• Collaborate with stakeholders on the Digital Product team to secure features in our software products

Privacy Responsibilities

You'll partner with our eCommerce and Legal teams to ensure our existing Consent Management solution is harmonized with our Shopify storefronts.

Identity & Access Management Responsibilities

You'll automate our identity and access management processes across cloud environments, SaaS platforms, and our enterprise stack. In-scope applications include Okta, NetSuite, Shopify, Looker, Snowflake, GitHub, and our social media websites.

Timeline

The extension will be mutually agreed upon and confirmed in two-week increments. The confirmation extension should be completed no later than two weeks before the anticipated end date. We estimate that this project should take 20-30 hours per week.

Deliverables

Ideal Contractor Skills & Experience

#LI-BD1 #LI-CONTRACT

Who We Are :

Our core values come naturally and make us a better, more whole, and unique team. We are Bold & Innovative - we are creative, rethink how things are done, and find a way. We Play to Win - we have high standards, we encourage ownership of work, we are scrappy, we act with urgency, and we invest in the outcome of our work. We are Team Squatch - we are humble, help others outside our own wheelhouse, stay positive, have fun, and have approachable and transparent leadership.

We offer a competitive salary in a growth-focused & collaborative team environment. Benefits include medical, dental, vision, 401k with Squatch match, and PTO. We also have great perks like healthy snacks, frequent company events, and of course, free products!

For Applicants with Disabilities. Reasonable accommodation will be made so that qualified applicants with disabilities may participate in the application process. If you need any accommodations during the hiring process, please let us know when you submit your application and we'll do our very best to adjust as needed.

For Information regarding Data Privacy , please review https : / / privacy.drsquatch.com / .

Unsolicited Resume Policy. Dr. Squatch ("DRSQ") employs an internal Talent Acquisition department. Exceptionally, DRSQ may choose to supplement that internal team with support from temporary staffing agencies, placement services, and / or recruiting agencies ("Agency"). Agencies are hereby specifically directed NOT to contact DRSQ employees directly in an attempt to present candidates. DRSQ's Talent Acquisition team is responsible for all candidate presentations to our hiring managers.

To protect the interests of all parties, Dr. Squatch will not accept unsolicited resumes from any source other than directly from a candidate. Any unsolicited resumes sent to DRSQ, including unsolicited resumes sent to a DRSQ email address or mailing address, directly to DRSQ employees, or to DRSQ's resume database will be considered property of Dr. Squatch.

DRSQ will not pay a placement, service or other fee for any placement resulting from the receipt of an unsolicited resume . This also includes partial resumes, LinkedIn profiles, general candidate profiles, and / or candidate details or information. DRSQ will consider any candidate for whom an Agency has submitted an unsolicited resume to have been referred by the Agency free of any charges or fees.

DRSQ's Talent Acquisition team must provide advance written approval to an Agency to submit resumes and / or profiles for a specific job-opening, and the approval must be in conjunction with a valid fully executed staffing, placement or other service agreement. DRSQ will not pay a fee to any Agency that does not have a fully executed agreement in place prior to submission, receipt and placement of candidates.