IT Security Engineer

Plexus Worldwide

Clean wellness products and supplements to support weight loss, nutrition, skincare, and more. Plexus Worldwide - Founded in gut health. Experts in microbiome.

We’re hiring an Information Technology Security Engineer III!

About the position

Responsible for penetration testing a variety of environments based on methodical adherence to attack-scoring frameworks. Builds, deploys, and maintains new security automation and orchestration tooling to integrate scanning and monitoring for compliance within existing pipelines. Reviews and guides internal teams in developing more secure codebases, while educating them on best practices to build a strong “security-first” culture.

Who will love this job?

• A team steward: you are motivated to do your best work and strive to elevate the entire team.
• A creative problem solver: you are energized by roadblocks and have a knack for troubleshooting problems in stride and solving them in a calm, cool, and collected manner.
• An efficient worker: you enjoy having multiple priorities at one time and multitask without breaking a sweat.

What you'll do

• Conduct ongoing internal and 3rd party vendor penetration testing and auditing aligned with compliance and legal objectives.
• Perform threat modeling in accordance with OWASP Top 10, MITRE ATT&CK, and similar attack-scoring frameworks.
• Monitor, test, and proactively report on current threats and vulnerabilities to respective teams.
• Research and educate on emerging threats within similar environments and landscapes, along with offering remediation solutions for such.

Security Tooling, Automation, & Orchestration:

• Build, ship, and maintain various security packages to internal application codebases for automation.
• Identify vulnerable dependencies across the organization and work with individual teams to resolve them.
• Install preventative programmatic measures to mitigate repeat vulnerability occurrences.
• Integrate security monitoring within existing CI/CD pipelines. Working with Ansible and Jenkins is a plus.
• Build complex regex pattern identification scripts and parsing to identify potential injection attempts.
• Build and integrate APIs from disparate systems for orchestrated audits and scans.

Secure-SDLC (SSDLC) Guidance, Codebase Review & Support:

• Develop detailed security design and procedures across the enterprise to drive a standardized set of requirements and align with internal policies.
• Lead secure-SDLC and product security maturity efforts to adopt a shift-left approach to security.
• Conduct platform/service workload design and architecture reviews, as well as audit source code for compliance.

Monitoring, Logging, & Reporting:

• Parse a variety of debug logs for determining behavioral baselines to formulate granular internal policies and standards.
• Orchestrate log ingestion into tools and tune rulesets for advanced metrics reporting on enterprise-wide security posture.
• Build leaderboards and reporting interfaces on current and forecasted KPIs and risk indicators.

Other General Duties:

• Provide product security related coaching and mentoring to elevate security expertise of development teams.
• Take ownership of security decisions made in the engineering organization by helping organization members make clear decisions in alignment with organizational goals.
• Foster a company-wide positive culture by having conversations based on organizational strategy and principles to create alignment.
• Ensure security goals are understood and continuously worked towards across the organization.
• Take ownership and responsibility for organizational security practices and processes and their continuous improvement.
• Effectively handle risk, change, and uncertainty across the organization.
• Facilitate organization-wide discussions, ensuring that everyone has an opportunity to share their opinion and be heard.
• Actively advance a culture of documentation and knowledge sharing across the organization.
• Ability to work off-hours with occasional evenings, weekends, and/or holidays.

What you need to know

• Bachelor’s Degree in computer science or a related field or equivalent work experience.
• 8 years experience as a Software/Security Engineer or Architect.
• 8-10 Years of Development Experience in the following languages: Python, JS (Node, AJAX), Java, SQL, Linux Bash (or similar terminal languages), XML, YAML/JSON.
• 3-4 years of Docker and/or k8s, Ansible, Jenkins, Terraform, and AWS/Azure preferred. Deep and current experience with AWS/Azure architectural design patterns and application.
• Preferred Certification/ License: Any credentials from the following certification bodies: ISC2, ISACA, CompTIA, GIAC, AWS, Azure, TOGAF, SABSA.
• Expert knowledge and experience with Kali Linux tooling (Burp, ZAP, Metasploit, sqlmap, etc).
• Experience designing and implementing webhooks, SOAP, REST, and GraphQL APIs.
• Expert knowledge of web application and database design, development, and integration techniques.
• Participation in bug hunting / bug bounty communities is a plus.
• Experience with PCI / GDPR / or CCPA a plus.
• Knowledge and experiences with data protection concepts such as: (a) data obfuscation, anonymization, & de-identification; (b) secrets management; and (c) vault services.
• Experience building application parameterized/prepared-statement query interfaces a plus.

About Plexus

Plexus Worldwide is a leading direct-sales company founded in Scottsdale, Arizona, where it remains a top employer and economic driver. For the past 16 years, Plexus has been focused on igniting hope, health, and happiness through its science-backed nutritional products, skincare, and an exciting home-based entrepreneurial opportunity.

As a 6-time Best Places to Work winner, the company enjoys a solid organizational culture and deeply commits to giving back to communities in need.

Our Core Values

• We are One Plexus.
• We are accountable.
• We get the job done right.
• We empower others.
• 401k program with a company match and immediate vesting.
• Quarterly bonuses based on company profitability.
• Weekly drawings for gift cards and cash.

Thank you for taking the time to apply for an opportunity with our One Plexus team! If you have any issues during the application process, please get in touch with us directly at

We are committed to protecting the privacy and security of your information. Visit our Candidate Privacy Notice for additional information.