Job Specifications
Why We Exist and What We Do:
At Dr. Squatch (www.drsquatch.com), we're raising the bar on men's personal care with our line of natural, high-performance products. We're on a high-growth, fast-moving ride, continually introducing new product categories, launching into retailers nationwide, and growing internationally. We have been recognized and certified by Great Place to Work(r) multiple times, and we achieved status as a certified B Corp in 2023. We are looking for passionate, talented people who want to join us in our mission to inspire and educate men to be happier and healthier!
About the Role:
We're looking for a Security and Privacy Engineer to support our efforts on a contractual basis to support the eCommerce team in securing our Shopify storefronts, maintaining our consent management solution, and standardizing and automating enterprise permissions at scale. This contract is ideal for someone who thrives at applying consistent permission structures to inconsistent SaaS applications to improve and standardize security across the company.
This role will be accountable to the Associate Director, Cybersecurity & Privacy.
Ideally, this contractor should be in the Los Angeles Metropolitan area.
The contractor term is anticipated to be up to 30 hours per week for approximately 12 weeks.
What You'll Do:
Security Responsibilities
You'll be an embedded resource for our eCommerce and Data team and review our Shopify and GitHub environments to identify vulnerabilities and remediate the findings.
You'll identify, classify, and remediate the high-risk findings to improve our website's security posture
You'll deploy Aikido, train the teams on how to use it, and remediate the high-risk findings
You'll encourage secure SDLC processes within the engineering team
You'll be the security SME for the engineering team
You'll help develop and secure our Shopify DTC storefront
Collaborate with stakeholders on the Digital Product team to secure features in our software products
Privacy Responsibilities
You'll partner with our eCommerce and Legal teams to ensure our existing Consent Management solution is harmonized with our Shopify storefronts.
Identity & Access Management Responsibilities
You'll automate our identity and access management processes across cloud environments, SaaS platforms, and our enterprise stack. In-scope applications include Okta, NetSuite, Shopify, Looker, Snowflake, GitHub, and our social media websites.
Platform Reviews
Review the in-scope applications for permissions creep, stale accounts, and violations of our security policies.
Partner with the business teams to understand how to apply least-privilege and Role-Based Access Control on each application.
Adjust permissions accordingly.
Automations
Assess the existing applications, users, and permissions identify opportunities for automation and standardization.
Automate and standardize the identity and access management processes across the company.
Provide knowledge transfer to internal IT/security teams as needed.
Timeline
Week 1: Dr. Squatch intro and Transcend/Shopify architecture review
Week 2-5: Transcend x Shopify Deep Dive and Alignment
Week 6: Security Scorecard report review, and Github/Shopify assessment
Week 7: Aikido deployment and training
Week 7-9: Security Scorecard high-risk remediations
Week 10: Review in-scope applications to identify and design automation opportunities
Week 10-12: Implement automation strategies to better standardize and manage user permissions across all in-scope systems
The extension will be mutually agreed upon and confirmed in two-week increments. The confirmation extension should be completed no later than two weeks before the anticipated end date. We estimate that this project should take 20-30 hours per week.
Deliverables
Security Scorecard before and after report demonstrating risk reduction
Aikido/Github before and after report demonstrating risk reduction
Shopify Consent Management documentation
Automated provisioning/deprovisioning scripts or documentation
Knowledge transfer sessions and training materials
Ideal Contractor Skills & Experience
DTC experience, specifically in securing Shopify-centric environments
3 years of software engineering experience with web languages: JavaScript, TypeScript, React or Vue.js, HTML, CSS, CSS preprocessors (eg: SASS, postscript).
Experience in a Consent Management platform or Shopify Privacy API
Deep experience with IAM tools, preferably Okta
Scripting and automation skills
Excellent communication and documentation skills
Who We Are:
Our core values come naturally and make us a better, more whole, and unique team. We are Bold & Innovative - we are creative, rethink how things are done, and find a way. We Play to Win - we have high standards, we encourage ownership of work, we are scrappy, we act with urgency, and we invest in the outcome of our work. We are Team Squatch - we are humble, help others outside our own wheelhouse, stay positive, h