Security Engineer (IAM)

About SHEIN 

SHEIN is a global online fashion and lifestyle retailer, offering SHEIN branded apparel and products from a global network of vendors, all at affordable prices. Headquartered in Singapore, with more than 15,000 employees operating from offices around the world, SHEIN is committed to making the beauty of fashion accessible to all, promoting its industry-leading, on-demand production methodology, for a smarter, future-ready industry. 

Position Summary

SHEIN Global Security and Risk Management (GSRM) is a global security organization that oversees security infrastructure, risk management, data privacy, business fraud, governance, and regulatory compliance across SHEIN’s global footprint. It is composed of a team of security professionals, innovators and thought leaders that have had decades of global security experience, led large scale transformations, and served in Fortune 500 executive roles.

We're seeking a Security Engineer – IAM (Official Title: Security Engineer I) for our Los Angeles-based corporate office, who will lead and enhance our Identity and Access Management (IAM) strategy across cloud and enterprise environments. This engineer will play a critical role in designing, implementing, and managing IAM frameworks that balance security, business agility, and compliance needs. This is an opportunity to unify existing IAM technologies or build a scalable IAM solution from the ground up.

The ideal candidate thrives in dynamic environments, adapts quickly to change, and possesses deep expertise in IAM, Zero Trust security models, PKI, authentication protocols, and cloud security. You will collaborate with cross-functional teams to secure identity lifecycles, automate IAM workflows, and strengthen access controls across our global footprint.

Job Responsibilities

• Lead IAM Strategy: Design and implement a unified IAM framework for cloud and enterprise environments (AWS, Azure, Google Cloud).
• IAM System Architecture: Assess, unify, or build IAM solutions, integrating SSO, MFA, risk-based authentication, and federated identity management.
• Access Controls & Governance: Manage user roles, permissions, and lifecycle processes, enforcing least privilege and Zero Trust principles.
• Automation & Integration: Work with DevOps and engineering teams to embed security into CI/CD pipelines and automate IAM processes.
• Incident Response: Investigate and remediate IAM-related security incidents, ensuring rapid response to access breaches and credential compromises.
• Regulatory Compliance: Conduct IAM security audits, align with compliance frameworks (GDPR, CCPA, SOC 2, NIST, ISO 27001), and enforce policy automation.
• Collaboration & Leadership: Provide technical mentorship, cross-functional security expertise, and IAM best practices to teams globally.
• Documentation & Reporting: Maintain security architecture diagrams, configurations, IAM playbooks, and incident response procedures.

Job Requirements

• 3+ years of security experience, including 2+ years of hands-on IAM security expertise is preferred.
• Strong experience in IAM architecture, implementation, and identity federation technologies (SAML, OAuth, OpenID Connect, LDAP).
• Expertise in cloud IAM security (AWS IAM, Azure AD, Google Cloud IAM).
• Experience with PKI, certificate management, authentication, and authorization models.
• Proficiency in automation and scripting (Python, PowerShell, Golang, or Java).
• Hands-on experience integrating IAM with DevOps, CI/CD pipelines, and SaaS platforms.
• Familiarity with IAM governance, role-based access control (RBAC), attribute-based access control (ABAC), and identity lifecycle management.
• Strong knowledge of compliance and risk frameworks (NIST, CIS, SOC 2, GDPR, CCPA).
• Exceptional problem-solving skills, strategic mindset, and ability to manage complex IAM projects.
• Excellent communication and collaboration skills, with experience working across global teams, are preferred.
• Security certifications such as CISSP, CCSP, AWS Security Specialty, Azure Security Engineer are preferred.
• Experience with privileged access management (PAM) solutions and adaptive authentication mechanisms is preferred.

Benefits and Perks 

• Bonus and RSU eligible
• Healthcare (medical, dental, vision, prescription drugs) 
• Health Savings Account with Employer Funding 
• Flexible Spending Accounts (Healthcare and Dependent care) 
• Company-Paid Basic Life/AD&D insurance 
• Company-Paid Short-Term and Long-Term Disability 
• Voluntary Benefit Offerings (Voluntary Life/AD&D, Hospital Indemnity, Critical Illness, and Accident) 
• Employee Assistance Program 
• Business Travel Accident Insurance 
• 401(k) Savings Plan with discretionary company match and access to a financial advisor  
• Vacation, paid holidays, floating holiday and sick days   
• Employee discounts 
• Free weekly catered lunch 
• Dog-friendly office (available at select locations) 
• Free gym access (available at select locations) 
• Free swag giveaways 
• Annual Holiday Party 
• Invitations to pop-ups and other company events 
• Complimentary daily office snacks and beverages

#LI-CR1