Back to Jobs
United States of America - Remote / Home Office Remote (Country) Employment $177,000 - $225,000 USD

iHerb is hiring a Principal Application Security Engineer

Responsibilities

  • Lead cross-functional projects and establish cutting-edge security development lifecycle practices
  • Directed security design reviews and threat modeling for new and existing services at iHerb
  • Evaluate, prototype, implement, and operate security-focused tools and services
  • Create new secure architecture standards, frameworks and patterns spanning multiple layers
  • Discover and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations
  • Evaluate, prototype, implement, and operate security tools and services (DAST, SAST, SCA...)
  • Maintain a strong knowledge of current security threats and operational best practices
  • Drive our security assessment, penetration testing and bug bounty programs
  • Participate in security incident response

Requirements

  • Demonstrated technical foundation (Computer Science / Engineering degree or equivalent experience) with an innate ability to translate technical vulnerabilities into organizational risks
  • 8+ years of technical security leadership at a top-tier software company including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies
  • Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…)
  • Proficiency implementing SDL process, technology, and automation in a DevOps environment
  • Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption
  • Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...)
  • Excellent problem solving, critical thinking, collaboration and communication skills

Nice to Have

  • Experience with Cloudflare security, AWS VPCs, EC2 instances and docker
  • Ability to drive good decisions through data with great attention to detail and deliver KPIs
  • Experience driving application security training, security champions and awareness campaigns
  • Active contributor to the security community (research, open source, publications…) with the ability to attract and hire great talent

Additional Information

  • This role can be fully remote and must reside in US.
Required Skills
CryptographyDocker
About company
iHerb
iHerb is on a mission to make health and wellness accessible to all. We offer Earth’s best-curated selection of health and wellness products, at the best possible value, delivered with the most convenient experience. We’re the world’s largest eCommerce platform dedicated to vitamins, minerals, and supplements, and other health and wellness products. For more than 25 years, we’ve been making it simple for people all over the world to purchase the highest quality products. From supplements to skincare to grocery items, we ship over 50,000 products, from over 1,800 brands direct to our customers in 180+ countries. Our vision is to become the #1 destination for health and wellness across the world. With a passion for wellness and a mind for innovative solutions, iHerb team members share a vision for a healthier world that drives them each day. Our 5 Shared Values unite our global team: Focus on the Customer · Empower Our People · Be Entrepreneurial & Pivot Quickly · Embrace Diversity & Inclusion · Strive for Simplicity
All jobs at iHerb Visit website
Job Details
Category security
Posted 17 days ago