Principal Application Security Engineer
$177k - $225kiHerb, LLC
For A Better You At iHerb, we believe that living a healthy and balanced life should be easy and accessible to everyone. As a team member, we’ll empower you to live this promise each day as you make a truly global impact in your career. We constantly strive for innovation, while transforming and improving the online shopping experience for our customers. We believe that individually we are incredible, but when we come together, our growth is infinite. In an industry that is constantly evolving, we are on a mission to make an impact on the global market, and the individual and collaborative efforts of our people are paramount to helping us succeed. Whether you work in one of our logistics centers, technology hubs, corporate offices or even from home, your role at iHerb will take you beyond what’s expected, turning challenge into change. If you're ready for it, we want you to join our team. Get started now. Are you passionate about securing global-scale ecommerce services and applications that power millions of customers across over a hundred countries around the globe? We are looking for a hands-on Principal Product Security Engineer to lead our Secure Development Lifecycle assurance processes, our security automation technologies, drive the security hardening strategy across our product and respond to current and emerging security threats. This role can be fully remote and must reside in US. In this role, you will help us drive our Product Security strategy working with development teams globally to define new security capabilities, grow the team by hiring the best talent, and partner with senior leaders across the organization to deliver company-wide security initiatives. Responsibilities Include:: Lead cross-functional projects and establish cutting-edge security development lifecycle practices Directed security design reviews and threat modeling for new and existing services at iHerb Evaluate, prototype, implement, and operate security-focused tools and services Create new secure architecture standards, frameworks and patterns spanning multiple layers Discover and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations Evaluate, prototype, implement, and operate security tools and services (DAST, SAST, SCA...) Maintain a strong knowledge of current security threats and operational best practices Drive our security assessment, penetration testing and bug bounty programs Participate in security incident response In order to be successful in this role you must have: Demonstrated technical foundation (Computer Science / Engineering degree or equivalent experience) with an innate ability to translate technical vulnerabilities into organizational risks 8+ years of technical security leadership at a top-tier software company including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…) Proficiency implementing SDL process, technology, and automation in a DevOps environment Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...) Excellent problem solving, critical thinking, collaboration and communication skills Bonus Qualifications: Experience with Cloudflare security, AWS VPCs, EC2 instances and docker Ability to drive good decisions through data with great attention to detail and deliver KPIs Experience driving application security training, security champions and awareness campaigns Active contributor to the security community (research, open source, publications…) with the ability to attract and hire great talent #LI-JC1 Compensation: The expected salary range for this role is $177,000.00 - $225,000.00 USD. The actual base pay offered will be determined by factors such as the candidate's relevant experience, education, geographic location, and internal equity. If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us! Staffing Agency Submission Notice iHerb does not accept unsolicited 3rd party ("Agency") candidates. If you are an Agency, please send any requests to be considered as a supplier in our Vendor Management System to View email address on click.appcast.io. Do not contact iHerb employees directly. If requested to work on a role, any Agency candidates would be presented through the internal recruiting organization. iHerb is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. iHerb provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment. At iHerb, we believe that living a healthy and balanced life should be easy and accessible to everyone. As a team member, we’ll empower you to live this promise each day as you make a truly global impact in your career. iHerb is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. iHerb provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment.
$163.63k - $211.75k
...dynamic work environment in one of Chicago's most iconic areas. Role Overview Cboe’s Cybersecurity team is seeking a Principal Application Security Engineer to provide senior technical leadership and end-to-end ownership for embedding pragmatic, scalable security across...PrincipalFull timeWork at office$92.3k - $138.5k
...Job Description Summary L'ingénieur principal des applications est un leader établi au sein de son équipe d'ingénierie respective. Ils guideront... ...********************************** The Lead Application Engineer is an established leader in their respective engineering...PrincipalContract workFor subcontractorRemote workRelocation package- ...professionals for this role. Role Summary This role focuses on engineering and operational support for API integration across multiple analytical and record-keeping solutions in support of Application Security Key Responsibilities Integrate multiple SaaS solutions...SuggestedWork experience placement
- ...professionals for this role. Provides expert level technical support designing, implementing, and maintaining data center networks and security infrastructure. Identifies, resolves, or escalates hardware or software issues. Core Responsibilities Plans and implements...SuggestedWork experience placement
- ...Advanced Technology Search is seeking a Principal OptoElectronics Applications Engineer in Boston. The candidate will engage with optical customers to assist in the integration of laser diodes and photodetectors. Responsibilities include validating lasers and photodetectors...PrincipalRemote work
$110k - $130k
...A leading logistics company in South Carolina is seeking an experienced Application Security Engineer to enhance its security team. The ideal candidate should have extensive experience with application security, strong communication skills, and a solid understanding of...$100k - $150k
...Senior Application Security Engineer HYPERLUME San Jose, CA, USA USD 100k-150k / year Posted on Jun 30, 2026 Credo is seeking a Senior Application Security Engineer to advance our Secure SDLC, mitigate application risks, and partner with software, firmware, and engineering...$110k - $130k
...A logistics services company located in Boston is seeking an experienced Application Security Engineer to enhance security across its applications. The ideal candidate will possess a strong technical background in software development, secure coding, and vulnerability...$184k - $276k
...Senior Staff Engineer – 16949 Location: Sunnyvale, California Base Salary Range: $184,000 – $276,000 Descriptions & Requirements Job... ...customer needs Keeping up with the latest industry specs and applications in hot markets so your advice is always current Traveling occasionally...Principal- ...A leading logistics and transportation services company in Atlanta is looking for a highly motivated Application Security Engineer to bolster their security team. This role involves conducting security assessments, collaborating with development teams, and ensuring security...
$110k - $130k
...Ryder System, Inc. is seeking a motivated Application Security Engineer to join the security team in Salt Lake City, Utah. This position demands a strong technical background in software security and privacy, as the engineer will oversee the secure development lifecycle...$110k - $130k
...A leading logistics company is looking for an Application Security Engineer to join their security team in Raleigh, North Carolina. The ideal candidate will ensure the security of applications and data throughout the software development lifecycle, conducting assessments...$110k - $130k
...Ryder System, Inc. seeks a highly motivated and experienced Application Security Engineer in Springfield, Illinois. This technical role ensures security best practices in software development, managing vulnerabilities, and collaborating with development teams. With a salary...- ...The Sr. Application Security Engineer - Application Security Champion (ASC) Program is responsible for expanding and enabling the Application Security Champions (ASC) Community of Practice (CoP) across decentralized teams. This role focuses on embedding application security...Work at office
- ...Senior Application Security Engineer This role has been designed as ‘Hybrid’ with an expectation that you will work on average 2 days per week from an HPE office. Key Responsibilities Integrate security practices throughout the SDLC in partnership with engineering and...Work at office2 days per week
- ...About the role We're looking for a Senior Application Security Engineer to help keep Tangem's products secure. You'll focus on finding security issues in our web applications, backend services, and APIs before attackers do. You'll work closely with developers, review new...Remote work
- ...providing critical information about the right treatments for the right patients, at the right time. Tempus is seeking a Senior Application Security Engineer with deep expertise in penetration testing to lead efforts in identifying and remediating vulnerabilities across web,...
- ...methodology.This is a great opportunity to work in an international team, apply and learn modern IT technologies Responsibilities Application Security with strong AI/ML security exposureThreat modeling and risk assessment for AI systems, APIs, and cloud-native...
- ...As a Senior Security Engineer on the AppSec Foundations team, you will be instrumental in making secure behavior the default across the the... ...on turning findings into systemic improvements Leverage application telemetry (logs, traces, metrics) to assess security posture...
$160k - $220k
...all–driving incredible value for our customers. Join us! The Security team at Zip is responsible for protecting the confidentiality and integrity of our customers’ data. As our first Application Security Engineer, you will take on a dynamic and high impact role. You will...Home officeFlexible hours- ...within a Vulnerability Management Program that understands Application Security with 5-7 years of security experience. Experience with any... ...Secure code review experience using automated toolsets Software Engineering career experience Following Certifications: CISSP, CEH,...
$5,250 per month
...innovative technology-driven B2B payments organization seeking a curious, inquisitive, highly skilled and motivated Senior Application Security Engineer to join our team. Our company values collaboration, creativity, and excellence in delivering cutting-edge solutions to...16 hoursTemporary workLocal area- ...As a member of the Application Security team, you will help prevent and mitigate vulnerabilities by collaborating with the rest of the organization... ..., Git and similar. Responsibilities Manage the end-to-end engineering and integration of AI/ML-driven security solutions into our...Full timeTemporary workFlexible hours
- ...against complex threats. Our platform protects email, data, applications, and networks with innovative solutions, and a managed XDR... ...disability. Envision yourself at Barracuda As a Senior Application Security Engineer, you’ll help shape the future of our AppSec program. You’ll...WorldwideFlexible hours
$102.94k - $171.57k
...for capturing and refining information security requirements and ensures their integration... ...in the areas of secure coding, application authentication, encryption, and quickly... ...Responsibilities: Develop and implement engineering’s technical security policies and procedures...Work experience placementWorldwide- ...and catch regressions — turning production data into better AI with every release. About the role We're looking for an Application Security Engineer who lives in the code. Braintrust is a real-time, high-availability data platform that runs in both SaaS and self-hosted...Flexible hours
- ...meet their most challenging missions. We're looking for someone like you to help support national security. Whether modernizing legacy computing platforms and applications or creating new ones from scratch, you'll have the latest tech and brightest teammates at your fingertips...Work at office
$120k - $170k
10873 - Application Security Engineer II - Cyber Defense Cyber Defense, Application Security Engineer II Location – Irvine, CA Company Overview Hyundai AutoEver America (HAEA), the dynamic IT powerhouse behind Hyundai Motor Corporation, a Fortune 500 global leader in the...Local area- ...Requirements Have 4+ years in application security or software security engineering Actually write production code — findings reports are the floor, not the ceiling Know auth cold: OAuth 2.0, OIDC, SAML, session management, token lifecycle Are comfortable in AWS and containerized...
- ...The Application Security Engineer (ASE) is responsible for promoting, designing, and evaluating application security in all phases of the application life cycle. The ASE shall ensure that appropriate and effective security techniques and solutions are identified, implemented...Contract work
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Principal Application Security Engineer. Be the first to apply!
- principal safety engineer United States
- associate director engineering United States
- principal cloud engineer United States
- assistant chief engineer United States
- optical engineer project manager United States
- principal security engineer United States
- director of process engineering United States
- director of product engineering United States
- principal developer United States
- chief building engineer United States



