Application Security Engineer

Job Summary: 

The Application Security Engineer will help with our Secure Development Lifecycle assurance processes, our security automation technologies, drive the security hardening strategy across our product and respond to current and emerging security threats. This role will contribute tremendously to our Product Security team working with development teams globally to define new security capabilities, and partnering with leaders across the organization to deliver company-wide security initiatives. 

Job Expectations:

• Drive cross-functional projects and establish cutting-edge security development lifecycle practices

• Lead security design reviews and threat modeling for new and existing services at iHerb

• Evaluate, prototype, implement, and operate security-focused tools and services

• Develop new secure architecture standards, frameworks and patterns spanning multiple layers

• Understand and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations

• Evaluate, prototype, implement, and operate security tools and services (DAST, SAST, SCA...)

• Maintain a strong knowledge of current security threats and operational best practices

• Take part in our security assessment, penetration testing and bug bounty programs

• Participate in security incident response

The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job. Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.

Knowledge, Skills and Abilities:

Required:

• Demonstrated technical foundation

• Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…)

• Proficiency implementing SDL process, technology, and automation in a DevOps environment

• Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption

• Excellent problem solving, critical thinking, collaboration and communication skills

• Experience driving application security training, security champions and awareness campaigns

• Active contributor to the security community (research, open source, publications…) 

Equipment Knowledge:

• Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...)

Experience Requirements:

Generally requires three (3) plus years of technical security experience at top-tier software companies including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies

Education Requirements: 

Computer Science / Engineering degree or equivalent experience with an ability to translate technical vulnerabilities into organizational risks

Judgment/Reasoning Ability: Able to identify, troubleshoot and resolve problems quickly using sound judgment, poise and diplomacy. Ability to use judgment and reasoning skills, and determine when to escalate issues, as required, in a timely manner.

Physical Demands:  The physical demands described here are representative of those that must be met by a Team Member to successfully perform the essential functions of this job. While performing the duties of this job, the Team Member is regularly required to talk and hear. The Team Member is frequently required to sit, walk, climb stairs, use hands and fingers, bend, stoop and reach with hands and arms. Reaching above shoulder heights, below the waist or lifting as required to file documents or store materials throughout the work day. The Team Member may occasionally lift or move office products and supplies up to 25 pounds. Proper lifting techniques required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Work Environment: The noise in the work environment is usually moderate. Other factors are:

• Hectic, fast-paced with multi-level distractions

• Professional, yet casual work environment

• Office / Warehouse environment

• Ability to work extended hours as required

#LI-JC1 #LI-REMOTE

The anticipated pay scale for this position can be found below, however the pay range applicable to you may vary by geographic location based on where the job is located or where you work. The final pay offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and years of experience within the job, the type of years and experience within the industry, education, etc. iHerb, LLC is a multi-state employer and this pay scale may not reflect positions that work in other states or locations. Employees (and their families) that meet eligibility criteria as outlined in applicable plan documents are eligible to participate in our medical, dental, vision, and basic life insurance programs and may enroll in our company’s 401(k) plan. Employees will also be eligible for Time Off and Paid Sick Leave pursuant to the company’s policies. Employees will enjoy paid holidays throughout the calendar year. Eligibility requirements for these benefits will be controlled by applicable plan documents. Hired applicant may be awarded Restrict Stock Units and receive annual bonuses pursuant to eligibility and performance criteria defined in the respective plan documents and policies. For more information on iHerb benefits, visit us at  iHerbBenefits.com .

Anticipated Pay Scale:

$100,000—$140,000 USD

Staffing Agency Submission Notice iHerb does not accept unsolicited 3rd party ('Agency') candidates. If you are an Agency, please send any requests to be considered as a supplier in our Vendor Management System to  View email address on codingjobboard.com . Do not contact iHerb employees directly. If requested to work on a role, any Agency candidates would be presented through the internal recruiting organization.

About iHerb  iHerb is on a mission to make health and wellness accessible to all. We offer Earth’s best-curated selection of health and wellness products, at the best possible value, delivered with the most convenient experience. We’re the world’s largest eCommerce platform dedicated to vitamins, minerals, and supplements, and other health and wellness products. For more than 25 years, we’ve been making it simple for people all over the world to purchase the highest quality products. From supplements to skincare to grocery items, we ship over 50,000 products, from over 1,800 brands direct to our customers in 180+ countries. Our vision is to become the #1 destination for health and wellness across the world. With a passion for wellness and a mind for innovative solutions, iHerb team members share a vision for a healthier world that drives them each day. Our 5 Shared Values unite our global team:

Focus on the Customer · Empower Our People · Be Entrepreneurial & Pivot Quickly · Embrace Diversity & Inclusion · Strive for Simplicity

iHerb Benefits  At iHerb, we are dedicated to offering programs designed to help our employees and their families stay healthy, live well, and plan for their financial future. Built on a strong foundation, our programs provide options and upgrades with flexibility, protection, and security in mind. For the comprehensive benefits list, visit  . For our international team members, you may be eligible for benefits depending on the country where you are employed. The Talent Acquisition Partner/local HR representative will go over the benefits you are eligible for. 

iHerb is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. iHerb provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment.