← Back to jobs
Iherb
Iherb

Application Security Engineer

engineeringfull-timeUnited States of America - Remote / Home Office
SALARY
Not listed
WORK TYPE
remote
JOB TYPE
full-time
INDUSTRY
general
Apply for this position
✦ AutoApply Let us apply to roles like this on your behalf.
Learn more

About the role

Job Summary

The Application Security Engineer will help with our Secure Development Lifecycle assurance processes, our security automation technologies, drive the security hardening strategy across our product and respond to current and emerging security threats. This role will contribute tremendously to our Product Security team working with development teams globally to define new security capabilities, and partnering with leaders across the organization to deliver company-wide security initiatives.

Job Expectations

  • Drive cross-functional projects and establish cutting-edge security development lifecycle practices
  • Lead security design reviews and threat modeling for new and existing services at iHerb
  • Evaluate, prototype, implement, and operate security-focused tools and services
  • Develop new secure architecture standards, frameworks and patterns spanning multiple layers
  • Understand and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations
  • Evaluate, prototype, implement, and operate security tools and services (DAST, SAST, SCA...)
  • Maintain a strong knowledge of current security threats and operational best practices
  • Take part in our security assessment, penetration testing and bug bounty programs
  • Participate in security incident response

Knowledge, Skills and Abilities

Required:

  • Demonstrated technical foundation
  • Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…)
  • Proficiency implementing SDL process, technology, and automation in a DevOps environment
  • Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption
  • Excellent problem solving, critical thinking, collaboration and communication skills
  • Experience driving application security training, security champions and awareness campaigns
  • Active contributor to the security community (research, open source, publications…)

Equipment Knowledge:

  • Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...)

Experience Requirements:

Generally requires three (3) plus years of technical security experience at top-tier software companies including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies

Education Requirements:

Computer Science / Engineering degree or equivalent experience with an ability to translate technical vulnerabilities into organizational risks

✦ Let us apply for you
We find roles like this and apply on your behalf. Cover letter written for each one. Plans from $14.99/mo. Cancel anytime.
Join waitlist
Apply now