iHerb, LLCRemote
Principal Application Security Engineer
United States
Full Time
11 hours ago
$177,000 - $225,000 USD
No Visa Sponsorship
Key skills
CloudJavaJavaScriptMicroservicesNode.jsPython.NETC#CLeadershipCommunicationCritical ThinkingProblem SolvingCollaborationOWASPPenetration Testing
About this role
Role Overview
- Lead cross-functional projects and establish cutting-edge security development lifecycle practices
- Directed security design reviews and threat modeling for new and existing services at iHerb
- Evaluate, prototype, implement, and operate security-focused tools and services
- Create new secure architecture standards, frameworks and patterns spanning multiple layers
- Discover and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations
- Evaluate, prototype, implement, and operate security tools and services (DAST, SAST, SCA...)
- Maintain a strong knowledge of current security threats and operational best practices
- Drive our security assessment, penetration testing and bug bounty programs
- Participate in security incident response
Requirements
- Demonstrated technical foundation (Computer Science / Engineering degree or equivalent experience) with an innate ability to translate technical vulnerabilities into organizational risks
- 8+ years of technical security leadership at a top-tier software company including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies
- Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…)
- Proficiency implementing SDL process, technology, and automation in a DevOps environment
- Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption
- Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...)
- Excellent problem solving, critical thinking, collaboration and communication skills
Tech Stack
- Cloud
- Java
- JavaScript
- Microservices
- Node.js
- Python
- .NET
Benefits
- Employees (and their families) that meet eligibility criteria as outlined in applicable plan documents are eligible to participate in our medical, dental, vision, and basic life insurance programs
- Employees may enroll in our company’s 401(k) plan
- Employees will be eligible for Time Off and Paid Sick Leave pursuant to the company’s policies
- Employees will enjoy paid holidays throughout the calendar year
- Hired applicant may be awarded Restrict Stock Units and receive annual bonuses pursuant to eligibility and performance criteria defined in the respective plan documents and policies