Application Security Engineer

Role Overview

• Drive cross-functional projects and establish cutting-edge security development lifecycle practices
• Lead security design reviews and threat modeling for new and existing services at iHerb
• Evaluate, prototype, implement, and operate security-focused tools and services
• Develop new secure architecture standards, frameworks and patterns spanning multiple layers
• Understand and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations
• Maintain a strong knowledge of current security threats and operational best practices
• Take part in our security assessment, penetration testing and bug bounty programs
• Participate in security incident response

Requirements

• Demonstrated technical foundation
• Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…)
• Proficiency implementing SDL process, technology, and automation in a DevOps environment
• Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption
• Excellent problem solving, critical thinking, collaboration and communication skills
• Experience driving application security training, security champions and awareness campaigns
• Active contributor to the security community (research, open source, publications…)
• Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...)

Tech Stack

• Java
• JavaScript
• Microservices
• Node.js
• Open Source
• Python
• .NET

Benefits

• Employees (and their families) that meet eligibility criteria as outlined in applicable plan documents are eligible to participate in our medical, dental, vision, and basic life insurance programs.
• Employees may enroll in our company’s 401(k) plan.
• Employees will also be eligible for Time Off and Paid Sick Leave pursuant to the company’s policies.
• Employees will enjoy paid holidays throughout the calendar year.
• Hired applicant may be awarded Restrict Stock Units and receive annual bonuses pursuant to eligibility and performance criteria defined in the respective plan documents and policies.