Application Security Engineer

🕒 April 1

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

iHerb, LLC

WebsiteLinkedInAll Job Openings

1001 - 5000 employees

Founded 1996

🛍️ eCommerce

🧘 Wellness

🛒 Retail

eCommerce • Wellness • Retail

iHerb, LLC is an e-commerce platform that specializes in health and wellness products. The company offers a wide range of products including vitamins, supplements, herbs, sports nutrition, beauty products, grocery items, and more. iHerb is committed to providing high-quality products sourced directly from manufacturers or authorized distributors. The platform is known for its competitive pricing, extensive product reviews, prompt delivery services, and a strong emphasis on customer satisfaction. iHerb serves an international customer base, offering shipping to numerous countries worldwide.

📋 Description

• Drive cross-functional projects and establish cutting-edge security development lifecycle practices • Lead security design reviews and threat modeling for new and existing services at iHerb • Evaluate, prototype, implement, and operate security-focused tools and services • Develop new secure architecture standards, frameworks and patterns spanning multiple layers • Understand and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations • Maintain a strong knowledge of current security threats and operational best practices • Take part in our security assessment, penetration testing and bug bounty programs • Participate in security incident response

🎯 Requirements

• Demonstrated technical foundation • Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…) • Proficiency implementing SDL process, technology, and automation in a DevOps environment • Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption • Excellent problem solving, critical thinking, collaboration and communication skills • Experience driving application security training, security champions and awareness campaigns • Active contributor to the security community (research, open source, publications…) • Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...)

🏖️ Benefits

• Employees (and their families) that meet eligibility criteria as outlined in applicable plan documents are eligible to participate in our medical, dental, vision, and basic life insurance programs. • Employees may enroll in our company’s 401(k) plan. • Employees will also be eligible for Time Off and Paid Sick Leave pursuant to the company’s policies. • Employees will enjoy paid holidays throughout the calendar year. • Hired applicant may be awarded Restrict Stock Units and receive annual bonuses pursuant to eligibility and performance criteria defined in the respective plan documents and policies.