Product Security Engineer

Summary

Join iHerb's Product Security team as a Product Security Engineer and contribute to our Secure Development Lifecycle assurance processes, security automation technologies, and security hardening strategy. You will work with development teams globally to define new security capabilities and partner with organizational leaders on company-wide security initiatives. This role involves driving cross-functional projects, leading security design reviews, implementing security tools, developing secure architecture standards, and analyzing emerging security threats. The ideal candidate possesses a strong technical foundation, experience with application and infrastructure security, and proficiency in implementing SDL processes in a DevOps environment. iHerb offers a competitive salary and benefits package, including health insurance, retirement benefits, paid time off, and more.

Requirements

• Demonstrated technical foundation
• Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…)
• Proficiency implementing SDL process, technology, and automation in a DevOps environment
• Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption
• Excellent problem solving, critical thinking, collaboration and communication skills
• Experience driving application security training, security champions and awareness campaigns
• Active contributor to the security community (research, open source, publications…)
• Knowledge of major programming languages and frameworks (e.g. Python, C#, .NET, JavaScript, node.js, Java…)
• Generally requires three (3) plus years of technical security experience at top-tier software companies including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies
• Computer Science / Engineering degree or equivalent experience with an ability to translate technical vulnerabilities into organizational risks
• Able to identify, troubleshoot and resolve problems quickly using sound judgment, poise and diplomacy. Ability to use judgment and reasoning skills, and determine when to escalate issues, as required, in a timely manner

Responsibilities

• Drive cross-functional projects and establish cutting-edge security development lifecycle practices
• Lead security design reviews and threat modeling for new and existing services at iHerb
• Evaluate, prototype, implement, and operate security-focused tools and services
• Develop new secure architecture standards, frameworks and patterns spanning multiple layers
• Understand and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations
• Evaluate, prototype, implement, and operate security tools and services (DAST, SAST, SCA...)
• Maintain a strong knowledge of current security threats and operational best practices
• Take part in our security assessment, penetration testing and bug bounty programs
• Participate in security incident response

Benefits

• Medical, dental, vision, and basic life insurance programs
• Company’s 401(k) plan
• Time Off and Paid Sick Leave
• Paid holidays
• Restrict Stock Units
• Annual bonuses