All roles

Open role

[Remote] Principal Application Security Engineer

Remote · Indonesia Full-time

Note: The job is a remote job and is open to candidates in USA. iHerb is on a mission to make health and wellness accessible to all. They are seeking a Principal Application Security Engineer to lead their Secure Development Lifecycle assurance processes and drive security initiatives across their global eCommerce services.

Responsibilities

  • Lead cross-functional projects and establish cutting-edge security development lifecycle practices
  • Directed security design reviews and threat modeling for new and existing services at iHerb
  • Evaluate, prototype, implement, and operate security-focused tools and services
  • Create new secure architecture standards, frameworks and patterns spanning multiple layers
  • Discover and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations
  • Evaluate, prototype, implement, and operate security tools and services (DAST, SAST, SCA...)
  • Maintain a strong knowledge of current security threats and operational best practices
  • Drive our security assessment, penetration testing and bug bounty programs
  • Participate in security incident response

Skills

  • Demonstrated technical foundation (Computer Science / Engineering degree or equivalent experience) with an innate ability to translate technical vulnerabilities into organizational risks
  • 8+ years of technical security leadership at a top-tier software company including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies
  • Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…)
  • Proficiency implementing SDL process, technology, and automation in a DevOps environment
  • Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption
  • Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...)
  • Excellent problem solving, critical thinking, collaboration and communication skills
  • Experience with Cloudflare security, AWS VPCs, EC2 instances and docker
  • Ability to drive good decisions through data with great attention to detail and deliver KPIs
  • Experience driving application security training, security champions and awareness campaigns
  • Active contributor to the security community (research, open source, publications…) with the ability to attract and hire great talent

Benefits

  • Employees (and their families) that meet eligibility criteria as outlined in applicable plan documents are eligible to participate in our medical, dental, vision, and basic life insurance programs and may enroll in our company’s 401(k) plan.
  • Employees will also be eligible for Time Off and Paid Sick Leave pursuant to the company’s policies.
  • Employees will enjoy paid holidays throughout the calendar year.
  • Hired applicant may be awarded Restrict Stock Units and receive annual bonuses pursuant to eligibility and performance criteria defined in the respective plan documents and policies.
  • For more information on iHerb benefits, visit us at [iHerbBenefits.com](https://www.iherbbenefits.com/).
  • Employees (and their families) that meet eligibility criteria as outlined in applicable plan documents are eligible to participate in our medical, dental, vision, and basic life insurance programs and may enroll in our company’s 401(k) plan.
  • Employees will also be eligible for Time Off and Paid Sick Leave pursuant to the company’s policies.
  • Employees will enjoy paid holidays throughout the calendar year.

Company Overview

  • iHerb is on a mission to make health and wellness accessible to all. It was founded in 1996, and is headquartered in Irvine, California, USA, with a workforce of 1001-5000 employees. Its website is http://www.iherb.com.
  • More open positions

    [Remote] Business Development Representative

    Work from home Full-time role

    [Remote] Consultant/Senior Consultant - Market Access Reimbursement, Contracting & Analytics

    Work from home Full-time role

    [Remote] Director, Data Center Passive Materials NPI

    Work from home Full-time role

    [Remote] Site Reliability Engineer

    Work from home Full-time role

    [Remote] Customer Success Manager

    Work from home Full-time role

    Director, Sales (State & Local)

    Work from home Full-time role

    Experienced Data Entry Specialist – Content Metadata Management for careerzynith's Global Streaming Platform

    Work from home Full-time role

    Remote Customer Support Representative - careerzynith

    Work from home Full-time role

    Remote Dental Billing Specialist (Greenfield Program)

    Work from home Full-time role

    [Remote] Inside Sales Representative, Service

    Work from home Full-time role

    D365 - Architect

    Work from home Full-time role

    Contact Center Specialist

    Work from home Full-time role

    [Remote] Full Stack Software Engineer

    Work from home Full-time role

    Virtual Event Planner - Remote Job

    Work from home Full-time role

    [Remote] GCP Data Engineer

    Work from home Full-time role

    Fully Remote NY/NJ/CT only- Care Coordinator –Chinese/Cantonese/Fuzhounese-Speaking

    Work from home Full-time role

    Voice Talent - Uk English

    Work from home Full-time role

    Experienced Remote Healthcare Customer Service Representative – Patient Support & Inquiry Resolution Specialist

    Work from home Full-time role

    Agent, Inbound Sales - Pet

    Work from home Full-time role

    Senior Customer Success Manager – Enterprise SaaS & Master Data Management Solutions (Remote US / Hybrid Atlanta, GA)

    Work from home Full-time role

    QA Lead - Release and Automation

    Work from home Full-time role