Product Security Engineer (Remote)

iHerb

4h•Remote

About The Position

The Product Security Engineer will help with our Secure Development Lifecycle assurance processes, our security automation technologies, drive the security hardening strategy across our product and respond to current and emerging security threats. This role will contribute tremendously to our Product Security team working with development teams globally to define new security capabilities, and partnering with leaders across the organization to deliver company-wide security initiatives. The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job. Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.

Requirements

Demonstrated technical foundation
Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…)
Proficiency implementing SDL process, technology, and automation in a DevOps environment
Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption
Excellent problem solving, critical thinking, collaboration and communication skills
Experience driving application security training, security champions and awareness campaigns
Active contributor to the security community (research, open source, publications…)
Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...)
Generally requires three (3) plus years of technical security experience at top-tier software companies including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies
Computer Science / Engineering degree or equivalent experience with an ability to translate technical vulnerabilities into organizational risks
Able to identify, troubleshoot and resolve problems quickly using sound judgment, poise and diplomacy. Ability to use judgment and reasoning skills, and determine when to escalate issues, as required, in a timely manner.

Responsibilities

Drive cross-functional projects and establish cutting-edge security development lifecycle practices
Lead security design reviews and threat modeling for new and existing services at iHerb
Evaluate, prototype, implement, and operate security-focused tools and services
Develop new secure architecture standards, frameworks and patterns spanning multiple layers
Understand and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations
Evaluate, prototype, implement, and operate security tools and services (DAST, SAST, SCA...)
Maintain a strong knowledge of current security threats and operational best practices
Take part in our security assessment, penetration testing and bug bounty programs
Participate in security incident response

Benefits

Employees (and their families) that meet eligibility criteria as outlined in applicable plan documents are eligible to participate in our medical, dental, vision, and basic life insurance programs and may enroll in our company’s 401(k) plan.
Employees will also be eligible for Time Off and Paid Sick Leave pursuant to the company’s policies.
Employees will enjoy paid holidays throughout the calendar year.
Eligibility requirements for these benefits will be controlled by applicable plan documents.
Hired applicant may be awarded Restrict Stock Units and receive annual bonuses pursuant to eligibility and performance criteria defined in the respective plan documents and policies.

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume