iHerb Logo

iHerb

Principal Application Security Engineer

Reposted 9 Days Ago
Remote
Hiring Remotely in United States
177K-225K Annually
Senior level
Remote
Hiring Remotely in United States
177K-225K Annually
Senior level
Lead security initiatives by establishing secure development practices, conducting security reviews, as well as managing threat modeling and security assessments.
The summary above was generated by AI

Summary:

Are you passionate about securing global-scale ecommerce services and applications that power millions of customers across over a hundred countries around the globe? We are looking for a hands-on Principal Product Security Engineer to lead our Secure Development Lifecycle assurance processes, our security automation technologies, drive the security hardening strategy across our product and respond to current and emerging security threats. This role can be fully remote and must reside in US.

In this role, you will help us drive our Product Security strategy working with development teams globally to define new security capabilities, grow the team by hiring the best talent, and partner with senior leaders across the organization to deliver company-wide security initiatives. 

Responsibilities Include::

  • Lead cross-functional projects and establish cutting-edge security development lifecycle practices

  • Directed security design reviews and threat modeling for new and existing services at iHerb

  • Evaluate, prototype, implement, and operate security-focused tools and services

  • Create new secure architecture standards, frameworks and patterns spanning multiple layers

  • Discover and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations

  • Evaluate, prototype, implement, and operate security tools and services (DAST, SAST, SCA...)

  • Maintain a strong knowledge of current security threats and operational best practices

  • Drive our security assessment, penetration testing and bug bounty programs

  • Participate in security incident response

In order to be successful in this role you must have: 

  • Demonstrated technical foundation (Computer Science / Engineering degree or equivalent experience) with an innate ability to translate technical vulnerabilities into organizational risks

  • 8+ years of technical security leadership at a top-tier software company including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies

  • Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…)

  • Proficiency implementing SDL process, technology, and automation in a DevOps environment

  • Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption

  • Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...)

  • Excellent problem solving, critical thinking, collaboration and communication skills

Bonus Qualifications:

  • Experience with Cloudflare security, AWS VPCs, EC2 instances and docker

  • Ability to drive good decisions through data with great attention to detail and deliver KPIs 

  • Experience driving application security training, security champions and awareness campaigns

  • Active contributor to the security community (research, open source, publications…) with the ability to attract and hire great talent

#LI-JC1

The anticipated pay scale for this position can be found below, however the pay range applicable to you may vary by geographic location based on where the job is located or where you work.  The final pay offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and years of experience within the job, the type of years and experience within the industry, education, etc.  iHerb, LLC is a multi-state employer and this pay scale may not reflect positions that work in other states or locations.
Employees (and their families) that meet eligibility criteria as outlined in applicable plan documents are eligible to participate in our medical, dental, vision, and basic life insurance programs and may enroll in our company’s 401(k) plan. Employees will also be eligible for Time Off and Paid Sick Leave pursuant to the company’s policies. Employees will enjoy paid holidays throughout the calendar year.  Eligibility requirements for these benefits will be controlled by applicable plan documents.
Hired applicant may be awarded Restrict Stock Units and receive annual bonuses pursuant to eligibility and performance criteria defined in the respective plan documents and policies.
 
For more information on iHerb benefits, visit us at iHerbBenefits.com.
Anticipated Pay Scale:
$177,000$225,000 USD

Staffing Agency Submission Notice
iHerb does not accept unsolicited 3rd party ("Agency") candidates. If you are an Agency, please send any requests to be considered as a supplier in our Vendor Management System to [email protected]. Do not contact iHerb employees directly. If requested to work on a role, any Agency candidates would be presented through the internal recruiting organization.

About iHerb
iHerb is on a mission to make health and wellness accessible to all. We offer Earth’s best-curated selection of health and wellness products, at the best possible value, delivered with the most convenient experience.
We’re the world’s largest eCommerce platform dedicated to vitamins, minerals, and supplements, and other health and wellness products. For more than 25 years, we’ve been making it simple for people all over the world to purchase the highest quality products. From supplements to skincare to grocery items, we ship over 50,000 products, from over 1,800 brands direct to our customers in 180+ countries.
Our vision is to become the #1 destination for health and wellness across the world.
With a passion for wellness and a mind for innovative solutions, iHerb team members share a vision for a healthier world that drives them each day. Our 5 Shared Values unite our global team:

Focus on the Customer · Empower Our People · Be Entrepreneurial & Pivot Quickly ·
Embrace Diversity & Inclusion · Strive for Simplicity

iHerb Benefits
At iHerb, we are dedicated to offering programs designed to help our employees and their families stay healthy, live well, and plan for their financial future. Built on a strong foundation, our programs provide options and upgrades with flexibility, protection, and security in mind. For the comprehensive benefits list, visit www.iHerbBenefits.com. For our international team members, you may be eligible for benefits depending on the country where you are employed. The Talent Acquisition Partner/local HR representative will go over the benefits you are eligible for. 

iHerb is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. iHerb provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment.

Similar Jobs

8 Minutes Ago
Easy Apply
Remote
United States
Easy Apply
225K-282K Annually
Senior level
225K-282K Annually
Senior level
Artificial Intelligence • Enterprise Web • Information Technology • Productivity • Sales • Software • Database
Lead and grow a remote Security Detection & Response team, build detection engineering and observability systems, drive telemetry onboarding, Panther and MITRE-aligned detections, Python automation, CI/CD workflows, and AI-assisted triage. Own incident response, investigations, cross-functional collaboration, and measurement of detection effectiveness.
Top Skills: AIAtlassianCi/CdCloudflareCrowdstrikeGCPGitGitGoogle WorkspaceKandjiMitre Att&CkOktaPantherPythonSIEMSlackSnowflake
16 Minutes Ago
Remote or Hybrid
United States
Expert/Leader
Expert/Leader
Fintech • Legal Tech • Software • Financial Services • Cybersecurity • Data Privacy
Lead and manage the ServiceNow CMDB and ITOM programs to ensure a single source of truth for assets and services. Oversee CMDB design, data quality, CSDM alignment, Discovery and Service Mapping, ITOM roadmap, reporting, governance, and stakeholder engagement. Manage cross-functional teams, enforce code standards, and drive continuous improvement to meet business and operational needs.
Top Skills: CmdbCsdmDiscoveryEvent ManagementItilItsmOperational IntelligenceOrchestrationService MappingServicenowServicenow AutomationServicenow IntegrationsServicenow ItomServicenow WorkflowsSpm
17 Minutes Ago
Easy Apply
Remote
United States of America
Easy Apply
66K-110K Annually
Junior
66K-110K Annually
Junior
Information Technology • Cybersecurity
Manage post-sale account relationships with channel partners and customers to drive ARR growth via cross-sell, expansion, and high renewal rates. Serve as trusted advisor, maintain partner satisfaction, execute engagement processes, and meet quota metrics for expansion and retention.
Top Skills: Salesforce

What you need to know about the San Francisco Tech Scene

San Francisco and the surrounding Bay Area attracts more startup funding than any other region in the world. Home to Stanford University and UC Berkeley, leading VC firms and several of the world’s most valuable companies, the Bay Area is the place to go for anyone looking to make it big in the tech industry. That said, San Francisco has a lot to offer beyond technology thanks to a thriving art and music scene, excellent food and a short drive to several of the country’s most beautiful recreational areas.

Key Facts About San Francisco Tech

  • Number of Tech Workers: 365,500; 13.9% of overall workforce (2024 CompTIA survey)
  • Major Tech Employers: Google, Apple, Salesforce, Meta
  • Key Industries: Artificial intelligence, cloud computing, fintech, consumer technology, software
  • Funding Landscape: $50.5 billion in venture capital funding in 2024 (Pitchbook)
  • Notable Investors: Sequoia Capital, Andreessen Horowitz, Bessemer Venture Partners, Greylock Partners, Khosla Ventures, Kleiner Perkins
  • Research Centers and Universities: Stanford University; University of California, Berkeley; University of San Francisco; Santa Clara University; Ames Research Center; Center for AI Safety; California Institute for Regenerative Medicine

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account