Remote Product Security Engineer

Description:

• The Product Security Engineer will assist with Secure Development Lifecycle assurance processes and security automation technologies.
• This role will drive the security hardening strategy across the product and respond to current and emerging security threats.
• The engineer will contribute significantly to the Product Security team by collaborating with development teams globally to define new security capabilities.
• The position involves partnering with leaders across the organization to deliver company-wide security initiatives.
• Responsibilities include driving cross-functional projects and establishing cutting-edge security development lifecycle practices.
• The engineer will lead security design reviews and threat modeling for new and existing services at iHerb.
• They will evaluate, prototype, implement, and operate security-focused tools and services.
• The role requires developing new secure architecture standards, frameworks, and patterns spanning multiple layers.
• The engineer must understand and analyze emerging security threats, determining their applicability to iHerb and proactively implementing centralized mitigations.
• Participation in security assessments, penetration testing, and bug bounty programs is expected.
• The engineer will also take part in security incident response.

Requirements:

• A demonstrated technical foundation is required for this position.
• Candidates must have a solid understanding of common application and infrastructure security vulnerabilities and mitigations, such as OWASP Top 10 and CWE 25.
• Proficiency in implementing SDL processes, technology, and automation in a DevOps environment is necessary.
• Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection, and encryption, is required.
• Excellent problem-solving, critical thinking, collaboration, and communication skills are essential.
• Experience in driving application security training, security champions, and awareness campaigns is needed.
• Active contribution to the security community through research, open source, or publications is required.
• Knowledge of major programming languages and frameworks, such as Python, C# .NET, JavaScript, node.js, and Java, is necessary.
• Generally, three or more years of technical security experience at top-tier software companies is required, including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies.
• A Computer Science or Engineering degree or equivalent experience is required, with the ability to translate technical vulnerabilities into organizational risks.
• The candidate must possess sound judgment and reasoning skills to identify, troubleshoot, and resolve problems quickly.

Benefits:

• Employees and their families that meet eligibility criteria can participate in medical, dental, vision, and basic life insurance programs.
• Employees may enroll in the company’s 401(k) plan.
• Time Off and Paid Sick Leave are available according to the company’s policies.
• Paid holidays are provided throughout the calendar year.
• Hired applicants may be awarded Restricted Stock Units and receive annual bonuses based on eligibility and performance criteria.
• For more information on benefits, employees can visit iHerbBenefits.com.