United States onlyWe are looking for a hands-on Principal Application Security Engineer to lead our Secure Development Lifecycle assurance processes, security automation technologies, drive the security hardening strategy across our product and respond to current and emerging security threats.
Requirements
- Lead cross-functional, enterprise-wide projects and define the strategic direction for cutting-edge security development lifecycle (SDL) practices
- Conduct security design reviews and sophisticated threat modeling for new and existing mission-critical services across the entire platform
- Establish secure architecture standards, frameworks, and resilient security patterns spanning application, cloud-native, and infrastructure layers
- Evaluate, prototype, implement, operate, and provide governance over core security tools and services (DAST, SAST, SCA, WAF, Secrets Management, etc.)
- Discover and analyze emerging security threats, determining applicability to iHerb, and proactively implement centralized mitigations
- Maintain a strong knowledge of current security threats and operational best practices
- Drive our security assessment, penetration testing, and bug bounty programs translating findings into comprehensive, systemic risk reduction strategies
- Ensure all application security practices adhere to the Payment Card Industry Data Security Standard (PCI DSS) requirements
- Participate in security incident response activities as a technical leader
Benefits
- Medical, dental, vision, and basic life insurance programs
- 401(k) plan
- Time Off and Paid Sick Leave
- Paid holidays
- Restrict Stock Units
- Annual bonuses
Saudi Arabia only
