Principal Security Engineer
Are you passionate about securing global-scale ecommerce services and applications that power millions of customers across over a hundred countries around the globe? We are looking for a hands-on Principal Product Security Engineer to lead our Secure Development Lifecycle assurance processes, our security automation technologies, drive the security hardening strategy across our product and respond to current and emerging security threats. This role can be fully remote and must reside in US.
In this role, you will help us drive our Product Security strategy working with development teams globally to define new security capabilities, grow the team by hiring the best talent, and partner with senior leaders across the organization to deliver company-wide security initiatives.
Responsibilities Include::
Lead cross-functional projects and establish cutting-edge security development lifecycle practices
Directed security design reviews and threat modeling for new and existing services at iHerb
Evaluate, prototype, implement, and operate security-focused tools and services
Create new secure architecture standards, frameworks and patterns spanning multiple layers
Discover and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations
Evaluate, prototype, implement, and operate security tools and services (DAST, SAST, SCA...)
Maintain a strong knowledge of current security threats and operational best practices
Drive our security assessment, penetration testing and bug bounty programs
Participate in security incident response
In order to be successful in this role you must have:
Demonstrated technical foundation (Computer Science / Engineering degree or equivalent experience) with an innate ability to translate technical vulnerabilities into organizational risks
8+ years of technical security leadership at a top-tier software company including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies
Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…)
Proficiency implementing SDL process, technology, and automation in a DevOps environment
Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption
Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...)
Excellent problem solving, critical thinking, collaboration and communication skills
Bonus Qualifications:
Experience with Cloudflare security, AWS VPCs, EC2 instances and docker
Ability to drive good decisions through data with great attention to detail and deliver KPIs
Experience driving application security training, security champions and awareness campaigns
Active contributor to the security community (research, open source, publications…) with the ability to attract and hire great talent
#LI-JC1
The anticipated pay scale for this position can be found below, however the pay range applicable to you may vary by geographic location based on where the job is located or where you work. The final pay offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and years of experience within the job, the type of years and experience within the industry, education, etc. iHerb, LLC is a multi-state employer and this pay scale may not reflect positions that work in other states or locations. Employees (and their families) that meet eligibility criteria as outlined in applicable plan documents are eligible to participate in our medical, dental, vision, and basic life insurance programs and may enroll in our company’s 401(k) plan. Employees will also be eligible for Time Off and Paid Sick Leave pursuant to the company’s policies. Employees will enjoy paid holidays throughout the calendar year. Eligibility requirements for these benefits will be controlled by applicable plan documents. Hired applicant may be awarded Restrict Stock Units and receive annual bonuses pursuant to eligibility and performance criteria defined in the respective plan documents and policies. For more information on iHerb benefits, visit us at iHerbBenefits.com.
Anticipated Pay Scale:
$176,534—$264,801 USD
About the job
Apply for this position
Principal Security Engineer
Are you passionate about securing global-scale ecommerce services and applications that power millions of customers across over a hundred countries around the globe? We are looking for a hands-on Principal Product Security Engineer to lead our Secure Development Lifecycle assurance processes, our security automation technologies, drive the security hardening strategy across our product and respond to current and emerging security threats. This role can be fully remote and must reside in US.
In this role, you will help us drive our Product Security strategy working with development teams globally to define new security capabilities, grow the team by hiring the best talent, and partner with senior leaders across the organization to deliver company-wide security initiatives.
Responsibilities Include::
Lead cross-functional projects and establish cutting-edge security development lifecycle practices
Directed security design reviews and threat modeling for new and existing services at iHerb
Evaluate, prototype, implement, and operate security-focused tools and services
Create new secure architecture standards, frameworks and patterns spanning multiple layers
Discover and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations
Evaluate, prototype, implement, and operate security tools and services (DAST, SAST, SCA...)
Maintain a strong knowledge of current security threats and operational best practices
Drive our security assessment, penetration testing and bug bounty programs
Participate in security incident response
In order to be successful in this role you must have:
Demonstrated technical foundation (Computer Science / Engineering degree or equivalent experience) with an innate ability to translate technical vulnerabilities into organizational risks
8+ years of technical security leadership at a top-tier software company including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies
Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…)
Proficiency implementing SDL process, technology, and automation in a DevOps environment
Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption
Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...)
Excellent problem solving, critical thinking, collaboration and communication skills
Bonus Qualifications:
Experience with Cloudflare security, AWS VPCs, EC2 instances and docker
Ability to drive good decisions through data with great attention to detail and deliver KPIs
Experience driving application security training, security champions and awareness campaigns
Active contributor to the security community (research, open source, publications…) with the ability to attract and hire great talent
#LI-JC1
The anticipated pay scale for this position can be found below, however the pay range applicable to you may vary by geographic location based on where the job is located or where you work. The final pay offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and years of experience within the job, the type of years and experience within the industry, education, etc. iHerb, LLC is a multi-state employer and this pay scale may not reflect positions that work in other states or locations. Employees (and their families) that meet eligibility criteria as outlined in applicable plan documents are eligible to participate in our medical, dental, vision, and basic life insurance programs and may enroll in our company’s 401(k) plan. Employees will also be eligible for Time Off and Paid Sick Leave pursuant to the company’s policies. Employees will enjoy paid holidays throughout the calendar year. Eligibility requirements for these benefits will be controlled by applicable plan documents. Hired applicant may be awarded Restrict Stock Units and receive annual bonuses pursuant to eligibility and performance criteria defined in the respective plan documents and policies. For more information on iHerb benefits, visit us at iHerbBenefits.com.
Anticipated Pay Scale:
$176,534—$264,801 USD