Product Security Manager
About iHerb
iHerb is a global leader in health and wellness e-commerce, offering a vast selection of vitamins, supplements, and natural products. Our mission is to make health and wellness accessible to everyone. We are a passionate, fast-growing team of innovators and builders committed to providing a secure and seamless shopping experience for our millions of customers worldwide.
About the Role
We are seeking a highly skilled and experienced Product Security Manager to lead our security initiatives. In this crucial role, you will be responsible for defining, implementing, and maintaining security standards and practices across our product development lifecycle. You will work closely with engineering, product management, and other cross-functional teams to ensure our products and applications are designed and built with security as a top priority.
What you'll do
Develop and implement a comprehensive product security strategy, including policies, standards, roadmap, and guidelines.
Lead 'shift left' security initiatives, embedding security directly into the software development lifecycle with a focus on automation and scalability.
Oversee proactive product security testing activities, including code review, code vulnerability scanning, and penetration testing.
Ensure your team has the right processes to assist with threat modeling, secure design reviews, risk acceptance, and security code reviews.
Operate our vulnerability management and bug bounty/vulnerability disclosure programs to proactively identify and address security flaws.
Manage product security incidents and coordinate response efforts when product security vulnerabilities are identified.
Provide developer security training and awareness programs to product and engineering teams.
Encourage the automation of security-specific tasks and build tools that empower iHerb teams to self-serve their security needs.
Build strong partnerships and collaborate with product and engineering managers to champion security best practices across the organization.
Stay up-to-date with the latest security trends, technologies, and threats to ensure our products remain secure.
Manage and grow a team of application and product security engineers, guiding them to deliver high-impact projects that enhance our security posture.
Develop and maintain a set of high quality metrics that measure the effectiveness of the product security program at iHerb and regularly report to leadership.
Qualifications
Bachelor's degree in Computer Science, Information Security, or a related field.
Minimum of 8 years of experience in product security, application security, or a similar role.
3+ years of engineering management experience.
Strong understanding of secure software development principles and common security vulnerabilities (e.g., OWASP Top 10).
Experience with standardized frameworks for maturing software security (OWASP SAMM, BSIMM)
Experience with security testing tools and methodologies, i.e. SAST, DAST, SCA, and secret scanning.
Experienced in securing complex cloud environments (Kubernetes, Docker, AWS/GCP).
Excellent communication, leadership, and interpersonal skills with a bias for action.
Ability to work effectively in a fast-paced, dynamic environment and move forward with incomplete or lacking information.
Passion for building diverse, high-performing teams and growing engineers in a hybrid and remote setting.
Ability to identify, evaluate potential vendor products and negotiate.
Preferred Qualifications
Master's degree or relevant security certifications (e.g., CISSP, CSSLP).
Experience with security automation and DevSecOps practices.
Security community contributions, talks/presentations, CVEs, etc.
#LI-JC1
The anticipated pay scale for this position can be found below, however the pay range applicable to you may vary by geographic location based on where the job is located or where you work. The final pay offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and years of experience within the job, the type of years and experience within the industry, education, etc. iHerb, LLC is a multi-state employer and this pay scale may not reflect positions that work in other states or locations. Employees (and their families) that meet eligibility criteria as outlined in applicable plan documents are eligible to participate in our medical, dental, vision, and basic life insurance programs and may enroll in our company’s 401(k) plan. Employees will also be eligible for Time Off and Paid Sick Leave pursuant to the company’s policies. Employees will enjoy paid holidays throughout the calendar year. Eligibility requirements for these benefits will be controlled by applicable plan documents. Hired applicant may be awarded Restrict Stock Units and receive annual bonuses pursuant to eligibility and performance criteria defined in the respective plan documents and policies. For more information on iHerb benefits, visit us at iHerbBenefits.com.
Anticipated Pay Scale:
$162,190—$221,169 USD
About the job
Apply for this position
Product Security Manager
About iHerb
iHerb is a global leader in health and wellness e-commerce, offering a vast selection of vitamins, supplements, and natural products. Our mission is to make health and wellness accessible to everyone. We are a passionate, fast-growing team of innovators and builders committed to providing a secure and seamless shopping experience for our millions of customers worldwide.
About the Role
We are seeking a highly skilled and experienced Product Security Manager to lead our security initiatives. In this crucial role, you will be responsible for defining, implementing, and maintaining security standards and practices across our product development lifecycle. You will work closely with engineering, product management, and other cross-functional teams to ensure our products and applications are designed and built with security as a top priority.
What you'll do
Develop and implement a comprehensive product security strategy, including policies, standards, roadmap, and guidelines.
Lead 'shift left' security initiatives, embedding security directly into the software development lifecycle with a focus on automation and scalability.
Oversee proactive product security testing activities, including code review, code vulnerability scanning, and penetration testing.
Ensure your team has the right processes to assist with threat modeling, secure design reviews, risk acceptance, and security code reviews.
Operate our vulnerability management and bug bounty/vulnerability disclosure programs to proactively identify and address security flaws.
Manage product security incidents and coordinate response efforts when product security vulnerabilities are identified.
Provide developer security training and awareness programs to product and engineering teams.
Encourage the automation of security-specific tasks and build tools that empower iHerb teams to self-serve their security needs.
Build strong partnerships and collaborate with product and engineering managers to champion security best practices across the organization.
Stay up-to-date with the latest security trends, technologies, and threats to ensure our products remain secure.
Manage and grow a team of application and product security engineers, guiding them to deliver high-impact projects that enhance our security posture.
Develop and maintain a set of high quality metrics that measure the effectiveness of the product security program at iHerb and regularly report to leadership.
Qualifications
Bachelor's degree in Computer Science, Information Security, or a related field.
Minimum of 8 years of experience in product security, application security, or a similar role.
3+ years of engineering management experience.
Strong understanding of secure software development principles and common security vulnerabilities (e.g., OWASP Top 10).
Experience with standardized frameworks for maturing software security (OWASP SAMM, BSIMM)
Experience with security testing tools and methodologies, i.e. SAST, DAST, SCA, and secret scanning.
Experienced in securing complex cloud environments (Kubernetes, Docker, AWS/GCP).
Excellent communication, leadership, and interpersonal skills with a bias for action.
Ability to work effectively in a fast-paced, dynamic environment and move forward with incomplete or lacking information.
Passion for building diverse, high-performing teams and growing engineers in a hybrid and remote setting.
Ability to identify, evaluate potential vendor products and negotiate.
Preferred Qualifications
Master's degree or relevant security certifications (e.g., CISSP, CSSLP).
Experience with security automation and DevSecOps practices.
Security community contributions, talks/presentations, CVEs, etc.
#LI-JC1
The anticipated pay scale for this position can be found below, however the pay range applicable to you may vary by geographic location based on where the job is located or where you work. The final pay offered to a successful candidate will be dependent on several factors that may include but are not limited to the type and years of experience within the job, the type of years and experience within the industry, education, etc. iHerb, LLC is a multi-state employer and this pay scale may not reflect positions that work in other states or locations. Employees (and their families) that meet eligibility criteria as outlined in applicable plan documents are eligible to participate in our medical, dental, vision, and basic life insurance programs and may enroll in our company’s 401(k) plan. Employees will also be eligible for Time Off and Paid Sick Leave pursuant to the company’s policies. Employees will enjoy paid holidays throughout the calendar year. Eligibility requirements for these benefits will be controlled by applicable plan documents. Hired applicant may be awarded Restrict Stock Units and receive annual bonuses pursuant to eligibility and performance criteria defined in the respective plan documents and policies. For more information on iHerb benefits, visit us at iHerbBenefits.com.
Anticipated Pay Scale:
$162,190—$221,169 USD