Principal Application Security Engineer
Upload My Resume
Drop here or click to browse · PDF, DOCX, DOC, RTF, TXT
Requirements
• Experience with Cloudflare security, AWS VPCs, EC2 instances and docker • Ability to drive good decisions through data with great attention to detail and deliver KPIs • Experience driving application security training, security champions and awareness campaigns • Active contributor to the security community (research, open source, publications…) with the ability to attract and hire great talent • Hired applicant may be awarded Restrict Stock Units and receive annual bonuses pursuant to eligibility and performance criteria defined in the respective plan documents and policies. • Anticipated Pay Scale: • $176,534 - $264,801 USD • Staffing Agency Submission Notice iHerb does not accept unsolicited 3rd party ("Agency") candidates. If you are an Agency, please send any requests to be considered as a supplier in our Vendor Management System to [email protected]. Do not contact iHerb employees directly. If requested to work on a role, any Agency candidates would be presented through the internal recruiting organization. • Staffing Agency Submission Notice • Focus on the Customer · Empower Our People · Be Entrepreneurial & Pivot Quickly · Embrace Diversity & Inclusion · Strive for Simplicity • Focus on the Customer · Empower Our People · Be Entrepreneurial & Pivot Quickly · • Embrace Diversity & Inclusion · Strive for Simplicity • iHerb BenefitsAt iHerb, we are dedicated to offering programs designed to help our employees and their families stay healthy, live well, and plan for their financial future. Built on a strong foundation, our programs provide options and upgrades with flexibility, protection, and security in mind. For the comprehensive benefits list, visit www.iHerbBenefits.com. For our international team members, you may be eligible for benefits depending on the country where you are employed. The Talent Acquisition Partner/local HR representative will go over the benefits you are eligible for.
Responsibilities
• Lead cross-functional projects and establish cutting-edge security development lifecycle practices • Directed security design reviews and threat modeling for new and existing services at iHerb • Evaluate, prototype, implement, and operate security-focused tools and services • Create new secure architecture standards, frameworks and patterns spanning multiple layers • Discover and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations • Evaluate, prototype, implement, and operate security tools and services (DAST, SAST, SCA...) • Maintain a strong knowledge of current security threats and operational best practices • Drive our security assessment, penetration testing and bug bounty programs • Participate in security incident response • In order to be successful in this role you must have: • Demonstrated technical foundation (Computer Science / Engineering degree or equivalent experience) with an innate ability to translate technical vulnerabilities into organizational risks • 8+ years of technical security leadership at a top-tier software company including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies • Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…) • Proficiency implementing SDL process, technology, and automation in a DevOps environment • Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption • Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...) • Excellent problem solving, critical thinking, collaboration and communication skills
Similar Jobs
No credit card. Takes 10 seconds.