You haven't searched anything yet.
Job Summary:
The Product Security Engineer will help with our Secure Development Lifecycle assurance processes, our security automation technologies, drive the security hardening strategy across our product and respond to current and emerging security threats. This role will contribute tremendously to our Product Security team working with development teams globally to define new security capabilities, and partnering with leaders across the organization to deliver company-wide security initiatives.
Job Expectations:
Drive cross-functional projects and establish cutting-edge security development lifecycle practices
Lead security design reviews and threat modeling for new and existing services at iHerb
Evaluate, prototype, implement, and operate security-focused tools and services
Develop new secure architecture standards, frameworks and patterns spanning multiple layers
Understand and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations
Evaluate, prototype, implement, and operate security tools and services (DAST, SAST, SCA...)
Maintain a strong knowledge of current security threats and operational best practices
Take part in our security assessment, penetration testing and bug bounty programs
Participate in security incident response
The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job. Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.
Knowledge, Skills and Abilities:
Required:
Demonstrated technical foundation
Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…)
Proficiency implementing SDL process, technology, and automation in a DevOps environment
Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption
Excellent problem solving, critical thinking, collaboration and communication skills
Experience driving application security training, security champions and awareness campaigns
Active contributor to the security community (research, open source, publications…)
Equipment Knowledge:
Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...)
Experience Requirements:
Generally requires three (3) plus years of technical security experience at top-tier software companies including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies
Education Requirements:
Computer Science / Engineering degree or equivalent experience with an ability to translate technical vulnerabilities into organizational risks
Judgment/Reasoning Ability: Able to identify, troubleshoot and resolve problems quickly using sound judgment, poise and diplomacy. Ability to use judgment and reasoning skills, and determine when to escalate issues, as required, in a timely manner.
Physical Demands: The physical demands described here are representative of those that must be met by a Team Member to successfully perform the essential functions of this job. While performing the duties of this job, the Team Member is regularly required to talk and hear. The Team Member is frequently required to sit, walk, climb stairs, use hands and fingers, bend, stoop and reach with hands and arms. Reaching above shoulder heights, below the waist or lifting as required to file documents or store materials throughout the work day. The Team Member may occasionally lift or move office products and supplies up to 25 pounds. Proper lifting techniques required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Work Environment: The noise in the work environment is usually moderate. Other factors are:
Hectic, fast-paced with multi-level distractions
Professional, yet casual work environment
Office / Warehouse environment
Ability to work extended hours as required
#LI-JC1 #LI-REMOTE
Full Time
Retail
$94k-117k (estimate)
01/08/2023
02/11/2023
iherb.com
PERRIS, CA
1,000 - 3,000
1996
REZA FARAEE
$1B - $3B
Retail
About iHerb iHerb is a leading global e-commerce retailer with an emphasis on providing an exceptional selection of nutritional and wellness products for the past 25 years. With over 30,000 products shipped to over 180 countries, we provide the best overall value for natural products through an innovative and efficient supply chain process. Our teams have a strong sense of commitment and pride in their work, which has allowed us to grow, even during the recent pandemic. At iHerb, our purpose is to empower people to enhance their health, happiness, and well-being that starts with valuing our t...eam members by providing a positive work environment with competitive benefits. Our five shared values unite our team members across the globe and provide a stable foundation. These values speak to who we are, the culture were building, and how every single team member contributes to our larger company vision. iHerb's Shared Values Focus on the Customer Empower Our People Be Entrepreneurial & Pivot Quickly Embrace Diversity & Inclusion Strive for Simplicity Our Vision & Mission To offer our Customer's best selection of available natural products, at the best possible value, delivered with the most convenient experience. Purpose: We empower people to enhance their health, happiness and well-being.
More
Show less
The job skills required for Product Security Engineer (Remote) include Computer Science, Problem Solving, Communication Skills, Collaboration, Critical Thinking, etc. Having related job skills and expertise will give you an advantage when applying to be a Product Security Engineer (Remote). That makes you unique and can impact how much salary you can get paid. Below are job openings related to skills required by Product Security Engineer (Remote). Select any job title you are interested in and start to search job requirements.
The following is the career advancement route for Product Security Engineer (Remote) positions, which can be used as a reference in future career path planning. As a Product Security Engineer (Remote), it can be promoted into senior positions as a Network Engineer III that are expected to handle more key tasks, people in this role will get a higher salary paid than an ordinary Product Security Engineer (Remote). You can explore the career advancement for a Product Security Engineer (Remote) below and select your interested title to get hiring information.