iHerb
Product Security Engineer
iHerb, Irvine, California, United States, 92713
Job Summary:The Product Security Engineer will help with our Secure Development Lifecycle assurance processes, our security automation technologies, drive the security hardening strategy across our product and respond to current and emerging security threats. This role will contribute tremendously to our Product Security team working with development teams globally to define new security capabilities, and partnering with leaders across the organization to deliver company-wide security initiatives.Job Expectations:Drive cross-functional projects and establish cutting-edge security development lifecycle practicesLead security design reviews and threat modeling for new and existing services at iHerbEvaluate, prototype, implement, and operate security-focused tools and servicesDevelop new secure architecture standards, frameworks and patterns spanning multiple layersUnderstand and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigationsEvaluate, prototype, implement, and operate security tools and services (DAST, SAST, SCA...)Maintain a strong knowledge of current security threats and operational best practicesTake part in our security assessment, penetration testing and bug bounty programsParticipate in security incident responseKnowledge, Skills and Abilities:Required:Demonstrated technical foundationSolid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…)Proficiency implementing SDL process, technology, and automation in a DevOps environmentExperience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryptionExcellent problem solving, critical thinking, collaboration and communication skillsExperience driving application security training, security champions and awareness campaignsActive contributor to the security community (research, open source, publications…)Equipment Knowledge:Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...)Experience Requirements:Generally requires three (3) plus years of technical security experience at top-tier software companies including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies.Education Requirements:Computer Science / Engineering degree or equivalent experience with an ability to translate technical vulnerabilities into organizational risks.Judgment/Reasoning Ability:
Able to identify, troubleshoot and resolve problems quickly using sound judgment, poise and diplomacy. Ability to use judgment and reasoning skills, and determine when to escalate issues, as required, in a timely manner.Physical Demands:
The physical demands described here are representative of those that must be met by a Team Member to successfully perform the essential functions of this job. While performing the duties of this job, the Team Member is regularly required to talk and hear. The Team Member is frequently required to sit, walk, climb stairs, use hands and fingers, bend, stoop and reach with hands and arms. Reaching above shoulder heights, below the waist or lifting as required to file documents or store materials throughout the work day. The Team Member may occasionally lift or move office products and supplies up to 25 pounds. Proper lifting techniques required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.Work Environment:
The noise in the work environment is usually moderate. Other factors are:Hectic, fast-paced with multi-level distractionsProfessional, yet casual work environmentOffice / Warehouse environmentAbility to work extended hours as required
#J-18808-Ljbffr
Able to identify, troubleshoot and resolve problems quickly using sound judgment, poise and diplomacy. Ability to use judgment and reasoning skills, and determine when to escalate issues, as required, in a timely manner.Physical Demands:
The physical demands described here are representative of those that must be met by a Team Member to successfully perform the essential functions of this job. While performing the duties of this job, the Team Member is regularly required to talk and hear. The Team Member is frequently required to sit, walk, climb stairs, use hands and fingers, bend, stoop and reach with hands and arms. Reaching above shoulder heights, below the waist or lifting as required to file documents or store materials throughout the work day. The Team Member may occasionally lift or move office products and supplies up to 25 pounds. Proper lifting techniques required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.Work Environment:
The noise in the work environment is usually moderate. Other factors are:Hectic, fast-paced with multi-level distractionsProfessional, yet casual work environmentOffice / Warehouse environmentAbility to work extended hours as required
#J-18808-Ljbffr