Job Summary:

The Application Security Engineer executes routine information security operations activities related to deploying, monitoring, analyzing, improving and troubleshooting a Secure Systems Development Life Cycle (S-SDLC). With guidance from management and senior staff, supports the implementation of appropriate application and information security procedures and products. Assists senior staff in the evaluation, development, implementation and operational aspects of security standards, procedures and guidelines for multiple platforms and diverse systems environments.                                                                                                                                      

Job Expectations:

  • Perform threat modeling, design reviews and code reviews of new Web, API’s and Mobile Applications.

  • Manage remediation of any findings from internal or external assessments.

  • Integrate security tools (e.g., DAST, SAST, SCA, etc.) in the delivery pipeline and the S-SDLC process.

  • Assist in the review, monitoring and/or auditing of applicable daily Security Log Activity and Events. Take action as necessary; escalate to senior staff if required.

  • Monitor and Maintain Application Security training and related awareness campaigns: Champion the Security & Privacy Awareness Program for Application Development

  • Support our compliance programs (such as PCI) by helping implement and document controls, examining evidence for compliance to standards and perform recurring pen-tests of applications in scope.

 

The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job.  Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.

 

Knowledge, Skills and Abilities:

   Required:      

  • Ability to work in a fast paced, rapidly changing environment and a strong desire to learn

  • Deep knowledge of OWASP Top 10 (2013 and/or 2017 Version) vulnerability detection and mitigation

  • Knowledge of common scripting and application development languages (e.g. PowerShell, C#, Python, T-SQL etc.)  and/or the ability to learn is required

  • Demonstrate an understanding of key IT operational policies, processes and methodologies applicable to governance, risk management and compliance

  • Understanding of PCI-DSS and EU GDPR

  • Knowledge researching, analyzing and recommending information security solutions

  • Knowledge of, experience in Key Management Administration for encryption keys and secrets

  • A working knowledge of information security practices and concepts including intrusion detection/ prevention, access controls, risk analysis, vulnerability scanning, and data encryption

  • High degree of accuracy and attention to detail

  • Excellent organization skills and ability to multitask

  • Strong knowledge of information systems and networking is required, at least on a conceptual level.

 

Experience Requirements:

  • 5+ years experience with application and network security

  • Experience with various tooling in the Application Security space

  • Experience identifying, assessing, and remediating technical security vulnerabilities

  • Strong organizational, excellent written, verbal and interpersonal communication skills are needed to work effectively with a wide variety of staff, outside consultants and vendors.

 

Education Requirements:

  • Bachelor’s Degree or higher in Information Technology, Information Security, Computer Science, or a related field strongly preferred. A demonstrable strong experience may be considered as a replacement for a college degree.

  • Advanced industry certification strongly desired, e.g. SANS GIAC (CEH - Certified Ethical Hacker or GXPN - Exploit Researcher and Advanced Penetration Tester, are preferred), Offensive Security Certified Professional (OSCP), CompTIA Security+, CISSP

 

 

At iHerb, we are dedicated to offering programs designed to help our employees and their families stay healthy, live well and plan for the financial future. Built on a strong foundation, our programs provide options and upgrades with flexibility, protection, and security in mind. Below is a snapshot of the benefits we offer our team members.  For a more comprehensive listing, visit www.iHerbBenefits.com. 

  • Medical Care: Starting in 2021, iHerb covers 100% of the associated cost for medical benefits
  • Dental and Vision benefits
  • Safe Harbor 401(k) + company match (100% of the first 6% of the employee’s contribution)
  • Company-paid Term Life Insurance
  • Short and Long Term Disability
  • Flexible Spending Account (for qualifying expenses)
  • Pet Insurance
  • Voluntary Supplemental Benefits
  • Education Reimbursement Programs
  • Professional Development and Job Training
  • Wellness Programs with opportunity to earn up to $300 per year


We strive for innovation, targeted at delivering a customer-centric experience while transforming the online shopping experience. We change direction and define ourselves in the idea that individually we are incredible but united our growth is infinite and paramount to our success. iHerb strives to be the global industry leader!

iHerb is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. iHerb provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment.

Apply for this Job

* Required
  
  


U.S. Equal Opportunity Employment Information (Completion is voluntary)

Individuals seeking employment at iHerb are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, gender identity, or sexual orientation. You are being given the opportunity to provide the following information in order to help us comply with federal and state Equal Employment Opportunity/Affirmative Action record keeping, reporting, and other legal requirements.

Completion of the form is entirely voluntary. Whatever your decision, it will not be considered in the hiring process or thereafter. Any information that you do provide will be recorded and maintained in a confidential file.

Race & Ethnicity Definitions

If you believe you belong to any of the categories of protected veterans listed below, please indicate by making the appropriate selection. As a government contractor subject to Vietnam Era Veterans Readjustment Assistance Act (VEVRAA), we request this information in order to measure the effectiveness of the outreach and positive recruitment efforts we undertake pursuant to VEVRAA. Classification of protected categories is as follows:

A "disabled veteran" is one of the following: a veteran of the U.S. military, ground, naval or air service who is entitled to compensation (or who but for the receipt of military retired pay would be entitled to compensation) under laws administered by the Secretary of Veterans Affairs; or a person who was discharged or released from active duty because of a service-connected disability.

A "recently separated veteran" means any veteran during the three-year period beginning on the date of such veteran's discharge or release from active duty in the U.S. military, ground, naval, or air service.

An "active duty wartime or campaign badge veteran" means a veteran who served on active duty in the U.S. military, ground, naval or air service during a war, or in a campaign or expedition for which a campaign badge has been authorized under the laws administered by the Department of Defense.

An "Armed forces service medal veteran" means a veteran who, while serving on active duty in the U.S. military, ground, naval or air service, participated in a United States military operation for which an Armed Forces service medal was awarded pursuant to Executive Order 12985.


Form CC-305

OMB Control Number 1250-0005

Expires 05/31/2023

Voluntary Self-Identification of Disability

Why are you being asked to complete this form?

We are a federal contractor or subcontractor required by law to provide equal employment opportunity to qualified people with disabilities. We are also required to measure our progress toward having at least 7% of our workforce be individuals with disabilities. To do this, we must ask applicants and employees if they have a disability or have ever had a disability. Because a person may become disabled at any time, we ask all of our employees to update their information at least every five years.

Identifying yourself as an individual with a disability is voluntary, and we hope that you will choose to do so. Your answer will be maintained confidentially and not be seen by selecting officials or anyone else involved in making personnel decisions. Completing the form will not negatively impact you in any way, regardless of whether you have self-identified in the past. For more information about this form or the equal employment obligations of federal contractors under Section 503 of the Rehabilitation Act, visit the U.S. Department of Labor’s Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

How do you know if you have a disability?

You are considered to have a disability if you have a physical or mental impairment or medical condition that substantially limits a major life activity, or if you have a history or record of such an impairment or medical condition.

Disabilities include, but are not limited to:

  • Autism
  • Autoimmune disorder, for example, lupus, fibromyalgia, rheumatoid arthritis, or HIV/AIDS
  • Blind or low vision
  • Cancer
  • Cardiovascular or heart disease
  • Celiac disease
  • Cerebral palsy
  • Deaf or hard of hearing
  • Depression or anxiety
  • Diabetes
  • Epilepsy
  • Gastrointestinal disorders, for example, Crohn's Disease, or irritable bowel syndrome
  • Intellectual disability
  • Missing limbs or partially missing limbs
  • Nervous system condition for example, migraine headaches, Parkinson’s disease, or Multiple sclerosis (MS)
  • Psychiatric condition, for example, bipolar disorder, schizophrenia, PTSD, or major depression

1Section 503 of the Rehabilitation Act of 1973, as amended. For more information about this form or the equal employment obligations of Federal contractors, visit the U.S. Department of Labor's Office of Federal Contract Compliance Programs (OFCCP) website at www.dol.gov/ofccp.

PUBLIC BURDEN STATEMENT: According to the Paperwork Reduction Act of 1995 no persons are required to respond to a collection of information unless such collection displays a valid OMB control number. This survey should take about 5 minutes to complete.