The Application Security Engineer executes routine information security operations activities related to deploying, monitoring, analyzing, improving and troubleshooting a Secure Systems Development Life Cycle (S-SDLC). With guidance from management and senior staff, supports the implementation of appropriate application and information security procedures and products. Assists senior staff in the evaluation, development, implementation and operational aspects of security standards, procedures and guidelines for multiple platforms and diverse systems environments.
- Perform threat modeling, design reviews and code reviews of new Web, API’s and Mobile Applications.
- Manage remediation of any findings from internal or external assessments.
- Integrate security tools (e.g., DAST, SAST, SCA, etc.) in the delivery pipeline and the S-SDLC process.
- Assist in the review, monitoring and/or auditing of applicable daily Security Log Activity and Events. Take action as necessary; escalate to senior staff if required.
- Monitor and Maintain Application Security training and related awareness campaigns: Champion the Security & Privacy Awareness Program for Application Development
- Support our compliance programs (such as PCI) by helping implement and document controls, examining evidence for compliance to standards and perform recurring pen-tests of applications in scope.
The duties and responsibilities described above may provide only a partial description of this position. This is not an exhaustive list of all aspects of the job. Other duties and responsibilities not outlined in this document may be added as necessary or desirable, with or without notice.
Knowledge, Skills and Abilities:
- Ability to work in a fast paced, rapidly changing environment and a strong desire to learn
- Deep knowledge of OWASP Top 10 (2013 and/or 2017 Version) vulnerability detection and mitigation
- Knowledge of common scripting and application development languages (e.g. PowerShell, C#, Python, T-SQL etc.) and/or the ability to learn is required
- Demonstrate an understanding of key IT operational policies, processes and methodologies applicable to governance, risk management and compliance
- Understanding of PCI-DSS and EU GDPR
- Knowledge researching, analyzing and recommending information security solutions
- Knowledge of, experience in Key Management Administration for encryption keys and secrets
- A working knowledge of information security practices and concepts including intrusion detection/ prevention, access controls, risk analysis, vulnerability scanning, and data encryption
- High degree of accuracy and attention to detail
- Excellent organization skills and ability to multitask
- Strong knowledge of information systems and networking is required, at least on a conceptual level.
- 5+ years experience with application and network security
- Experience with various tooling in the Application Security space
- Experience identifying, assessing, and remediating technical security vulnerabilities
- Strong organizational, excellent written, verbal and interpersonal communication skills are needed to work effectively with a wide variety of staff, outside consultants and vendors.
- Bachelor’s Degree or higher in Information Technology, Information Security, Computer Science, or a related field strongly preferred. A demonstrable strong experience may be considered as a replacement for a college degree.
- Advanced industry certification strongly desired, e.g. SANS GIAC (CEH - Certified Ethical Hacker or GXPN - Exploit Researcher and Advanced Penetration Tester, are preferred), Offensive Security Certified Professional (OSCP), CompTIA Security+, CISSP,...
Judgment/Reasoning Ability: Able to identify, troubleshoot and resolve problems quickly using sound judgment, poise and diplomacy. Ability to use judgment and reasoning skills, and determine when to escalate issues, as required, in a timely manner.
Physical Demands: The physical demands described here are representative of those that must be met by a Team Member to successfully perform the essential functions of this job. While performing the duties of this job, the Team Member is regularly required to talk and hear. The Team Member is frequently required to sit, walk, climb stairs, use hands and fingers, bend, stoop and reach with hands and arms. Reaching above shoulder heights, below the waist or lifting as required to file documents or store materials throughout the work day. The Team Member may occasionally lift or move office products and supplies up to 25 pounds. Proper lifting techniques required. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.
Work Environment: The noise in the work environment is usually moderate. Other factors are:
- Hectic, fast-paced with multi-level distractions
- Professional, yet casual work environment
- Office / Warehouse environment
- Ability to work extended hours as required
iHerb is a leading global e-commerce retailer with an emphasis on providing an exceptional selection of nutritional and wellness products for the past 25 years. With over 30,000 products shipped to over 180 countries, we provide the best overall value for natural products through an innovative and efficient supply chain process.
Our teams have a strong sense of commitment and pride in their work, which has allowed us to grow, even during the recent pandemic. At iHerb, our purpose is to empower people to enhance their health, happiness, and well-being — that starts with valuing our team members by providing a positive work environment with competitive benefits. Our five shared values unite our team members across the globe and provide a stable foundation. These values speak to who we are, the culture we’re building, and how every single team member contributes to our larger company vision.
iHerb's Shared Values
Focus on the Customer · Empower Our People · Be Entrepreneurial & Pivot Quickly · Embrace Diversity & Inclusion · Strive for Simplicity
At iHerb, we are dedicated to offering programs designed to help our employees and their families stay healthy, live well and plan for the financial future. Built on a strong foundation, our programs provide options and upgrades with flexibility, protection, and security in mind. Below is a snapshot of the benefits we offer our team members. For a more comprehensive listing, visit www.iHerbBenefits.com.
- Medical Care: Starting in 2021, iHerb covers 100% of the associated cost for medical benefits
- Dental and Vision benefits
- Safe Harbor 401(k) + company match (100% of the first 6% of the employee’s contribution)
- Company-paid Term Life Insurance
- Short and Long Term Disability
- Flexible Spending Account (for qualifying expenses)
- Pet Insurance
- Voluntary Supplemental Benefits
- Education Reimbursement Programs
- Professional Development and Job Training
- Wellness Programs with opportunity to earn up to $300 per year
We strive for innovation, targeted at delivering a customer-centric experience while transforming the online shopping experience. We change direction and define ourselves in the idea that individually we are incredible but united our growth is infinite and paramount to our success. iHerb strives to be the global industry leader!
iHerb is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. iHerb provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment.