Apply on Employer Site

iHerb · 1 day ago

Application Security Lead

United States

Full-time

Remote

Senior Level, Lead/Staff

$177K/yr - $265K/yr

8+ years exp

iHerb is on a mission to make health and wellness accessible to all, and they are seeking an Application Security Lead to enhance their security practices. The role involves leading security projects, conducting threat modeling, and establishing secure architecture standards to protect their e-commerce platform.

BeautyDelivery ServiceE-CommerceFood and BeverageHealth CareRetailSoftwareWellness

Comp. & Benefits

H1B Sponsor Likely

Responsibilities

Lead cross-functional, enterprise-wide projects and define the strategic direction for cutting-edge security development lifecycle (SDL) practices

Conduct security design reviews and sophisticated threat modeling for new and existing mission-critical services across the entire platform

Establish secure architecture standards, frameworks, and resilient security patterns spanning application, cloud-native, and infrastructure layers

Evaluate, prototype, implement, operate, and provide governance over core security tools and services (DAST, SAST, SCA, WAF, Secrets Management, etc.)

Discover and analyze emerging security threats, determining applicability to iHerb, and proactively implement centralized mitigations

Maintain a strong knowledge of current security threats and operational best practices

Drive our security assessment, penetration testing, and bug bounty programs translating findings into comprehensive, systemic risk reduction strategies

Ensure all application security practices adhere to the Payment Card Industry Data Security Standard (PCI DSS) requirements

Participate in security incident response activities as a technical leader

Qualification

Application SecurityThreat ModelingSecurity ArchitecturePCI DSS ComplianceCloud ComputingCryptographySecurity AutomationProgramming LanguagesSecurity CertificationsCollaboration SkillsProblem SolvingCritical ThinkingCommunication Skills

Required

Demonstrated technical foundation (Computer Science / Engineering degree or equivalent experience) with an innate ability to translate technical vulnerabilities into organizational risks

8+ years of technical security experience at a top-tier software company, including hands-on experience with threat modeling, security design, security architecture, cryptography, mobile security, cloud computing technologies, and security products

Expert understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…)

Deep, demonstrable knowledge of the e-commerce transaction lifecycle and expert command of PCI DSS compliance standards within a high-transaction environment

Proven track record of driving the implementation of SDL processes, technology, and automation in sophisticated DevOps/DevSecOps environments

Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption

Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...)

Exceptional problem solving, critical thinking, collaboration and communication skills with the ability to influence technical and executive leadership

Preferred

Experience in an e-commerce or high-transaction environment, specifically with knowledge of PCI DSS compliance requirements

Experience with Cloudflare security, AWS VPCs, EC2 instances and Docker/containers

Experience driving application security training, security champions and awareness campaigns

Active contributor to the security community (research, open source, publications…) with the ability to attract and hire great talent

Relevant security certifications (e.g., OSCP, CISSP, CSSLP)

Benefits

Medical, dental, vision, and basic life insurance programs

401(k) plan

Time Off

Paid Sick Leave

Paid holidays

Restrict Stock Units

Annual bonuses

Company

iHerb

Glassdoor4.1

iHerb is on a mission to make health and wellness accessible to all.

Founded in 1996

Irvine, California, USA

1001-5000 employees

http://www.iherb.com

H1B Sponsorship

iHerb has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (4)

2024 (2)

2023 (2)

2022 (6)

2021 (2)

2020 (1)