iHerb, LLC logo
iHerb, LLC

Come join the movement....we are a vehicle to healthy living!

Principal Application Security Engineer

Application EngineerApplication EngineerFull TimeRemoteLeadTeam 1,001-5,000Since 1996H1B No SponsorCompany SiteLinkedIn

Location

United States

Posted

2 days ago

Salary

$177K - $225K / year

Seniority

Lead

Job Description

Principal Application Security Engineer

iHerb, LLC

Role Description Are you passionate about securing global-scale ecommerce services and applications that power millions of customers across over a hundred countries around the globe? We are looking for a hands-on Principal Product Security Engineer to lead our Secure Development Lifecycle assurance processes, our security automation technologies, drive the security hardening strategy across our product and respond to current and emerging security threats. This role can be fully remote and must reside in US. In this role, you will help us drive our Product Security strategy working with development teams globally to: - Define new security capabilities - Grow the team by hiring the best talent - Partner with senior leaders across the organization to deliver company-wide security initiatives Responsibilities Include: - Lead cross-functional projects and establish cutting-edge security development lifecycle practices - Directed security design reviews and threat modeling for new and existing services at iHerb - Evaluate, prototype, implement, and operate security-focused tools and services - Create new secure architecture standards, frameworks and patterns spanning multiple layers - Discover and analyze emerging security threats, determining applicability to iHerb and proactively implement centralized mitigations - Evaluate, prototype, implement, and operate security tools and services (DAST, SAST, SCA...) - Maintain a strong knowledge of current security threats and operational best practices - Drive our security assessment, penetration testing and bug bounty programs - Participate in security incident response Qualifications - Demonstrated technical foundation (Computer Science / Engineering degree or equivalent experience) with an innate ability to translate technical vulnerabilities into organizational risks - 8+ years of technical security leadership at a top-tier software company including experience with security products, threat modeling, security design, security architecture, cryptography, mobile security, and broader cloud computing technologies - Solid understanding of common application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE 25…) - Proficiency implementing SDL process, technology, and automation in a DevOps environment - Experience with large-scale web applications and microservices, including API design, access management, authorization, authentication, data protection and encryption - Knowledge of major programming languages and frameworks (e.g. Python, C# .NET, JavaScript, node.js, Java...) - Excellent problem solving, critical thinking, collaboration and communication skills Bonus Qualifications - Experience with Cloudflare security, AWS VPCs, EC2 instances and docker - Ability to drive good decisions through data with great attention to detail and deliver KPIs - Experience driving application security training, security champions and awareness campaigns - Active contributor to the security community (research, open source, publications…) with the ability to attract and hire great talent Compensation The expected salary range for this role is $177,000.00 - $225,000.00 USD. The actual base pay offered will be determined by factors such as the candidate's relevant experience, education, geographic location, and internal equity. If you like wild growth and working with happy, enthusiastic over-achievers, you'll enjoy your career with us! Staffing Agency Submission Notice iHerb does not accept unsolicited 3rd party ("Agency") candidates. If you are an Agency, please send any requests to be considered as a supplier in our Vendor Management System to staffingvendors@iherb.com. Do not contact iHerb employees directly. If requested to work on a role, any Agency candidates would be presented through the internal recruiting organization. Equal Opportunity Employer iHerb is an Equal Opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability or veteran status. iHerb provides equal employment opportunities to all applicants for employment and prohibits discrimination and harassment.

Related Categories

Related Job Pages

More Application Engineer Jobs

CVS Health logo

Senior Manager – Application Security Engineering

CVS Health

CVS Health is a leading healthcare company operating CVS Specialty, CVS Pharmacy, CVS MinuteClinic, and CVS Caremark. In 2018, CVS combined forces with healthca

• Lead the design, implementation, and governance of enterprise application security programs, secure development standards, and software supply chain security practices. • Establish security requirements, security definitions of done, launch readiness criteria, and automated controls that enable secure software delivery across cloud-native, hybrid, and legacy environments. • Drive adoption of secure coding practices and developer-focused security capabilities across enterprise engineering organizations. • Oversee the end-to-end vulnerability management lifecycle, including identification, prioritization, remediation, exception management, validation, and reporting. • Establish operational metrics, service level objectives, governance processes, and executive reporting mechanisms that drive accountability and measurable risk reduction. • Lead enterprise response efforts for critical and zero-day vulnerabilities, including risk assessment, stakeholder communication, remediation coordination, and executive reporting. • Drive adoption of modern security technologies and DevSecOps capabilities, including SAST, SCA, container security, secrets management, software bill of materials (SBOM), and software supply chain security solutions. • Lead automation of security controls within CI/CD pipelines to improve operational efficiency, strengthen risk mitigation, and accelerate secure software delivery. • Evaluate, implement, and optimize application security, cloud security, and software supply chain security technologies across on-premises, cloud, and hybrid environments. • Assess and adopt emerging technologies, including AI-powered security and developer productivity solutions, that improve security outcomes and operational effectiveness. • Lead and develop a high-performing team of security professionals while fostering a culture of technical excellence, accountability, innovation, and continuous improvement. • Build and scale security programs that drive developer adoption, self-service security capabilities, and DevSecOps maturity across enterprise engineering teams.

Connecticut + 4 moreAll locations: Connecticut | New York | Massachusetts | Rhode Island | Texas
$118.5K - $260.6K / year
Cresta logo

Application Support Engineer

Cresta

Real-Time Intelligence for Contact Centers

Full TimeRemoteTeam 51-200H1B Sponsor

Role Description We are seeking a highly motivated and technically proficient Application Support Engineer to join our growing Customer Success team. This role is ideal for individuals who enjoy solving complex technical challenges, assisting customers, and serving as a crucial link between our customers and product development. You will be instrumental in ensuring a smooth and successful customer experience by transforming complex issues into clear, actionable solutions. What You'll Do: - Technical Issue Resolution: Investigate, diagnose, and resolve intricate technical issues related to API integrations, databases, servers, microservice performance, web hosting, telephony and network technologies, and containerized applications. - Customer Advocacy: Serve as the primary technical point of contact for customer inquiries, providing clear, concise, and empathetic communication via email and our support portal. - Collaboration & Escalation: Partner closely with Engineering, Product, and Sales teams to escalate bugs, feature requests, and critical incidents, ensuring timely resolution and feedback. - Knowledge Management: Create and maintain comprehensive documentation, FAQs, and knowledge base articles to empower both customers and internal teams. - Issue Reproduction & Testing: Replicate customer environments and issues to identify root causes and verify solutions. - Product Expertise: Develop deep product knowledge, understanding architecture, functionality, and common use cases. - Process Improvement: Identify recurring issues and contribute to process enhancements that improve the customer support experience and product quality. - On-Call Support: Participate in a rotational on-call schedule for urgent issues outside regular business hours. Qualifications - 4+ years of experience in a technical support, helpdesk, or customer-facing engineering role. - Strong problem-solving and analytical skills, with the ability to deconstruct complex issues. - Excellent written and verbal communication skills, capable of translating technical details for both technical and non-technical audiences. - Proficiency in: - Web hosting technologies. - APIs (automation, collaboration, and data extraction/changes through HTTP methods). - Network architecture and components. - Server OS and hardware troubleshooting. - Application log analysis. - Telephony signaling protocols for VOIP (SIP/SIPrec, H.323) and media control protocols (RTP). - Experience with support ticketing systems (e.g., Zendesk, Linear, JIRA). - A customer-centric mindset with a genuine desire to deliver excellent service. - Ability to work independently and collaboratively in a fast-paced environment. Requirements - Bonus Points If You Have: - Experience managing or integrating SaaS applications or CCaaS platforms (e.g., Avaya, Five9, Genesys) and telephony infrastructure. - Experience with cloud-based hyperscaler solutions (e.g., AWS S3/RDS/EKS for file repositories and databases). - Familiarity with Kubernetes for containerized applications. - Basic scripting skills (e.g., Python, PowerShell, Bash) for automation or data analysis. - Experience with logging and monitoring tools (e.g., Datadog, Grafana, Groundcover). - Fluency in additional languages. - A degree in Computer Science, Engineering, or a related technical field. Benefits - Comprehensive medical, dental, and vision coverage with plans to fit you and your family. - Flexible PTO to take the time you need, when you need it. - Paid parental leave for all new parents welcoming a new child. - Retirement savings plan to help you plan for the future. - Remote work setup budget to help you create a productive home office. - Monthly wellness and communication stipend to keep you connected and balanced. - In-office meal program and commuter benefits provided for onsite employees. Compensation at Cresta Cresta’s approach to compensation is simple: recognize impact, reward excellence, and invest in our people. We offer competitive, location-based pay that reflects the market and what each individual brings to the table. Salary Range: $90,000–$105,000K base + Bonus + Offers Equity ***We are hiring for multiple levels for this role so base salary will be determined based on level of experience*** We have noticed a rise in recruiting impersonations across the industry, where scammers attempt to access candidates' personal and financial information through fake interviews and offers. All Cresta recruiting email communications will always come from the @cresta.ai domain. Any outreach claiming to be from Cresta via other sources should be ignored. If you are uncertain whether you have been contacted by an official Cresta employee, reach out to recruiting@cresta.ai.

United States
$90K - $105K / year
Figure logo

Application Security Engineer

Figure

Figure, powered by blockchain.

Full TimeRemoteTeam 501-1,000H1B Sponsor

• Build and scale our vulnerability management program • Embed secure coding practices into engineering workflows • Ensure security standards are met at every stage of the software development lifecycle

United States
$120K - $154.4K / year

Senior Java Engineer

SAIC

SAIC® is a premier mission integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, intelligence, and civilian markets includes secure high-end solutions in mission IT, enterprise IT, engineering services, and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives. We are approximately 23,000 strong; driven by mission, united by purpose, and inspired by opportunities. SAIC is an Equal Opportunity Employer. Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.3 billion. For more information, visit saic.com . For ongoing news, please visit our newsroom .

Role Description SAIC is seeking an experienced Senior Java Developer to join our Agile team supporting one of our prestigious government customers in Washington DC. The role involves designing, developing, and maintaining scalable Java applications in a DevSecOps-enabled AWS cloud environment. - Design, build, and migrate Java applications to AWS using services like ECS Fargate, EC2, S3, RDS, Lambda, API Gateway, etc. - Develop and maintain CI/CD pipelines, implement Terraform for infrastructure automation, and ensure compliance with security standards like FedRAMP and HIPAA. - Perform system optimization for scalability, performance, and cost-effectiveness. - Collaborate within Agile teams to analyze and implement user stories using modern development principles. - Troubleshoot and resolve performance, security, or scalability issues using tools like Splunk, CloudWatch, and CloudTrail. - Translate legacy systems to next-generation cloud-based solutions. Company Description SAIC® is a premier mission integrator focused on advancing the power of technology and innovation to serve and protect our world. Our robust portfolio of offerings across the defense, space, intelligence, and civilian markets includes secure high-end solutions in mission IT, enterprise IT, engineering services, and professional services. We integrate emerging technology, rapidly and securely, into mission critical operations that modernize and enable critical national imperatives. - We are approximately 23,000 strong; driven by mission, united by purpose, and inspired by opportunities. - SAIC is an Equal Opportunity Employer. - Headquartered in Reston, Virginia, SAIC has annual revenues of approximately $7.3 billion. - For more information, visit saic.com. - For ongoing news, please visit our newsroom.

United States