Product Security Engineer

Job Category: Technology and IT
Job Type: Remote
Job Location: United States
Salary: $85K/yr - $173.8K/yr
Company Name: iHerb

Overview
iHerb is seeking a proactive Product Security Engineer to strengthen our Secure Development Lifecycle (SDL) and drive security hardening across our products. In this role, you will partner with global development teams, define new security capabilities, and lead company-wide security initiatives. You will help identify and mitigate emerging threats, implement security automation, and ensure iHerb maintains a robust security posture.

Key Responsibilities

Secure Development Lifecycle (SDL)

  • Lead security design reviews and threat modeling for new and existing services.

  • Drive cross-functional projects and establish cutting-edge SDL practices.

  • Implement and maintain security-focused tools and services (DAST, SAST, SCA).

Security Architecture & Hardening

  • Develop secure architecture standards, frameworks, and patterns across multiple layers.

  • Evaluate emerging threats and proactively implement centralized mitigations.

  • Contribute to security assessments, penetration tests, and bug bounty programs.

Collaboration & Mentorship

  • Partner with development teams globally to define new security capabilities.

  • Lead awareness campaigns, train security champions, and promote secure coding practices.

  • Participate in security incident response and mitigation efforts.

Continuous Improvement

  • Maintain current knowledge of security threats, vulnerabilities, and operational best practices.

  • Prototype, implement, and operate innovative security tools and automation technologies.

  • Drive initiatives forward in a fast-paced, dynamic environment with a bias toward action.

Required Qualifications

  • 3+ years of technical security experience at top-tier software companies.

  • Strong understanding of application and infrastructure security vulnerabilities and mitigations (OWASP Top 10, CWE).

  • Proficiency with SDL processes, security automation, and DevOps integration.

  • Experience with large-scale web applications, microservices, APIs, authentication, authorization, encryption, and data protection.

  • Knowledge of major programming languages (Python, C# .NET, JavaScript, Node.js, Java).

  • Excellent problem-solving, critical thinking, collaboration, and communication skills.

  • Active contributor to the security community (research, open source, publications).

Education

  • Bachelor’s degree in Computer Science, Engineering, or equivalent experience.

  • Ability to translate technical vulnerabilities into organizational risks.

Work Environment & Physical Requirements

  • Office/warehouse environment with moderate noise.

  • Ability to sit, walk, climb stairs, use hands/fingers, bend, stoop, reach, and occasionally lift up to 25 lbs.

  • Hectic, fast-paced environment requiring extended hours as needed.

Compensation & Benefits

  • Pay Range: $84,957—$173,775 USD (dependent on location and experience).

  • Comprehensive benefits including medical, dental, vision, life insurance, 401(k), PTO, paid sick leave, and holidays.

  • Potential eligibility for Restricted Stock Units and annual bonuses.

About iHerb
iHerb is the world’s largest eCommerce platform for health and wellness products, delivering over 50,000 products from 1,800+ brands to 180+ countries. Our mission is to make health and wellness accessible to all while maintaining a culture built on customer focus, empowerment, entrepreneurship, diversity, and simplicity.

APPLY

Apply for this position

Allowed Type(s): .pdf, .doc, .docx