Application Security Engineer


iHerb is a multi-channel retailer of vitamins, nutrition, supplements and natural products. With over 30,000 products on our website and distribution to over 150 countries we are disrupting the E-Commerce industry with our low costs and quick delivery.

Located in the business capital of Orange County, iHerb-Technology is less than 15 minutes from the beautiful California coast.  We are a thriving company, only looking for the best talent.  We are looking for dedicated employees to help expand our business.


Ready for a challenge!  iHerb is looking to add an Application Security Engineer to our IT Operations Team. As an Application Security Engineer, you will be a key liaison between the software development teams and the security team - making sure the developers stay on top of their game for creating secure code, reviewing and testing code and builds from a security perspective, and following up on findings. In this fast-paced environment with multiple teams, you won't be chained to your desk, but have the opportunity to interact with people working on all aspects of our business.


  • An understanding of PCI Compliance and EU GDPR Requirements
  • Familiarity with SQL Server Administration and Queries
  • Knowledge of common scripting and application development languages (e.g. PowerShell, C#, Python, T-SQL etc.)  and/or the ability to learn as required
  • The ability to provide support for strategic business process/reengineering consulting as appropriate and work on multiple technically complex high profile projects
  • An understanding of key IT operational policies, processes and methodologies applicable to governance, risk management and compliance
  • A general understanding of security fundamentals and general security technologies, including operating systems, network security (firewalls, VPNs, etc.), security event management, business continuity, physical security, identity management, directory services, etc. 
  • Deep knowledge of OWASP Top 10 (2013 and/or 2017 Version) vulnerability detection and mitigation
  • Familiarity with security of LANs, WANs, Firewalls, VPN, MPLS and related Network Applications
  • Knowledge of Active Directory, DDNS, Group Policy, Microsoft Windows Server and Desktop operating systems
  • Knowledge of Linux based Operating Systems, Logging and Troubleshooting
  • A strong work ethic, including consistent documentation
  • The ability and a strong desire to work in fast paced, rapidly changing environment 
  • Experience with application and network security
  • Experience with various tooling in the Application Security space
  • Experience identifying, assessing, and remediating technical security vulnerabilities
  • Knowledge of IT/Information Security Audit and assessment
  • Knowledge of PCI DSS and EU GDPR
  • Knowledge researching, analyzing and recommending information security solutions
  • Knowledge of/experience in Key Management Administration for encryption keys and secrets
  • A working knowledge of information security practices and concepts including intrusion detection/ prevention, access controls, risk analysis, vulnerability scanning, and data encryption
  • 3-5 years experience in information systems as a system administrator, application developer, or network administrator with at least two of those with direct information security duties
  • A Bachelor’s Degree in Information Technology, Information Security, Computer Science, or related field
  • An advanced industry certification, e.g. SANS GIAC (CEH - Certified Ethical Hacker or GXPN - Exploit Researcher and Advanced Penetration Tester, are preferred), Offensive Security Certified Professional (OSCP), CompTIA Security+, CISSP,...


  • Working in a fast paced environment 
  • Having an Agile mindset and being accountable for my role in the business
  • Producing quality work error free
  • Having the opportunity to collaborate with peers
  • Open and honest communication with the best interests of the business in mind
  • Teamwork


  • Full gym onsite (yoga classes & strength training offered bi-weekly)
  • Beach volleyball court(don’t worry about the sand, we have showers in our locker rooms) 
  • Arcade/Game room (feeling drained, check out one of our several gaming platforms)
  • Fresh Fruit & Snacks served daily
  • 401k matching at 4%
  • Cost effective benefits


  • Being able to use sound judgement and reasoning skills in order to resolve, identify or escalate issues
  • In environments that are essential to my job that  may require me to sit, stand, walk, reach and move about the facility
  • Successfully in an environment that has moderate noise 
  • In an office setting
  • Extended hours as required 


Want to apply later?

Type your email address below to receive a reminder

ErrorRequired field

Apply to Job

ErrorRequired field
ErrorRequired field
ErrorRequired field
ErrorRequired field
ErrorRequired field
ErrorRequired field
ErrorRequired field