Job Description
The Application Security Engineer at Skechers is a key member of our global information security team who will work as a subject matter expert, trusted partner, and ambassador to help protect Skechers critical customer-facing and core business applications. We are looking for someone who will work hands-on with developer, engineering, and operations teams to help with end-to-end security across the software development and operations lifecycle.
Skechers’ digital technology strategy demands an individual who is well-versed in modern application development and public cloud infrastructure and brings a broad understanding of secure development and information security best practices. The candidate who will find the most success and fulfillment brings a genuine interest and passion for information security, a love for learning, a positive attitude, a desire to roll up their sleeves and dive into the deep end, and a belief that being excellent doesn’t mean you have to give up on having fun.
ESSENTIAL JOB RESULTS-
- Collaborate with various groups in the global technology organization in developing & implementing application security initiatives.
- Implement technical security controls to effectively reduce the risk of vulnerabilities in enterprise and e-commerce applications.
- Perform threat modeling and design reviews to assess security implications and requirements for introduction of new technologies.
- Work with Application, DevOps, & Cloud teams to provide remediation guidance and perform post-remediation validation.
- Perform manual code reviews for third party tools and client side scripts (e.g. pixels).
- Utilize agile methodology by making iterative progress toward achieving individual, team, and organizational objectives.
- Monitor industry trends around application security to keep requirements and solutions in line with the threat landscape.
- Perform regular security testing as well as code reviews for improving the software security.
- Stay up to date and informed on changing IT and information security trends.
- Create, communicate, and continuously monitor and improve metrics and KPIs.
- Manage vendor relationships for both technology & operations.
- Collaborate effectively with diverse internal teams to help drive security maturity.
- Collaborate with the Information Security team to ensure successful completion of our roadmaps and initiatives.
- Contribute positively to the culture of information security across the organization.
SUPERVISORY RESPONSIBILITIES
Qualifications
JOB REQUIREMENTS-
- Significant experience with application security testing, including static and dynamic analysis techniques and web app pentesting concepts.
- Ability to understand business requirements and apply security controls without adversely affecting desired functionality.
- Deep experience providing security threat assessments and technical guidance for application and runtime architecture.
- Perform hands on security testing of products and services to proactively discover risks and supervise them to resolution.
- Experience with IT and cybersecurity architecture across the systems development lifecycle in cloud security engineering, requirements development, implementation, and maintenance.
- Familiarity with web application firewalls (CloudFlare, F5, ModSecurity, etc.)
- Familiarity with libraries and frameworks such as Akka, Angular, React, Netty, Node.js, Play Framework, etc.
- Ability to work both independently as well with development teams and multi-task effectively.
- Ability to communicate issues effectively to both technical and non-technical audiences
- Experience working with security vendors and developing recommendations based on evaluating products and analyzing functionality
- Excellent written and oral communication skills
- Excellent analytical skills, organizational skills, ingenuity, and ability to work as part of a team.
- Experience with infrastructure and security operations, vulnerability management, and patch and configuration management.
- Strong work ethic with attention to detail
- Ability to excel in a fast paced and rapidly changing environment
- Up to date with security attacks and latest security research
EDUCATION AND EXPERIENCE-
- 5+ years of application development and/or information security experience
- Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods.
- Experience with regulatory requirements, and aligning security standards, frameworks, and corporate policy with overall business and technology strategy.
- Strong understanding of web application technology with specific understanding of how security risks manifest in those environments
- In-depth technical knowledge of software engineering, computer systems, security engineering, and authentication for humans and machines
- Experience with AWS, Lambda, API Gateway, WAF, and other cloud IaaS services
- Strong knowledge of network and application protocols and their associated security implications (TCP/IP, HTTP, TLS, SSH, DNS, etc.)
- Experience with programming & scripting languages such as Java, .NET, Python, Perl, PowerShell, Scala, Node.js, etc. a plus
- GIAC, (ISC)2, OffSec, or similar certifications a plus
See more jobs at Skechers
Apply for this job