Full Job Description
Company Description
Join the thousands of innovators, advocates and forces who are making an impact every day at one of the biggest footwear brands in the world. Whether you love to connect with consumers on the retail floor or want to drive our award-winning powerhouse in new directions, the SKECHERS team is the place to be. Learn more about our brand at skx.com.
Job Description
The Application Security Engineer at Skechers is a key member of our global information security team who will work as a subject matter expert, trusted partner, and ambassador to help protect Skechers critical customer facing and core business applications. We are looking for someone who can help lead our practice; who understands that secure applications start with the code, but securing applications requires an end to end approach that accounts for the full development, integration, and operations lifecycle.
Skechers’ increasingly digital, cloud first technology strategy demands an individual who is well versed in modern application development and public cloud infrastructure and brings a broad understanding of secure development and general information security best practices. The candidate who will find the most success and fulfillment brings a genuine interest and passion for information security, a love for learning, a positive attitude, a desire to roll up their sleeves and dive into the deep end, and a belief that being excellent doesn’t mean you have to give up on having fun.
Responsibilities
Collaborate with various groups in the global technology organization on the development of standards and best practice guidelines and procedures
Participate in the development of application security training plans and provide input on security awareness and secure coding initiatives
Operate and maintain tools and technology to help protect production applications such as bot mitigation, code injection prevention, WAF, etc.
Operate and maintain tools and technology as required in support of application assessment, secure code training, code review, etc.
Proactively identify potential issues at various stages of the SDLC and provide input on issue avoidance
Leverage static and dynamic methodologies to help identify software vulnerabilities
Work with application and devops teams to provide remediation guidance and perform post-remediation validation
Perform periodic application audits and manual penetration tests
Plan and execute internal and external security assessments and red team exercises
Stay up to date and informed on changing IT and information security trends
Create, communicate, and continuously monitor and improve metrics and KPIs
Manage vendor relationships for both technology and operations
Collaborate effectively with diverse internal teams to help drive security maturity
Contribute positively to the culture of information security across the org
Job Requirements
Thorough understanding of common application security vulnerabilities and how to detect and fix them, including OWASP Top 10 and SANS CWE 25
Significant experience with application security testing including static and dynamic analysis techniques and web app pentesting
Understanding of general enterprise network and system components and their roles
Familiarity with web application firewalls (CloudFlare, F5, ModSecurity, etc.)
Experience with programming and scripting languages such as Java, .NET, Python, Perl, PowerShell, Scala, etc
Familiarity with libraries and frameworks such as Akka, Angular, React, Netty, Node.js, Play Framework, etc.
Strong knowledge of network and application protocols and their associated security implications (TCP/IP, HTTP, TLS, SSH, DNS, etc.)
Ability to communicate issues effectively to both technical and non-technical audiences
Excellent written and oral communication skills
Strong work ethic with attention to detail
Ability to excel in a fast paced and rapidly changing environment
Qualifications
5+ years of experience in an application development and/or information security role
Experience programming as part of an enterprise development team a plus
GIAC, (ISC)2, or Offensive Security Certification a plus
Additional Information
All your information will be kept confidential according to EEO guidelines.
While performing the duties of this job, the employee is regularly required to stand; use hands to finger, handle, or feel, and talk or hear. The employee frequently is required to walk; sit, reach with hands and arms, and stoop, kneel. The employee is occasionally required to sit for long period of times.
