Software Engineer - Application Security
- 225 S Sepulveda Blvd, Manhattan Beach, CA 90266, USA
- Employment Status: Regular
Join the thousands of innovators, advocates and forces who are making an impact every day at one of the biggest footwear brands in the world. Whether you love to connect with consumers on the retail floor or want to drive our award-winning powerhouse in new directions, the SKECHERS team is the place to be. Learn more about our brand at skx.com.
Working as part of the Information Security Office at Skechers, the Application Security Engineer will be a critical contributor to the secure software development lifecycle and will be responsible for managing the technology and processes which ensure secure design, build, and operation of Skechers application portfolio.
• Leverage static and dynamic methodologies to identify software vulnerabilities.
• Work with application, development, and devops teams to provide remediation guidance and perform post-remediation validation.
• Proactively identify potential issues at various stages of the SDLC and provide input on issue avoidance.
• Perform periodic application audits and manual penetration tests.
• Work with third parties to manage penetration tests and assessments.
• Collaborate with various groups in the global technology organization on the development of standards and best practice guidelines and procedures.
• Participate in the development of application security training plans and provide input on security awareness and secure coding initiatives.
• Participate in periodic security and compliance audits and provide/produce documentation and supporting evidence as necessary.
• Operate and maintain tools and technology as required in support of application assessment, secure code training, code review, etc.
• Maintain accurate and up to date documentation on vulnerabilities and remediation.
• Provide regular reporting to development teams and management on ongoing efforts.
• Interface with global IT and business partners to provide guidance and support.
• Stay up to date and informed on changing IT and information security trends.
• Other duties as assigned.
• Thorough understanding of common application security vulnerabilities and how to detect and fix them, including OWASP Top 10 and SANS CWE 25
• Significant experience with application security testing including static and dynamic analysis techniques and web app pentesting
• Familiarity with web application firewalls (CloudFlare, F5, ModSecurity, etc.)
• Experience with multiple programming and scripting languages such as Java, .NET, Python, Perl, Powershell, Scala, etc.
• Familiarity with multiple libraries and frameworks such as Akka, Angular, React, Netty, Node.js, Play Framework, etc.
• Strong knowledge of network and application protocols and their associated security implications (TCP/IP, HTTP, TLS, SSH, DNS, etc.)
• Ability to communicate issues effectively to both technical and non-technical audiences
• Excellent written and oral communication skills
• Strong work ethic with attention to detail
• Ability to excel in a fast paced and rapidly changing environment
EDUCATION AND EXPERIENCE
• Bachelor’s degree in related field or equivalent work experience
• 5+ years of experience in an application development or application security role
• 3+ years of experience in a dedicated appsec or app pentesting role
• GIAC or (ISC)2 Certification a plus
• Experience programming as part of an enterprise development team a plus
• Familiarity with SalesForce Commerce Cloud/Cloud Craze a plus
While performing the duties of this job, the employee is regularly required to stand; use hands to finger, handle, or feel, and talk or hear. The employee frequently is required to walk, sit, reach with hands and arms, stoop, and kneel. The employee is occasionally required to sit for long period of times.
All your information will be kept confidential according to EEO guidelines.