Headquartered in Southern California, Skechers has spent nearly 30 years helping men, women and kids everywhere look and feel good. Developing comfort technologies is at the foundation of all that we do—delivering stylish, innovative, and quality products at a reasonable price. From our diverse footwear offering to a growing range of apparel and accessories, Skechers is a complete lifestyle brand.

With international business representing over half of our total sales, we have product available in more than 170 countries and significant opportunities for continued expansion worldwide. We sell our collections direct to consumers through more than 4,000 Skechers stores around the globe and Skechers e-commerce sites, as well as through a network of third-party partners.

A MULTI-BILLION-DOLLAR GLOBAL LEADER IN THE FOOTWEAR INDUSTRY.

The Application Security Engineer at Skechers is a key member of our global information security team who will work as a subject matter expert, trusted partner, and ambassador to help protect Skechers critical customer facing and core business applications. We are looking for someone who can aid in leading our security posture; who understands that secure applications start with the code, but securing applications requires an end to end approach that accounts for the full development, integration, and operations lifecycle. They will be responsible for the mentorship of fellow contributors within the department, as well as leading projects on behalf of the Information Security Office.

Skechers’ increasingly digital, cloud first technology strategy demands an individual who is well versed in modern application development and public cloud infrastructure and brings a broad understanding of secure development and general information security best practices. The candidate who will find the most success and fulfillment brings a genuine interest and passion for information security, a love for learning, a positive attitude, a desire to roll up their sleeves and dive into the deep end, and a belief that being excellent doesn’t mean you have to give up on having fun. 

ESSENTIAL JOB RESULTS

• Collaborate with various groups in the global technology organization in developing & implementing Application Security initiatives to ensure continuous alignment with security standards & requirements across all cloud environments.
• Implement technical application security controls to effectively reduce the risk of vulnerabilities plaguing e-commerce applications, including payment fraud, account takeovers, bad bots, e-skimming and web-facing threats.
• Perform threat modeling and design reviews to assess security implications and requirements for introduction of new technologies.
• Work with Application, DevOps, & Cloud teams to provide remediation guidance and perform post-remediation validation.
• Utilize agile methodology by making iterative progress toward achieving individual, team, and organizational objectives.
• Monitor industry trends around application security to keep requirements and solutions in line with the threat landscape.
• Perform regular security testing as well as code reviews for improving the software security.
• Stay up to date and informed on changing IT and information security trends.
• Create, communicate, and continuously monitor and improve metrics and KPIs.
• Manage vendor relationships for both technology & operations.
• Collaborate effectively with diverse internal teams to help drive security maturity.
• Collaborate with the Information Security team to ensure successful completion of our roadmaps and initiatives.
• Contribute positively to the culture of information security across the organization.

SUPERVISORY RESPONSIBILITIES

• No.

JOB REQUIREMENTS-

• Significant experience with application security testing, including static and dynamic analysis techniques and web app pentesting.
• Ability to understand business requirements and apply security without adversely affecting the desired functionality.
• Deep experience providing security threat assessments, considerations, and technical guidance for cloud/application/network architecture.
• Perform hands on security testing of products and services to proactively discover risks and supervise them to resolution.
• Experience with IT and cybersecurity architecture across the systems development lifecycle in cloud security engineering, requirements development, implementation, and maintenance.
• Familiarity with web application firewalls (CloudFlare, F5, ModSecurity, etc.)
• Familiarity with libraries and frameworks such as Akka, Angular, React, Netty, Node.js, Play Framework, etc.
• Ability to work both independently as well with development teams and multi-task effectively.
• Ability to communicate issues effectively to both technical and non-technical audiences
• Experience working with security vendors and developing recommendations based on evaluating products and analyzing functionality
• Excellent written and oral communication skills
• Excellent analytical skills, organizational skills, ingenuity, and ability to work as part of a team.
• Experience with infrastructure and security operations, vulnerability management, and patch and configuration management.
• Strong work ethic with attention to detail
• Ability to excel in a fast paced and rapidly changing environment
• Up to date with security attacks and latest security research

EDUCATION AND EXPERIENCE

• 5+ years of application development and/or information security experience
• Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods.
• Experience with regulatory requirements, and aligning security standards, frameworks, and corporate policy with overall business and technology strategy.
• Experience securing operating systems, networks, and low-level infrastructure.
• Strong understanding of web application technology with specific understanding of how security risks manifest in those environments
• In-depth technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography.
• Some experience with Amazon Web Services, Serverless, API Gateway, WAF, or other cloud services
• Strong knowledge of network and application protocols and their associated security implications (TCP/IP, HTTP, TLS, SSH, DNS, etc.)
• Experience with programming & scripting languages such as Java, .NET, Python, Perl, PowerShell, Scala, Node.js, etc. a plus
• GIAC, (ISC)2, or Offensive Security Certification a plus

QUALIFICATIONS

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  The skills, abilities and physical demands described are representative of those duties that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities, who are otherwise qualified for the job position, to perform the essential functions.

PHYSICAL DEMANDS

While performing the duties of this job, the employee is regularly required to stand; use hands to finger, handle, or feel, and talk or hear.  The employee frequently is required to walk; sit, reach with hands and arms, and stoop, kneel. The employee is occasionally required to sit for long period of times.  

All your information will be kept confidential according to EEO guidelines.