Headquartered in Southern California, Skechers has spent nearly 30 years helping men, women and kids everywhere look and feel good. Developing comfort technologies is at the foundation of all that we do—delivering stylish, innovative, and quality products at a reasonable price. From our diverse footwear offering to a growing range of apparel and accessories, Skechers is a complete lifestyle brand.

With international business representing over half of our total sales, we have product available in more than 170 countries and significant opportunities for continued expansion worldwide. We sell our collections direct to consumers through more than 4,000 Skechers stores around the globe and Skechers e-commerce sites, as well as through a network of third-party partners.

A MULTI-BILLION-DOLLAR GLOBAL LEADER IN THE FOOTWEAR INDUSTRY.

JOB PURPOSE-

The Sr. Manager, Application Security at Skechers is a key member of our global information security leadership team who will work as a subject matter expert, trusted partner, and ambassador to help protect Skechers critical customer facing and core business applications. We are looking for someone who can help lead our practice; who appreciates that securing applications requires an end to end approach that accounts for the full development, integration, and operations lifecycle.

Skechers’ digital technology strategy demands an individual who is well versed in modern application development and public cloud infrastructure and brings a broad understanding of secure development and information security best practices. The candidate who will find the most success and fulfillment brings a genuine passion for information security, a love for learning, a positive attitude, a desire to roll up their sleeves and dive into the deep end, and a belief that being excellent doesn’t mean you have to give up on having fun. 

ESSENTIAL JOB RESULTS-

• Lead the team and practice responsible for application and cloud security at Skechers
• Remain accountable for the selection and maintenance of tools and technology which :
  • Help protect production applications, e.g. bot mitigation, code injection prevention, WAF, etc.
  • Support application risk assessment, secure code training, code review, etc.
  • Enable cloud security posture management, workload protection, and security monitoring
• Collaborate with various groups in the global technology organization on the development of standards and best practice guidelines and procedures
• Participate in the development of application security training plans and provide input on security awareness and secure coding initiatives
• Proactively identify potential issues at various stages of the SDLC and provide input on issue avoidance
• Work with development, cloud engineering, and devops teams to provide remediation guidance and perform post-remediation validation
• Coordinate and manage periodic application audits and manual penetration tests
• Plan and oversee internal and external security assessments and red team exercises
• Stay up-to-date and informed on changing IT and information security trends
• Create, communicate, and continuously monitor and improve metrics and KPIs
• Manage vendor relationships for both technology and operations
• Collaborate effectively with diverse internal teams to help drive security maturity
• Contribute positively to the culture of information security across the org

ADDITIONAL RESPONSIBILITIES-

• Other duties as assigned.

SUPERVISORY RESPONSIBILITIES-

• Yes

JOB REQUIREMENTS-

• Thorough understanding of common application security vulnerabilities and how to detect and fix them, including OWASP Top 10 and SANS CWE 25
• Significant experience with application security testing including static and dynamic analysis techniques and web app pentesting
• Understanding of general enterprise network and system components and their roles
• Familiarity with web application firewalls (CloudFlare, F5, ModSecurity, etc.)
• Experience with programming and scripting languages such as Java, .NET, Python, Perl, PowerShell, Scala, etc.
• Familiarity with libraries and frameworks such as Akka, Angular, React, Netty, Node.js, Play Framework, etc.
• Strong knowledge of network and application protocols and their associated security implications (TCP/IP, HTTP, TLS, SSH, DNS, etc.)
• Ability to communicate issues effectively to both technical and non-technical audiences
• Excellent written and oral communication skills
• Strong work ethic with attention to detail
• Ability to excel in a fast paced and rapidly changing environment

EDUCATION AND EXPERIENCE-

• 5+ years of experience in an application development and/or information security role
• 5+ years of management experience
• Proven ability to mentor, grow, and develop a team
• Experience programming as part of an enterprise development team a plus
• GIAC, (ISC)2, or Offensive Security Certification a plus

ADDITIONAL QUALIFICATIONS-

To perform this job successfully, an individual must be able to perform each essential duty satisfactorily.  The skills, abilities and physical demands described are representative of those duties that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities, who are otherwise qualified for the job position, to perform the essential functions.

PHYSICAL DEMANDS-

While performing the duties of this job, the employee is regularly required to stand; use hands to finger, handle, or feel, and talk or hear.  The employee frequently is required to walk; sit, reach with hands and arms, and stoop, kneel. The employee is occasionally required to sit for long period of times.  

All your information will be kept confidential according to EEO guidelines.

The salary range for this position is $180,000 - $210,000.