Company DescriptionJoin the thousands of innovators, advocates and forces who are making an impact every day at one of the biggest footwear brands in the world. Whether you love to connect with consumers on the retail floor or want to drive our award-winning powerhouse in new directions, the SKECHERS team is the place to be. Learn more about our brand at skx.com.Job DescriptionThe Application Security Engineer at Skechers is a key member of our global information security team who will work as a subject matter expert, trusted partner, and ambassador to help protect Skechers critical customer-facing and core business applications. We are looking for someone who will work hands-on with developer, engineering, and operations teams to help with end-to-end security across the software development and operations lifecycle.Skechers’ digital technology strategy demands an individual who is well-versed in modern application development and public cloud infrastructure and brings a broad understanding of secure development and information security best practices. The candidate who will find the most success and fulfillment brings a genuine interest and passion for information security, a love for learning, a positive attitude, a desire to roll up their sleeves and dive into the deep end, and a belief that being excellent doesn’t mean you have to give up on having fun.ESSENTIAL JOB RESULTS-Collaborate with various groups in the global technology organization in developing & implementing application security initiatives.Implement technical security controls to effectively reduce the risk of vulnerabilities in enterprise and e-commerce applications.Perform threat modeling and design reviews to assess security implications and requirements for introduction of new technologies.Work with Application, DevOps, & Cloud teams to provide remediation guidance and perform post-remediation validation.Perform manual code reviews for third party tools and client side scripts (e.g. pixels).Utilize agile methodology by making iterative progress toward achieving individual, team, and organizational objectives.Monitor industry trends around application security to keep requirements and solutions in line with the threat landscape.Perform regular security testing as well as code reviews for improving the software security.Stay up to date and informed on changing IT and information security trends.Create, communicate, and continuously monitor and improve metrics and KPIs.Manage vendor relationships for both technology & operations.Collaborate effectively with diverse internal teams to help drive security maturity.Collaborate with the Information Security team to ensure successful completion of our roadmaps and initiatives.Contribute positively to the culture of information security across the organization.SUPERVISORY RESPONSIBILITIESNO.QualificationsJOB REQUIREMENTS- Significant experience with application security testing, including static and dynamic analysis techniques and web app pentesting concepts.Ability to understand business requirements and apply security controls without adversely affecting desired functionality.Deep experience providing security threat assessments and technical guidance for application and runtime architecture.Perform hands on security testing of products and services to proactively discover risks and supervise them to resolution.Experience with IT and cybersecurity architecture across the systems development lifecycle in cloud security engineering, requirements development, implementation, and maintenance.Familiarity with web application firewalls (CloudFlare, F5, ModSecurity, etc.)Familiarity with libraries and frameworks such as Akka, Angular, React, Netty, Node.js, Play Framework, etc.Ability to work both independently as well with development teams and multi-task effectively.Ability to communicate issues effectively to both technical and non-technical audiencesExperience working with security vendors and developing recommendations based on evaluating products and analyzing functionalityExcellent written and oral communication skillsExcellent analytical skills, organizational skills, ingenuity, and ability to work as part of a team.Experience with infrastructure and security operations, vulnerability management, and patch and configuration management.Strong work ethic with attention to detailAbility to excel in a fast paced and rapidly changing environmentUp to date with security attacks and latest security researchEDUCATION AND EXPERIENCE-5 years of application development and/or information security experienceExperience with attacker tactics, techniques, and procedures, and corresponding mitigation methods.Experience with regulatory requirements, and aligning security standards, frameworks, and corporate policy with overall business and technology strategy.Strong understanding of web application technology with specific understanding of how security risks manifest in those environmentsIn-depth technical knowledge of software engineering, computer systems, security engineering, and authentication for humans and machinesExperience with AWS, Lambda, API Gateway, WAF, and other cloud IaaS servicesStrong knowledge of network and application protocols and their associated security implications (TCP/IP, HTTP, TLS, SSH, DNS, etc.)Experience with programming & scripting languages such as Java, .NET, Python, Perl, PowerShell, Scala, Node.js, etc. a plusGIAC, (ISC)2, OffSec, or similar certifications a plusAdditional InformationAll your information will be kept confidential according to EEO guidelines.To perform this job successfully, an individual must be able to perform each essential duty satisfactorily. The skills, abilities and physical demands described are representative of those duties that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodation may be made to enable individuals with disabilities, who are otherwise qualified for the job position, to perform the essential functions.Pay range for this position is $160,000 - $180,000 per year.SummaryType: Full-timeFunction: Information TechnologyExperience level: Mid-Senior LevelIndustry: Retail