Threat Level: green Handler on Duty: Jim Clausing

SANS ISC: InfoSec Jobs InfoSec Jobs

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Application Security Engineer
Company Skechers
Location Manhattan Beach, CA
Preferred GIAC Certifications GWAPT, GCSA, GWEB
Travel 0%
Salary Not provided
Contact Name Brett Cumming
Contact Email brettc/at/
Expires 2021-04-06

Job Description

The Application Security Engineer at Skechers is a key member of our global information security team who will work as a subject matter expert, trusted partner, and ambassador to help protect Skechers critical customer facing and core business applications. We are looking for someone who can help lead our practice; who understands that secure applications start with the code, but securing applications requires an end to end approach that accounts for the full development, integration, and operations lifecycle.

Skechers’ increasingly digital, cloud first technology strategy demands an individual who is well versed in modern application development and public cloud infrastructure and brings a broad understanding of secure development and general information security best practices. The candidate who will find the most success and fulfillment brings a genuine interest and passion for information security, a love for learning, a positive attitude, a desire to roll up their sleeves and dive into the deep end, and a belief that being excellent doesn’t mean you have to give up on having fun.


Collaborate with various groups in the global technology organization on the development of standards and best practice guidelines and procedures
Participate in the development of application security training plans and provide input on security awareness and secure coding initiatives
Operate and maintain tools and technology to help protect production applications such as bot mitigation, code injection prevention, WAF, etc.
Operate and maintain tools and technology as required in support of application assessment, secure code training, code review, etc.
Proactively identify potential issues at various stages of the SDLC and provide input on issue avoidance
Leverage static and dynamic methodologies to help identify software vulnerabilities
Work with application and devops teams to provide remediation guidance and perform post-remediation validation
Perform periodic application audits and manual penetration tests
Plan and execute internal and external security assessments and red team exercises
Stay up to date and informed on changing IT and information security trends
Create, communicate, and continuously monitor and improve metrics and KPIs
Manage vendor relationships for both technology and operations
Collaborate effectively with diverse internal teams to help drive security maturity
Contribute positively to the culture of information security across the org

Job Requirements

Thorough understanding of common application security vulnerabilities and how to detect and fix them, including OWASP Top 10 and SANS CWE 25
Significant experience with application security testing including static and dynamic analysis techniques and web app pentesting
Understanding of general enterprise network and system components and their roles
Familiarity with web application firewalls (CloudFlare, F5, ModSecurity, etc.)
Experience with programming and scripting languages such as Java, .NET, Python, Perl, PowerShell, Scala, etc
Familiarity with libraries and frameworks such as Akka, Angular, React, Netty, Node.js, Play Framework, etc.
Strong knowledge of network and application protocols and their associated security implications (TCP/IP, HTTP, TLS, SSH, DNS, etc.)
Ability to communicate issues effectively to both technical and non-technical audiences
Excellent written and oral communication skills
Strong work ethic with attention to detail
Ability to excel in a fast paced and rapidly changing environment


5+ years of experience in an application development and/or information security role
Experience programming as part of an enterprise development team a plus
GIAC Certification a plus, ex. GWAPT, GCSA, GWEB