Threat Level: green Handler on Duty: Jan Kopriva

SANS ISC: InfoSec Jobs - SANS Internet Storm Center InfoSec Jobs

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Application Security Engineer
Company Skechers
Location Manhattan Beach, CA or Remote
Preferred GIAC Certifications GWAPT, GWEB, GCSA, GCPN
Travel 1%
Salary Not provided
Contact Name Brett Cumming
Contact Email brettc/at/
Expires 2022-07-28

Job Description

The Application Security Engineer at Skechers is a key member of our global information security team who will work as a subject matter expert, trusted partner, and ambassador to help protect Skechers critical customer facing and core business applications. We are looking for someone who can aid in leading our security posture; who understands that secure applications start with the code, but securing applications requires an end to end approach that accounts for the full development, integration, and operations lifecycle. They will be responsible for the mentorship of fellow contributors within the department, as well as leading projects on behalf of the Information Security Office.

Skechers’ increasingly digital, cloud first technology strategy demands an individual who is well versed in modern application development and public cloud infrastructure and brings a broad understanding of secure development and general information security best practices. The candidate who will find the most success and fulfillment brings a genuine interest and passion for information security, a love for learning, a positive attitude, a desire to roll up their sleeves and dive into the deep end, and a belief that being excellent doesn’t mean you have to give up on having fun.


Collaborate with various groups in the global technology organization in developing & implementing Application Security initiatives to ensure continuous alignment with security standards & requirements across all cloud environments.
Implement technical application security controls to effectively reduce the risk of vulnerabilities plaguing e-commerce applications, including payment fraud, account takeovers, bad bots, e-skimming and web-facing threats.
Perform threat modeling and design reviews to assess security implications and requirements for introduction of new technologies.
Work with Application, DevOps, & Cloud teams to provide remediation guidance and perform post-remediation validation.
Utilize agile methodology by making iterative progress toward achieving individual, team, and organizational objectives.
Monitor industry trends around application security to keep requirements and solutions in line with the threat landscape.
Perform regular security testing as well as code reviews for improving the software security.
Stay up to date and informed on changing IT and information security trends.
Create, communicate, and continuously monitor and improve metrics and KPIs.
Manage vendor relationships for both technology & operations.
Collaborate effectively with diverse internal teams to help drive security maturity.
Collaborate with the Information Security team to ensure successful completion of our roadmaps and initiatives.
Contribute positively to the culture of information security across the organization.


Significant experience with application security testing, including static and dynamic analysis techniques and web app pentesting.
Ability to understand business requirements and apply security without adversely affecting the desired functionality.
Deep experience providing security threat assessments, considerations, and technical guidance for cloud/application/network architecture.
Perform hands on security testing of products and services to proactively discover risks and supervise them to resolution.
Experience with IT and cybersecurity architecture across the systems development lifecycle in cloud security engineering, requirements development, implementation, and maintenance.
Familiarity with web application firewalls (CloudFlare, F5, ModSecurity, etc.)
Familiarity with libraries and frameworks such as Akka, Angular, React, Netty, Node.js, Play Framework, etc.
Ability to work both independently as well with development teams and multi-task effectively.
Ability to communicate issues effectively to both technical and non-technical audiences
Experience working with security vendors and developing recommendations based on evaluating products and analyzing functionality
Excellent written and oral communication skills
Excellent analytical skills, organizational skills, ingenuity, and ability to work as part of a team.
Experience with infrastructure and security operations, vulnerability management, and patch and configuration management.
Strong work ethic with attention to detail
Ability to excel in a fast paced and rapidly changing environment
Up to date with security attacks and latest security research

5+ years of application development and/or information security experience
Experience with attacker tactics, techniques, and procedures, and corresponding mitigation methods.
Experience with regulatory requirements, and aligning security standards, frameworks, and corporate policy with overall business and technology strategy.
Experience securing operating systems, networks, and low-level infrastructure.
Strong understanding of web application technology with specific understanding of how security risks manifest in those environments
In-depth technical and foundational knowledge of software engineering, computer systems, security engineering, authentication, and/or applied cryptography.
Some experience with Amazon Web Services, Serverless, API Gateway, WAF, or other cloud services
Strong knowledge of network and application protocols and their associated security implications (TCP/IP, HTTP, TLS, SSH, DNS, etc.)
Experience with programming & scripting languages such as Java, .NET, Python, Perl, PowerShell, Scala, Node.js, etc. a plus
GIAC Certification a plus