Senior Application Security Engineer

Callaway Golf Company is a leader in total performance, premium golf equipment and active lifestyle products while also being a great place to work! We are passionate and push the limits of innovation. We dare to be great while acting with integrity and respect. We stay hungry, yet humble. All while having fun and making golf enjoyable for everyone!Our company is a blend of experience and diverse backgrounds, and our leaders have a strong history of building and selling successful initiatives. We are working to build a truly groundbreaking company, and we want top-notch people to join us in that mission.

• Perform technical analysis of security logs to identify potential security threats before and after they occur and establish baseline security models
• Perform regular vulnerability testing of systems, databases, and applications.
• Work with IT Infrastructure team to ensure that new devices are properly monitored, registered and reporting to NOC/SOC.
• Ability to monitor configuration, deployment, and integration of security technologies associated with web applications. This includes web application firewalls, dynamic and static analysis applications and services, and occasional code review.
• Maintain Infosec procedures and report on deployed devices according to the standard build
• Assist in monitoring the configuration, deployment, and integration of enterprise network technologies such as access control, routers, switches, load balancers, firewall, logging, and WIFI. Similar responsibilities for monitoring security tools such as IPS, SIEM, packet analysis, and WAF.
• Maintain adequate compliance documentation presentable for external and internal audits

• Must demonstrate strong communication skills by conveying necessary information accurately, listening effectively and asking questions where clarification is needed.Strong analytical skills required, including a thorough understanding of how to interpret security needs and translate them into application and operational requirements.
• Willing to adapt and learn to build high quality behavioral detection signatures at a steady pace
• Analyzes problems involving multiple interrelated causes. Where necessary, gathers information and applies complex concepts or methods to generate an effective solution.
• Ability to establish and maintain effective work relationships with all levels of personnel both internally and externally for the purposes of analyzing and following up on security incidents; e.g. leadership, executives, clients, vendors, and agencies.
• Strong verbal and written communications skills
• Must be able to maintain confidentiality.
• Must be able to demonstrate and promote a positive team -oriented environment.
• Must be able to stay focused and concentrate under normal or heavy distractions.
• Must be able to work well under pressure or stressful conditions and meet required project deadlines.
• Must possess the ability to manage conflict and/or direct change, delays, or unexpected events appropriately.
• Must be available to work outside of normal working hours or on-call within rotation or as needed.
• Demonstrates reliability.
• In-depth knowledge and expertise in one or more security disciplines with emphasis on Vulnerability Management and Threat Monitoring.
• Experience and strong understanding of web application security including eCommerce.
• Experience in the apparel and retail industry is a plus.
• Knowledge of Firewalls, IP tables, Syslog, Windows Event Logs, IDS/IPS, Web Security, Endpoint Protection, Forensic Investigation, etc.
• Familiar with DevOps processes and programming languages (Java, HTML, etc.).
• Expert knowledge of Security Information & Event Management systems (SIEMs) such as SecureWorks, ArcSight, or Splunk.

• Bachelor’s degree in Computer Science or equivalent work experience.
• Minimum of 5 years of IT security experience. InfoSec experience across a combination of Antivirus, IDS/IPS, Firewall, SIEM, FIM, Database monitoring technologies.
• Information security experience in a software development environment.
• Previous experience working in a highly regulated industry that collects consumer data, including personally identifiable information (PII).
• Experience developing security policies for cloud-based infrastructure (i.e. Azure, AWS, etc).
• Experience with Incident Response (IR), forensic, and “hunting” for security events.
• Security certifications, such as Certified Ethical Hacker (CEH), AWS Certified Solutions, OSCP, CompTIA Security+, would be a plus.
• CSSP, CCSP, CISSP, or similar certification recommended.