WHO YOU’LL WORK WITH

You’ll be a key member of the Secure Code team within the Application Security Consulting group, collaborating with Corporate Information Security and cross-functional teams across Nike. In this position, you will report directly to the Director of Information Security Engineering Consulting, ITC, and receive strategic guidance from the Secure Code leadership team based in the United States. Your responsibilities will include close collaboration with engineering, data, and product teams to integrate secure development practices, deliver meaningful security metrics, and effectively coordinate across the USA (PST, EST) and EMEA time zones.

WHO WE ARE LOOKING FOR

We’re looking for a Senior Application Security Engineer/Analyst with deep technical expertise in application security testing, data engineering, and metrics-driven security insights. You should be comfortable navigating ambiguity, learning on the fly, and leveraging emerging technologies—including GenAI services—to accelerate and automate security data pipelines.

The candidate needs to have strong Information Security knowledge, extremely strong written and verbal communication skills and a demonstrated ability to communicate across all areas and levels of the business. They should also be able to comprehend complex business initiatives, leveraging excellent analytical and problem-solving skills. We are seeking a motivated self-starter who is has a track record of taking ownership of information security challenges and driving them to resolution.

• Bachelor’s degree in Computer Science, Information Security, or Business Information Management, or equivalent work experience.

• 5+ years of progressive experience in information security, application security engineering, or cybersecurity consulting.

• Deep expertise in Application Security Testing (AST) tools, prefrebly including SAST, DAST, SCA, SBOM analysis, and Mobile AST.

• Strong experience integrating security into CI/CD pipelines using tools like GitHub Actions and Jenkins.

• Proficiency in Python scripting, API development, and working with structured, semi-structured, and unstructured data.

• Hands-on experience with SQL, NoSQL, and platforms such as MongoDB and Databricks; solid understanding of ETL fundamentals and API-based data ingestion.

• Familiarity with cloud-native and serverless architectures, including event-driven patterns and AWS services such as EKS, ECS, Lambda, Bedrock, DocumentDB, DynamoDB, and RDS.

• Knowledge of threat modeling and secure design review methodologies.

• Demonstrated ability to communicate effectively across technical and executive audiences, adjusting style and approach as needed.

• Strong analytical and problem-solving skills with a track record of resolving complex challenges.

• Ability to lead cross-functional collaboration, build stakeholder relationships, and drive consensus in a global, matrixed environment.

• Familiarity with security standards, regulatory frameworks, and cloud security best practices.

• Adaptability to evolving threats and technologies in a fast-paced cybersecurity landscape.

• Security certifications such as CISSP, CSSLP, CCSP, CISM, or CRISC are preferred but not required.

WHAT YOU’LL WORK ON

If this is you, you’ll be working with the Application Security Consulting Secure Code team to perform these key tasks:

• Design and implement cybersecurity metrics (KPIs/KRIs) to measure control effectiveness and program reach.

• Build centralized reporting capabilities and integrate metrics into dashboards using Tableau, PowerBI, and Databricks.

• Analyze large, complex datasets to identify trends, anomalies, and actionable insights.

• Collaborate with global engineering and DevOps teams to integrate security tooling into CI/CD pipelines.

• Prepare executive-level reports and committee summaries on security posture and risk trends.

• Maintain documentation and process repositories to support compliance and continuous improvement.

• Stay current with industry trends, regulatory requirements, and best practices in application security metrics and reporting.