Job Description

WHO YOU'LL WORK WITH

You'll be a key member of the

SecureCode

team within the

Application Security Consulting

group, collaborating with

Corporate Information Security

and cross-functional teams across Nike. In this position, you will report directly to the

Director of Information Security Engineering Consulting, ITC

, and receive strategic guidance from the SecureCode leadership team based in the United States. Your responsibilities will include close collaboration with engineering, data, and product teams to integrate secure development practices, deliver meaningful security metrics, and effectively coordinate across the USA (PST, EST) and EMEA time zones.

WHO WE ARE LOOKING FOR

We're looking for a

Senior Application Security Engineer/Analyst

with deep technical expertise in application security testing, data engineering, and metrics-driven security insights. You should be comfortable navigating ambiguity, learning on the fly, and leveraging emerging technologies--including

GenAI services

--to accelerate and automate security data pipelines.


The candidate needs to have strong Information Security knowledge, extremely strong written and verbal communication skills and a demonstrated ability to communicate across all areas and levels of the business. They should also be able to comprehend complex business initiatives, leveraging excellent analytical and problem-solving skills. We are seeking a

motivated self-starter

who is has a track record of taking ownership of information security challenges and driving them to resolution.

Bachelor's degree in

Computer Science

,

Information Security

, or

Business Information Management

, or equivalent work experience.

5+ years

of progressive experience in

information security

,

application security engineering

, or

cybersecurity consulting

. Deep expertise in

Application Security Testing (AST)

tools, prefrebly including

SAST

,

DAST

,

SCA

,

SBOM analysis

, and

Mobile AST

. Strong experience integrating security into

CI/CD pipelines

using tools like

GitHub Actions

and

Jenkins

. Proficiency in

Python scripting

,

API development

, and working with

structured, semi-structured, and unstructured data

. Hands-on experience with

SQL

,

NoSQL

, and platforms such as

MongoDB

and

Databricks

; solid understanding of

ETL fundamentals

and

API-based data ingestion

. Familiarity with

cloud-native

and

serverless architectures

, including

event-driven patterns

and

AWS services

such as

EKS

,

ECS

,

Lambda

,

Bedrock

,

DocumentDB

,

DynamoDB

, and

RDS

. Knowledge of

threat modeling

and

secure design review

methodologies. Demonstrated ability to communicate effectively across technical and executive audiences, adjusting style and approach as needed. Strong analytical and problem-solving skills with a track record of resolving complex challenges. Ability to lead cross-functional collaboration, build stakeholder relationships, and drive consensus in a global, matrixed environment. Familiarity with

security standards

,

regulatory frameworks

, and

cloud security best practices

. Adaptability to evolving threats and technologies in a fast-paced cybersecurity landscape. Security certifications such as

CISSP

,

CSSLP

,

CCSP

,

CISM

, or

CRISC

are preferred but not required.

WHAT YOU'LL WORK ON

If this is you, you'll be working with the Application Security Consulting SecureCode team to perform these key tasks:

Design and implement

cybersecurity metrics

(KPIs/KRIs) to measure control effectiveness and program reach. Build centralized reporting capabilities and integrate metrics into dashboards using

Tableau, PowerBI, and Databricks

. Analyze large, complex datasets to identify trends, anomalies, and actionable insights. Collaborate with global engineering and DevOps teams to integrate security tooling into

CI/CD pipelines

. Prepare executive-level reports and committee summaries on security posture and risk trends. Maintain documentation and process repositories to support compliance and continuous improvement. * Stay current with industry trends, regulatory requirements, and best practices in application security metrics and reporting.