Senior Engineer, Offensive Security: Become the Newest Member of the VF Family
As a member of the Global Cyber Security Assurance team, you will play a critical role in identifying vulnerable systems and processes that could threaten VF, its assets, or personnel. You will recommend remediation steps to key stakeholders to improve VF’s security posture, while also overseeing offensive security engagements and exercises, and maintaining collaboration with various teams across VF.
Key Responsibilities:
- Plan and conduct security exercises that emulate real-world threats to rigorously assess and improve VF’s defenses.
- Collaborate with cross-functional teams, including Blue Team, infrastructure, and application groups to validate detection, response capabilities, and drive security enhancements.
- Develop innovative solutions to complex security challenges, anticipate future threats and designing processes to minimize organizational risk.
- Interpret and communicate technical findings to non-cybersecurity audiences, ensuring recommendations are actionable and adopted.
- Stay informed of emerging threats and vulnerabilities, continually refining penetration testing methodologies and promoting cybersecurity best practices.
- Identify and implement improvements in penetration testing and risk reduction processes, creating efficient workflows and recommending remediation strategies.
- Advise on security best practices organization-wide, including password management, encryption, software updates, and other improvements.
- Provide consultations on information security designs for infrastructure and application projects.
- Build strong collaborative relationships with defensive and infrastructure teams.
- Prepare detailed reports on discovered vulnerabilities and recommend solutions to mitigate risks.
- Champion cybersecurity awareness across the organization, educating and influencing stakeholders through internal channels.
Years of Related Professional Experience: Minimum of 5 years of related experience preferred
Position Requirements:
- Experience in penetration testing methodologies and technologies.
- Ability to identify and exploit identified vulnerabilities responsibly.
- Ability to articulate mitigation strategies for identified vulnerabilities.
- Knowledge of vulnerabilities as presented on the OWASP top 10 web and API vulnerabilities.
- Ability to apply security frameworks (NIST, OWASP, CISA, etc.) to day-to-day operations.
- Understanding of networking protocols (IP, DNS, HTTP, etc.)
- Familiarity with application testing tools such as Burp Suite, Postman, and ZAP.
- Familiarity with network penetration tools such as NMAP, Metasploit, Impacket Suite, and Bloodhound
- Familiarity with API development and deployment best practices.
- Familiarity with common enterprise architectures.
- Basic hands-on experience with at least one of the major cloud providers (GCP, AWS, Azure)
- Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
- Demonstrated ability to work independently and with others
- Maintains a proper balance between business and operational risk
Educational Preferences:
- A bachelor’s or master’s degree in computer science, information systems or other related field; or equivalent work experience
- Relevant certifications (OSCP, OSWE, eWPT, GWEB, etc.)
Special Physical and/or Mental Requirements:
- Travel by air and overnight, as required 10% amount of time.
Hiring Range:
$116,000.00 USD - $145,000.00 USD annually
Incentive Potential: This position is eligible for additional compensation awards that may include an annual incentive plan, sales incentive, or commission potential. Specific details of the additional compensation eligibility for this position will be provided during the recruiting and interview process.
Benefits at VF Corporation: You can review a general overview of each benefit program offered, including this year's medical plan rates on www.MyVFbenefits.com and by clicking Looking to Join VF? Detailed information on your benefits will be provided during the hiring process.
Please note, our hiring ranges are determined and built from market pay data. In determining the specific compensation for this position, we comply with all local, state, and federal laws.
At VF, we value a diverse, inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws. If you require accommodations during the application process, please contact us at peopleservices@vfc.com. VF will provide reasonable accommodations for qualified individuals to the extent required by applicable law.
Pursuant to all applicable local Fair Chance Ordinance requirements, including but not limited to the San Francisco Fair Chance Ordinance, VF will consider for employment qualified applicants with arrest and conviction records.