Senior Cyber Security Incident Handler

Cyber Security Incident Handler: Become the Newest Member of the VF Family

As technology continues to advance so does the threat landscape. Attackers are now using more sophisticated tactics to evade security controls. As a result, VF must also continue to advance its capabilities in threat detection and monitoring systems.

The Senior Incident Handler is responsible for leading and coordinating the response to high-severity cybersecurity incidents across the global retail organization. This role involves managing the incident lifecycle, enhancing advanced threat detection capabilities, and collaborating with various teams to ensure effective incident resolution and mitigation. The Senior Incident Handler will also play a key role in developing and implementing strategic incident response plans, training programs, and improving overall security posture.

How You Will Make a Difference: 

• Incident Response Leadership:

• • Lead and coordinate incident response efforts for complex and high-severity incidents across multiple geographic locations, ensuring timely and effective communication and resolution.

  • Serve as the primary escalation point for high impact, and sensitive cybersecurity incidents, providing expert guidance and ensuring consistency in response quality.

  • Conduct comprehensive post-mortem analysis to identify root causes and recommend strategic improvements to prevent future incidents.

• Advanced Threat Detection and Analysis:

• • Oversee the monitoring and analysis of logs, alerts, and external data sources to determine security and operational impacts.

  • Collaborate with Detection Engineers to enhance detections, alerts, and cyber event correlation rules within the SIEM to reduce false positives and improve accuracy.

  • Lead proactive threat hunting activities to identify advanced threats and vulnerabilities within the network.

• Research and Threat Intelligence:

• • Direct research on security events and threat intelligence using internal and open-source tools.

  • Validate and analyze security event data, providing actionable insights to improve threat detection and mitigation capabilities.

  • Stay updated on emerging threats and vulnerabilities, integrating relevant threat intelligence into incident response strategies to improve security posture.

• Incident Lifecycle Management:

• • Manage the incident lifecycle, ensuring all incidents are up-to-date and complete. Collect relevant evidence (artifacts) for each incident in the incident tracking system.

  • Coordinate with technical teams to remediate incidents, including malware eradication and containment of incidents along the cyber kill chain.

• Documentation and Reporting:

• • Develop and track incident response metrics, providing regular reports to senior management on the effectiveness of the incident response program.

  • Document event analysis and record data within the Incident Tracking tool, ensuring all relevant data is captured.

• Training and Development:

• • Train and mentor Incident Handlers, SOC Analysts, and other team members on advanced security tools and incident response procedures.

  • Represent the Security Operations team in various SOC, Incident Response, and Cyber Security projects.

  • Optimize and fine-tune security tools and systems to improve detection and response capabilities.

• Policy and Plan Ownership:

• • Own and maintain the Incident Response (IR) Policy and Incident Response Plan, ensuring they are up-to-date and effective.

  • Develop and implement strategic improvements to the IR Policy and IR Plan based on lessons learned from incidents and emerging threats.

  • Develop and maintain Incident Response playbooks, standard operating procedures (SOPs) and escalation workflows to ensure consistent and efficient handling of security incidents.

• Relationship Management:

• • Manage relationships with internal and external counsel, HR, and Employee Relations to ensure coordinated and compliant incident response efforts.

  • Collaborate with these stakeholders to address legal, regulatory, and employee-related aspects of cybersecurity incidents.

  • Foster relationships with key leaders across Digital Technology including Supply Chain Operations, ECOM, and Retail Services and our various brands to help identify key areas of improvement. 

Years of Related Professional Experience: 7+ years

Educational/ Position Requirements: 

Position Requirements:

• 7+ years of related professional experience in cybersecurity, with a focus on incident response and advanced threat detection.

• Extensive experience executing security incident handling and investigation processes and procedures.

• Previous experience operating and tuning SIEM tools, Microsoft Sentinel experience preferred.

• Familiarity with modern EDR/XDR tools; experience with Crowdstrike Falcon considered a plus.

• Proficiency in digital forensics and incident response (DFIR) methodologies across common enterprise operating systems.

• Strong understanding of networking fundamentals, including network forensics, the OSI Model, TCP/IP, DNS, HTTP, SMTP.

• Proficient understanding of various operating systems and their architectures: Windows, Unix/Linux, and OSX.

• Exposure to cloud computing environments with a focus on triaging cloud-based security incidents within AWS, Microsoft Azure, and Ali Cloud.

• Advanced scripting capabilities in PowerShell and Python are considered a plus.

• Effective communication skills with the ability to work in a collaborative environment across many disciplines.

• Strong relationship skills and collaborative style to enable success across multiple business partners with a focus on building partnerships.

• Excellent analytical, communication, and problem-solving skills.

Educational Requirements:

●       A bachelor’s degree in computer science, information systems or other related field (preferred); or equivalent work experience.

●       Professional security management certifications such as; CISSP, CISM, and relevant Global Information Assurance Certification (GIAC) certifications such as GCIH, GCFA, GCFE, GEIR or other similar credentials are a plus.

Special Physical and/or Mental Requirements: 

·         Minimal travel requirements

Hiring Range:

Incentive Potential: This position is eligible for additional compensation awards that may include an annual incentive plan, sales incentive, or commission potential. Specific details of the additional compensation eligibility for this position will be provided during the recruiting and interview process.

Benefits at VF Corporation: You can review a general overview of each benefit program offered, including this year's medical plan rates on www.MyVFbenefits.com  and by clicking Looking to Join VF? Detailed information on your benefits will be provided during the hiring process.

Please note, our hiring ranges are determined and built from market pay data. In determining the specific compensation for this position, we comply with all local, state, and federal laws.

At VF, we value a diverse, inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws.  If you are unable to submit your application because of incompatible assistive technology or a disability, please contact us at peopleservices@vfc.com. VF will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.

Pursuant to all applicable local Fair Chance Ordinance requirements, including but not limited to the San Francisco Fair Chance Ordinance, VF will consider for employment qualified applicants with arrest and conviction records.