Senior Offensive Security Engineer

Now that you’ve found the job description, what’s next?

At VF, we strive to foster a culture of belonging based on respect, connection, openness, and authenticity.  As a purpose-led, performance-driven company, we are committed to inclusion, diversity, equity, and action. So, before we get to the job details, take a minute to learn a little more about us – our values and our culture - visit VF Careers or www.vfc.com.

What will you do?

A day in the life of a Senior Offensive Security Engineer at VF looks a little like this.

As a member of the Global Cyber Security Assurance team, you will be a key member of the team by actively seeking vulnerable systems and processes that could pose risk to VF, its assets, or its people. Once identified, you will provide remediation steps to key stakeholders to strengthen VF’s security posture.  

You will oversee offensive security engagements, purple team exercises, and manage relationships with various teams within VF.

Let’s break down that day-in-the-life a bit more.

• Plan, design, and execute penetration tests to simulate real-world attacks and identify potential entry points. 

• Provide detailed reports on detected vulnerabilities and recommend solutions to mitigate risks. 

• Leverage various tools and techniques to identify vulnerabilities in systems, networks, applications, and databases. 

• Conduct security exercises that emulate tactics, techniques, and procedures (TTPs) of actual threats to assess the organization’s defenses. 

• Offer guidance on implementing security best practices throughout the organization including strong passwords, using encryption, keeping software up-to-date, and other security improvements.

• Maintain a deep understanding on the latest security threats and vulnerabilities to provide effective security testing services. 

• Perform and/or manage penetration tests on VF’s network, web application, mobile application, and retail locations.

• Identify areas of penetration testing process improvement and recommend solutions/remediation tactics to protect VF’s network.

• Build relationships and collaborate closely with defensive and infrastructure teams. 

• Serve as a partner in infrastructure and application project teams providing consultation on information security designs as necessary. 

• Create effective and efficient processes to drive successful reduction of risk within VF. 

• Advocate and champion the importance of Cyber Security within VF and socialize through internal channels.

What do you need to succeed?

We all have unique skills that we bring to work and celebrate every day. For this role, there are foundation skills you’ll need to succeed and excel. Additionally, while formal education in a related field is great to have, we are most interested in your 5 + years of experience and professional achievements.

The foundation skills you will need in this position are:

• Experience in penetration testing methodologies and technologies. 

• Ability to identify and exploit identified vulnerabilities responsibly. 

• Ability to articulate mitigation strategies for identified vulnerabilities.  

• Knowledge of vulnerabilities as presented on the OWASP top 10 web and API vulnerabilities. 

• Ability to apply security frameworks (NIST, OWASP, CISA, etc.) to day-to-day operations.  

• Understanding of networking protocols (IP, DNS, HTTP, etc.) 

• Familiarity with application testing tools such as Burp Suite, Postman, and ZAP. 

• Familiarity with network penetration tools such as NMAP, Metasploit, Impacket Suite, and Bloodhound 

• Familiarity with API development and deployment best practices. 

• Familiarity with common enterprise architectures. 

• Basic hands-on experience with at least one of the major cloud providers (GCP, AWS, Azure) 

• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner. 

• Demonstrated ability to work independently and with others. 

• Maintains a proper balance between business and operational risk.

• Location requirement: hybrid role located in Greensboro, North Carolina.

There are also a few skills that are not required but preferred.

• A bachelor’s or master’s degree in computer science, information systems or other related field; or equivalent work experience 

• Relevant certifications (OSCP, OSWE, eWPT, GWEB, etc.)  

What do we offer you?

At VF, we know you expect as much from us as we do from you. That is why we make a commitment to support and grow our people. We offer extensive development and growth opportunities for your current and future positions, a competitive compensation package, and a strong benefits package that includes medical, dental, vision, and 401(k).

Our commitment extends beyond this and into your daily work life. We strive to foster a diverse and inclusive culture based on respect, connection, and authenticity. Our focus on DEI is at the foundation of who we are and what we do.

To learn more about VF’s benefits package, follow this MyVFBenefits.com and click “Looking to Join VF”.

To learn more about VF’s Diversity and Inclusion efforts, go to www.vfc.com.

Now WE have a question for YOU.

Are you in?

#LI-JB1

Hiring Range:

Incentive Potential: This position is eligible for additional compensation awards that may include an annual incentive plan, sales incentive, or commission potential. Specific details of the additional compensation eligibility for this position will be provided during the recruiting and interview process.

Benefits at VF Corporation: You can review a general overview of each benefit program offered, including this year's medical plan rates on www.MyVFbenefits.com  and by clicking Looking to Join VF? Detailed information on your benefits will be provided during the hiring process.

Please note, our hiring ranges are determined and built from market pay data. In determining the specific compensation for this position, we comply with all local, state, and federal laws.

At VF, we value a diverse, inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws.  If you are unable to submit your application because of incompatible assistive technology or a disability, please contact us at peopleservices@vfc.com. VF will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.

Pursuant to all applicable local Fair Chance Ordinance requirements, including but not limited to the San Francisco Fair Chance Ordinance, VF will consider for employment qualified applicants with arrest and conviction records.