Senior Web Application Security Specialist

Senior Web Application Security Specialist: Become the Newest Member of the VF Family

Now that you’ve found the job description, what’s next?

At VF, we strive to foster a culture of belonging based on respect, connection, openness, and authenticity.  As a purpose-led, performance-driven company, we are committed to inclusion, diversity, equity, and action. So, before we get to the job details, take a minute to learn a little more about us – our values and our culture - visit VF Careers or www.vfc.com.

What will you do?

A day in the life of a Senior Web Application Security Specialist at VF looks a little like this.

As a member of the Application Security team, you will be a key member of the team looking across the VF Global enterprise looking for threats and vulnerabilities that would potentially or unnecessarily place the company at risk.

Working with the different teams within VF, you will oversee report findings to the key stakeholders, evaluate and prioritize key vulnerabilities and intersect with the risk functional team within cyber and information security.  Responsibilities will include oversight of remediation efforts within VF.

Let’s break down that day in the life a bit more:

• Serve as a subject matter expert for application development and infrastructure teams
• Partner with application development teams for secure development process adoption and continuous security posture improvement
• Assist with the Dynamic Application Security Testing (DAST) program as needed
• Assist with Bug Bounty program as needed
• Determine and define project scope, objectives, and deliverable for large-scale application security project
• Identify metrics and Key Performance Indicators (KPIs) for application security program
• Analyze organization's cyber defense policies/configurations and evaluate weaknesses and vulnerabilities
• Support authorized penetration testing on enterprise network assets as needed
• Support purple team exercises and breach and attack simulations as needed
• Perform end-to-end application security reviews to ensure critical information is appropriately protected
• Participate in the creation of effective and efficient processes to drive successful reduction of risk within VF
• Lead in the design of more secure pipelines and update existing ones
• Research and advocate for new security solutions and technologies
• Ensure the highest levels of security practices are maintained by VF through projects, implementations
• Establish communications with associates related to threats, vulnerabilities, processes and security risks across a global landscape
• Advocate and evangelize the importance of Threat and Vulnerability management within VF and socialize through internal channels

What do you need to succeed?

We all have unique skills that we bring to work and celebrate every day. For this role, there are foundation skills you’ll need to succeed and excel. Additionally, while formal education in a related field is great to have, we are most interested in your 3+ years of experience and professional achievements. 

Years of Related Professional Experience: 3-5 years

Position Requirements:

• Have experience with IT Security, Risk Management, or IT Auditing
• Expert knowledge of vulnerabilities as presented on the OWASP top 10
• Extensive experience with agile delivery practices
• Extensive experience integrating security into DevOps practices
• Understanding of networking protocols (IP, DNS, HTTP)
• Extensive experience conducting source code review
• Experience using static application security testing tools such as Fortify, Checkmarx, Veracode, etc.
• Extensive experience dynamic analysis with tools such as AppScan, Invicti, Qualys WAS, BurpSuite, and OWASP ZAP, etc.
• Experience in Web Application and/or Cloud penetration testing.
• Familiarity with common enterprise architectures.
• Experience auditing and configuring Akamai security products (WAF, BMP, etc.).
• Excellent organizational and communication skills.
• Demonstrated ability to work independently and with others
• Follows all defined IT standards and processes (i.e. IT Governance, SM&G, Architecture, etc.), and provides input for improvements to the appropriate process owners as needed
• Maintains a proper balance between business and operational risk
• Follows the defined project management standards and processes

Educational Preferences:

• A bachelor’s or master’s degree in computer science, information systems or other related field; or equivalent work experience
• Relevant certifications (CISSP, CSSLP, OSCP, OSWE, eWPT, GWEB, etc.)

Special Physical and/or Mental Requirements: 

• Travel by air and overnight, as required 10% amount of time.

What do we offer you?

At VF, we know you expect as much from us as we do from you. That is why we make a commitment to support and grow our people. We offer extensive development and growth opportunities for your current and future positions, a competitive compensation package, and a strong benefits package that includes medical, dental, vision, and 401(k).

Our commitment extends beyond this and into your daily work life. We strive to foster a diverse and inclusive culture based on respect, connection, and authenticity. Our focus on DEI is at the foundation of who we are and what we do.

To learn more about VF’s benefits package, follow this MyVFBenefits.com and click “Looking to Join VF”.

To learn more about VF’s Diversity and Inclusion efforts, go to www.vfc.com.

Now WE have a question for YOU.

Are you in?

Hiring Range:

Incentive Potential: This position is eligible for additional compensation awards that may include an annual incentive plan, sales incentive, or commission potential. Specific details of the additional compensation eligibility for this position will be provided during the recruiting and interview process.

Benefits at VF Corporation: You can review a general overview of each benefit program offered, including this year's medical plan rates on www.MyVFbenefits.com  and by clicking Looking to Join VF? Detailed information on your benefits will be provided during the hiring process.

Please note, our hiring ranges are determined and built from market pay data. In determining the specific compensation for this position, we comply with all local, state, and federal laws.

At VF, we value a diverse, inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individual’s race, color, sex, gender identity, gender expression, religion, age, national origin or ancestry, citizenship, physical or mental disability, medical condition, family care status, marital status, domestic partner status, sexual orientation, genetic information, military or veteran status, or any other basis protected by federal, state or local laws.  If you are unable to submit your application because of incompatible assistive technology or a disability, please contact us at peopleservices@vfc.com. VF will reasonably accommodate qualified individuals with disabilities to the extent required by applicable law.

Pursuant to all applicable local Fair Chance Ordinance requirements, including but not limited to the San Francisco Fair Chance Ordinance, VF will consider for employment qualified applicants with arrest and conviction records.