Senior Engineer, Application Security at VF Corporation

Senior Engineer Application Security: Become the Newest Member of the VF Family As a member of the Application Security team you will be a key member of the team looking across the VF Global enterprise looking for threats and vulnerabilities that would potentially or unnecessarily place the company at risk.Working with the different teams within VF you will oversee and report findings to the key stakeholders evaluate and prioritize vulnerabilities and intersect with the risk functional team within cyber and information security. Responsibilities will include oversight and management of the Bug Bounty and Vulnerability Disclosure Programs at VF.How You Will Make a Difference: Create and implement the strategic vision for the companys Bug Bounty and Vulnerability Disclosure ProgramDevelop policy for both programsDrive continuous improvement in the programs by strategically aligning with organizational goalsMentor and train Application Security team membersEnsure Organizational Level Agreements for remediation as defined by internal policy and standards are metServe as a cybersecurity subject matter expert for application development and infrastructure teamsPartner with application development teams for secure development process adoption and continuous security posture improvementParticipate in Red Team exercises to simulate real-world attacks identifying potential gaps in security and effectiveness of existing defensesAnalyze organizations cyber defense policies and recommend improvements that align with strategic cybersecurity goalsPerform threat assessments on application-level and infrastructure components to identify security risksAssist with the Dynamic Application Security Testing(DAST) program as neededIdentify metrics and Key Performance Indicators (KPIs) for application security programSupport authorized penetration testing on web applications and enterprise network assets as neededSupport purple team exercises and breach and attack simulations as neededPerform end-to-end application security reviews to ensure critical information is appropriately protectedAssist with incident response activities as needed particularly around web applicationsParticipate in the creation of effective and efficient processes to drive successful reduction of risk within the organizationLead in the design and implementation of more secure pipelines and update existing onesResearch and advocate for new security solutions and technologiesEnsure the highest levels of security practices are maintained by VF through projects and implementationsEstablish communications with associates related to threats vulnerabilities processes and security risks across a global landscapeAdvocate and evangelize the importance of Threat and Vulnerability management within VF and socialize through internal channelsYears of Related Professional Experience: 10 yearsPosition Requirements:Proven experience in offensive security penetration testing or application security with a focus on web application securityExpert level understanding of web application security vulnerabilities (OWASP Top 10 etc.) and exploitsExperience with Red Team and Purple Team exercises with knowledge of attack simulation tools and methodologiesExtensive experience with agile delivery practicesExtensive experience integrating security into DevOps practicesExtensive experience conducting source code reviewExperience using static application security testing tools such as Fortify Checkmarx Veracode etc.Extensive experience with dynamic application security testing tools such as AppScan Invicti Qualys WAS BurpSuite and OWASP ZAP etc.Familiarity with common enterprise architecturesExcellent organizational and communication skillsDemonstrated ability to work independently and with othersFollows all defined IT standards and processes (i.e. IT Governance SM&G Architecture etc.) and provides input for improvements to the appropriate process owners as neededMaintains a proper balance between business and operational riskEducational Preferences:A bachelors or masters degree in computer science information systems or other related field; or equivalent work experienceRelevant certifications (CISSP CSSLP OSCP OSWE eWPT PWPP etc.)Special Physical and/or Mental Requirements: Travel by air and overnight as required 10% amount of time.Hiring Range:$116000.00 USD - $145000.00 USD annuallyIncentive Potential: This position is eligible for additional compensation awards that may include an annual incentive plan sales incentive orcommissionpotential. Specific details of the additional compensation eligibility for this position will be provided during the recruiting and interview process.Benefits at VF Corporation: You can review a general overview of each benefit program offered including this years medical plan rates on and by clicking Looking to Join VF Detailed information on your benefits will be provided during the hiring process.Please note our hiring ranges are determined and built from market pay determining the specific compensation for this position we comply with all local state and federal laws.At VF we value a diverse inclusive workforce and we provide equal employment opportunity for all applicants and employees. All qualified applicants for employment will be considered without regard to an individuals race color sex gender identity gender expression religion age national origin or ancestry citizenship physical or mental disability medical condition family care status marital status domestic partner status sexual orientation genetic information military or veteran status or any other basis protected by federal state or local laws. If you require accommodations during the application process please contact us at . VF will provide reasonable accommodations for qualified individuals to the extent required by applicable law.Pursuant to all applicable local Fair Chance Ordinance requirements including but not limited to the San Francisco Fair Chance Ordinance VF will consider for employment qualified applicants with arrest and conviction records.Required Experience:Senior IC Key Skills Continuous Integration,SQL,.NET,Debugging,C/C++,Go,Root cause Analysis,ASP.NET,C#,Application Development,JavaScript,Teradata Employment Type : Full-Time Experience: years Vacancy: 1