Senior Engineer, Offensive Security

About The Position

Requirements

• Experience in penetration testing methodologies and technologies.
• Ability to identify and exploit identified vulnerabilities responsibly.
• Ability to articulate mitigation strategies for identified vulnerabilities.
• Knowledge of vulnerabilities as presented on the OWASP top 10 web and API vulnerabilities.
• Ability to apply security frameworks (NIST, OWASP, CISA, etc.) to day-to-day operations.
• Understanding of networking protocols (IP, DNS, HTTP, etc.)
• Familiarity with application testing tools such as Burp Suite, Postman, and ZAP.
• Familiarity with network penetration tools such as NMAP, Metasploit, Impacket Suite, and Bloodhound
• Familiarity with API development and deployment best practices.
• Familiarity with common enterprise architectures.
• Basic hands-on experience with at least one of the major cloud providers (GCP, AWS, Azure)
• Excellent and professional communication skills (written and verbal) with an ability to articulate complex topics in a clear and concise manner.
• Demonstrated ability to work independently and with others
• Maintains a proper balance between business and operational risk
• Minimum of 5 years of related experience preferred

Nice To Haves

• A bachelor’s or master’s degree in computer science, information systems or other related field; or equivalent work experience
• Relevant certifications (OSCP, OSWE, eWPT, GWEB, etc.)

Responsibilities

• Plan and conduct security exercises that emulate real-world threats to rigorously assess and improve VF’s defenses.
• Collaborate with cross-functional teams, including Blue Team, infrastructure, and application groups to validate detection, response capabilities, and drive security enhancements.
• Develop innovative solutions to complex security challenges, anticipate future threats and designing processes to minimize organizational risk.
• Interpret and communicate technical findings to non-cybersecurity audiences, ensuring recommendations are actionable and adopted.
• Stay informed of emerging threats and vulnerabilities, continually refining penetration testing methodologies and promoting cybersecurity best practices.
• Identify and implement improvements in penetration testing and risk reduction processes, creating efficient workflows and recommending remediation strategies.
• Advise on security best practices organization-wide, including password management, encryption, software updates, and other improvements.
• Provide consultations on information security designs for infrastructure and application projects.
• Build strong collaborative relationships with defensive and infrastructure teams.
• Prepare detailed reports on discovered vulnerabilities and recommend solutions to mitigate risks.
• Champion cybersecurity awareness across the organization, educating and influencing stakeholders through internal channels.

Benefits

• You can review a general overview of each benefit program offered, including this year's medical plan rates on www.MyVFbenefits.com and by clicking Looking to Join VF? Detailed information on your benefits will be provided during the hiring process.