Information Security Officer responsible for cybersecurity strategies and compliance in an IT service provider for food and beverage industry. Developing security standards, managing incidents, and collaborating with leadership.
YE
Hybrid Security Engineer II
Posted 42 minutes ago
About the role
- Security Engineer providing application security guidance for YUM! e-commerce and mobile apps. Collaborate with teams to identify and remediate security vulnerabilities effectively in various applications.
Responsibilities
- Partner with US teams to provide security guidance as a subject matter expert around application security and operate YUM! application security services for the brand.
- Aligning with a risk-based approach, collaborate with third-party engineers, and product owners to identify, prioritize, and remediate vulnerabilities in mobile and web applications across YUM! systems. These include e-commerce websites, e-commerce mobile apps, and restaurant operations apps.
- Leveraging established YUM! security services, review vulnerability scanner reports/results and work with application and/or engineering teams to communicate and address/remediate issues. This includes ensuring adherence to established remediation timelines, including recommending and monitoring remediation activities.
- Maintain the brand’s application security scan profiles and scan policies as per baseline standards across scanning tools for containers, SAST, DAST, and crowd sourced pen testing. This will include reviewing findings of security scans and onboarding new applications into scanning tools or services.
- Conduct awareness campaigns with engineering teams to ensure application development adheres to YUM! Global Technology Risk Management development standards.
- Continuously monitor published vulnerabilities for various applications, operating systems, and databases. Based on the publicly disclosed vulnerabilities determine the remediation priority and engage the stakeholders. Review the solution by re-scanning the disclosed vulnerabilities.
- Conduct threat modeling exercises to identify potential risks at the design and architecture stages and provide guidance to development teams in secure design and best practices.
- Coordinate with incident response teams to contain, remediate, and perform root cause analysis on security incidents affecting applications.
Requirements
- Bachelor's degree and at least 4-6 / 6-8 years of experience in cybersecurity and/or software development. Additional years of relevant cybersecurity or development experience may be considered in lieu of bachelor's degree.
- Experience with reviewing application cybersecurity vulnerabilities for risk and relevance as well as in vulnerability mitigations/remediation planning, for identified vulnerabilities.
- Able to successfully communicate with technical personnel and third parties.
- Knowledge of continuous integration and continuous delivery platforms.
- Familiarity with relevant compliance and data privacy regulations (e.g. PCI DSS, GDPR, CCPA) and how they impact application security with the ability to incorporate compliance requirements into security testing and remediation processes.
- Knowledge of common programming languages and paradigms ( OOP, functional, concurrent, etc).
- Knowledge of cloud environment topics including secrets management, infrastructure as code, and serverless technologies.
- Knowledge of CI/CD techniques and build/deployment pipeline technologies.
- Knowledge of application scanning tools using both dynamic and static techniques.
- Knowledge of containers and container management tools (e.g. Docker, Kubernetes) including how to interpret and remediate security findings and best practices for securing container images and deployments.
- Knowledge of HTTP communication.
- Knowledge of package management tools for languages and operating systems (e.g. npm, pip, apt, yum).
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Senior Security Engineer responsible for implementing security systems and conducting incident response at Emburse. Collaborating with teams to identify and mitigate security threats.
Cybersecurity Engineer guiding systems through the Risk Management Framework at Skyward Federal. Ensuring compliance with DoD cybersecurity requirements and maintaining secure technologies.
Account Executive driving new business growth for Strider Technologies via strategic client relationships. Transforming open - source data into actionable insights to protect from nation - state risks.
Cybersecurity Intern at Thndr. Gain hands - on experience in securing cloud - native infrastructure and applications while collaborating with senior security engineers.
Security Engineer ensuring core security in product development at Trustly. Collaborating with teams on security practices and automating controls.
Senior Security Engineer leading security initiatives to protect customer data at an AI - native legal tech company. Collaborating across functions to ensure compliance and security best practices.
Working Student in Information Security at Allianz Direct supporting security monitoring and managing vulnerability assessments. Collaborating with cross - functional teams to enhance cybersecurity posture and awareness.
Cyber Security Specialist at Vodafone responsible for shaping and deploying security measures. Collaborating with business, IT, and Network teams as a trusted security partner.
Enterprise Security Implementation Specialist at Vodafone supporting customers in implementing security solutions. Responsibilities include onboarding, incident management, and ensuring service quality with Fortinet and Zscaler products.