Yum! Brands logo

Security Engineer III

Yum! Brands

Posted about 12 hours ago

About this role

Full Time Senior Security Engineer III in e-commerce at Yum! Brands in India. Apply directly through the link below.

At a glance

Work mode
Office
Employment
Full Time
Location
India
Experience
Senior · 8+ years
Education
Bachelor's degree

Core stack

  • Infrastructure
  • Architecture
  • Kubernetes
  • Serverless
  • Onboarding
  • Compliance
  • Restaurant
  • Incident
  • Security
  • Docker
  • Design
  • CI/CD
  • OWASP
  • GDPR
  • OOP

Quick answers

  • What are the qualifications?

    Bachelor's degree and at least 6-8 years of experience in cybersecurity and/or software development. Additional years of relevant cybersecurity or development experience may be considered in lieu of bachelor's degree.

  • What skills are required?

    Infrastructure, Architecture, Kubernetes, Serverless, Onboarding, Compliance, Restaurant, Incident, Security, Docker, and more.

Yum! Brands is hiring for this role. Visit career page

India, India

 

 Responsibilities

  • Partner with US teams to provide security guidance as a subject matter expert around application security and operate YUM! application security services for the brand. 

  • Aligning with a risk-based approach, collaborate with third-party engineers, and product owners to identify, prioritize, and remediate vulnerabilities in mobile and web applications across YUM! systems. These include e-commerce websites, e-commerce mobile apps, and restaurant operations apps.

  • Leveraging established YUM! security services, review vulnerability scanner reports/results and work with application and/or engineering teams to communicate and address/remediate issues. This includes ensuring adherence to established remediation timelines, including recommending and monitoring remediation activities.

  • Maintain the brand’s application security scan profiles and scan policies as per baseline standards across scanning tools for containers, SAST, DAST, and crowd sourced pen testing. This will include reviewing findings of security scans and onboarding new applications into scanning tools or services.  

  • Conduct awareness campaigns with engineering teams to ensure application development adheres to YUM! Global Technology Risk Management development standards.

  • Continuously monitor published vulnerabilities for various applications, operating systems, and databases. Based on the publicly disclosed vulnerabilities determine the remediation priority and engage the stakeholders. Review the solution by re-scanning the disclosed vulnerabilities. (Familiar with OWASP Top 10, etc.)

  • Conduct threat modeling exercises to identify potential risks at the design and architecture stages and provide guidance to development teams in secure design and best practices.

  • Coordinate with incident response teams to contain, remediate, and perform root cause analysis on security incidents affecting applications. 

 

 Minimum Requirements:

  • Bachelor's degree and at least 6-8 years of experience in cybersecurity and/or software development. Additional years of relevant cybersecurity or development experience may be considered in lieu of bachelor's degree.
  • Experience with reviewing application cybersecurity vulnerabilities for risk and relevance as well as in vulnerability mitigations/remediation planning, for identified vulnerabilities
  • Able to successfully communicate with technical personnel and third parties.
  • Knowledge of continuous integration and continuous delivery platforms
  • Familiarity with relevant compliance and data privacy regulations (e.g. PCI DSS, GDPR, CCPA) and how they impact application security with the ability to incorporate compliance requirements into security testing and remediation processes. 
  • Knowledge of common programming languages and paradigms ( OOP, functional, concurrent, etc)
  • Knowledge of cloud environment topics including secrets management, infrastructure as code, and serverless technologies
  • Knowledge of CI/CD techniques and build/deployment pipeline technologies
  • Knowledge of application scanning tools using both dynamic and static techniques
  • Knowledge of containers and container management tools (e.g. Docker, Kubernetes) including how to interpret and remediate security findings and best practices for securing container images and deployments.
  • Knowledge of HTTP communication
  • Knowledge of package management tools for languages and operating systems (e.g. npm, pip, apt, yum)

Preferred Requirements

  • Knowledge of cloud environment topics including secrets management, infrastructure as code, and serverless technologies
  • Knowledge of CI/CD techniques and build/deployment pipeline technologies
  • Knowledge of application scanning tools using both dynamic and static techniques
  • Knowledge of containers and container management tools (e.g. Docker, Kubernetes) including how to interpret and remediate security findings and best practices for securing container images and deployments.
  • Knowledge of HTTP communication

Knowledge of package management tools for languages and operating systems (e.g. npm, pip, apt, yum)

Security Engineer III

Level 7

BTECH - Computer Since / Information Technology

Job details

Workplace

Office

Location

India

Job type

Full Time

Experience

Senior · 8+ years

Similar

Company

Website

Visit site

Twitter

@yumbrands

Jobr Assistant extension

Get the extension →