IT Security Expert creating and managing SIEM solutions to strengthen Europe's defence capabilities. Collaborating in a small elite team to solve significant security challenges rapidly.
YE
Hybrid Security Engineer II
Posted 2 days ago
About the role
- Security Engineer providing application security guidance for YUM! e-commerce and mobile apps. Collaborate with teams to identify and remediate security vulnerabilities effectively in various applications.
Responsibilities
- Partner with US teams to provide security guidance as a subject matter expert around application security and operate YUM! application security services for the brand.
- Aligning with a risk-based approach, collaborate with third-party engineers, and product owners to identify, prioritize, and remediate vulnerabilities in mobile and web applications across YUM! systems. These include e-commerce websites, e-commerce mobile apps, and restaurant operations apps.
- Leveraging established YUM! security services, review vulnerability scanner reports/results and work with application and/or engineering teams to communicate and address/remediate issues. This includes ensuring adherence to established remediation timelines, including recommending and monitoring remediation activities.
- Maintain the brand’s application security scan profiles and scan policies as per baseline standards across scanning tools for containers, SAST, DAST, and crowd sourced pen testing. This will include reviewing findings of security scans and onboarding new applications into scanning tools or services.
- Conduct awareness campaigns with engineering teams to ensure application development adheres to YUM! Global Technology Risk Management development standards.
- Continuously monitor published vulnerabilities for various applications, operating systems, and databases. Based on the publicly disclosed vulnerabilities determine the remediation priority and engage the stakeholders. Review the solution by re-scanning the disclosed vulnerabilities.
- Conduct threat modeling exercises to identify potential risks at the design and architecture stages and provide guidance to development teams in secure design and best practices.
- Coordinate with incident response teams to contain, remediate, and perform root cause analysis on security incidents affecting applications.
Requirements
- Bachelor's degree and at least 4-6 / 6-8 years of experience in cybersecurity and/or software development. Additional years of relevant cybersecurity or development experience may be considered in lieu of bachelor's degree.
- Experience with reviewing application cybersecurity vulnerabilities for risk and relevance as well as in vulnerability mitigations/remediation planning, for identified vulnerabilities.
- Able to successfully communicate with technical personnel and third parties.
- Knowledge of continuous integration and continuous delivery platforms.
- Familiarity with relevant compliance and data privacy regulations (e.g. PCI DSS, GDPR, CCPA) and how they impact application security with the ability to incorporate compliance requirements into security testing and remediation processes.
- Knowledge of common programming languages and paradigms ( OOP, functional, concurrent, etc).
- Knowledge of cloud environment topics including secrets management, infrastructure as code, and serverless technologies.
- Knowledge of CI/CD techniques and build/deployment pipeline technologies.
- Knowledge of application scanning tools using both dynamic and static techniques.
- Knowledge of containers and container management tools (e.g. Docker, Kubernetes) including how to interpret and remediate security findings and best practices for securing container images and deployments.
- Knowledge of HTTP communication.
- Knowledge of package management tools for languages and operating systems (e.g. npm, pip, apt, yum).
Job title
Job type
Experience level
Salary
Degree requirement
Tech skills
Location requirements
Senior Manager in Regulatory Compliance ensuring effective risk management within the Information Security Group. Overseeing regulatory compliance and governance while leading automation efforts.
Information Security Engineer overseeing security tasks, ensuring implementation of security controls. Collaborating with legal and technical teams in a professional office environment.
Security Administrator managing security across cloud and on - premises environments at Homecare Homebase. Collaborating with teams for patient care systems security and compliance.
Principal Security Engineer shaping security strategy for enterprise IT systems and software products at RedCloud. Leading a team to ensure robust security practices for business growth.
Security Lead at Qargo overseeing security strategy and implementation for a cloud - native transport platform. Collaborating with engineering to ensure compliance and resiliency across Europe.
Cyber Security Engineer responsible for application security and vulnerability management for Consort Group. Supporting secure development practices and collaborating with development teams to identify and mitigate security risks.
Infrastructure Security Consultant deploying and implementing network security solutions at Consort Group. Responsible for analyzing and producing comparative syntheses of security solutions with a hybrid work arrangement.
Project Manager for cybersecurity at Consort Group, leading security solution implementations and client engagement. Collaborating within teams to execute comprehensive cybersecurity projects while ensuring client satisfaction.
Cybersecurity Intern supporting Keenova's security program through hands - on experiences and mentorship. Engaging in various cybersecurity functions and contributing to meaningful projects.