Security Engineer III

Partner with US teams to provide security guidance as a subject matter expert around application security and operate YUM! application security services for the brand. Align with a risk-based approach, collaborate with third-party engineers, and product owners to identify, prioritize, and remediate vulnerabilities in mobile and web applications across YUM! systems.

Requirements

• Bachelor's degree and at least 6-8 years of experience in cybersecurity and/or software development
• Experience with reviewing application cybersecurity vulnerabilities for risk and relevance as well as in vulnerability mitigations/remediation planning, for identified vulnerabilities
• Able to successfully communicate with technical personnel and third parties
• Knowledge of continuous integration and continuous delivery platforms
• Familiarity with relevant compliance and data privacy regulations (e.g. PCI DSS, GDPR, CCPA) and how they impact application security with the ability to incorporate compliance requirements into security testing and remediation processes
• Knowledge of common programming languages and paradigms ( OOP, functional, concurrent, etc)
• Knowledge of cloud environment topics including secrets management, infrastructure as code, and serverless technologies
• Knowledge of CI/CD techniques and build/deployment pipeline technologies
• Knowledge of application scanning tools using both dynamic and static techniques
• Knowledge of containers and container management tools (e.g. Docker, Kubernetes) including how to interpret and remediate security findings and best practices for securing container images and deployments
• Knowledge of HTTP communication
• Knowledge of package management tools for languages and operating systems (e.g. npm, pip, apt, yum)