DevSecOps Engineer
Description:
At Yum!, we're looking for a DevSecOps engineer to add to our dynamic and rapidly scaling team. We're making this investment to help us create a new technology-focused division within Yum! Brands—the largest restaurant company in the world.
We're searching for a DevSecOps engineer to work in a multifunctional environment alongside quality engineering, infrastructure and development teams. The ideal candidate will craft globally scalable, secure solutions to drive the next generation of our business. While collaborating with similar-minded technology enthusiasts, the DevSecOps engineer will provide security insights in systems architecture design. The candidate will also diligently inject security practices into the software delivery life cycle while maintaining a rapid pace of developer productivity.
Job Duties
As a DevSecOps engineer, you will:
* Analyze security threat vectors early in the development process.
* Analyze and manage issues on our platform before they impact customers.
* Improve operational maturity by producing long-term fixes for issues identified from on-call rotation.
* Partner with Yum! security teams to align DevSecOps and jointly maintain Yum's industry-leading privacy and security standards.
Skills and Qualifications
* 5+ years of experience with cybersecurity in cloud environments.
* Experience leading application threat modeling and vulnerability assessments for distributed systems.
* Comfortable with securing a production container ecosystem (Docker, EKS, Fargate/ECS, Kubernetes, service discovery and service registry) in a continuous delivery environment using Jenkins, Ansible, Terraform or similar programs.
* Proven track record of securely architecting and owning cloud platforms, such as AWS, GCE and Azure, using infrastructure as code techniques.
* Experience running security tools such as vulnerability scanners and static
code analyzers.
* Programming and scripting fundamentals (e.g., Python, JavaScript, etc.).
* Ability to solve problems by working with team members to resolve large-scale production issues.
* Hands-on technical skills in modern application deployment, NoSQL databases, content delivery networks, web application firewalls, network analysis tools and other distributed systems technologies.
* Experience designing and implementing standards-based solutions to security challenges at enterprise scale and speed.
* Experience with standards and compliance (e.g., HIPAA, ISO-27002, PCI, NIST, GDPR
and CCPA).
* Bachelor of science degree in computer science or related field from an accredited institution is required, or equivalent work experience.