Job Description

A successful Red Team penetration tester at Yum! Brands should possess a deep understanding of both information security and computer science, as well as maintain the ability to communicate with technical peers and business leaders throughout the organization. They should possess a solid foundation or deep understanding of concepts such as secure network architecture best practices, operating system security architecture, IAM principles, as well as website and mobile application security. The penetration tester must be able to learn industry standard processes such as the penetration testing execution standards (PTES) when delivering a penetration testing service. Yum Brands penetration services may require the following: network testing, web application testing, hardware/signals testing on IoT devices, and product efficacy testing.

This role is technical and challenging, with opportunities to work in some of the most exciting areas of security on extremely technical and challenging work. Yum Brands encourages creativity and expects the penetration tester to emulate real world threat adversaries in their approach to discovering and quantifying risk throughout the enterprise. The ideal candidate would be able to:

• Perform threat modeling through various Open Source Intelligence Techniques
• Plan a course of action to gain an advantage on current state of security
• Emulate real world threat adversarial trends, tactics, and procedures
• Execute the plan, quantify the risk, and communicate with broad range of audience
• Present relevant data in a digestible manner. 
• Think well outside the box, and pick up new technical skills quickly

At Yum!, you'll be faced with complex problem-solving opportunities and hands-on testing opportunities daily. We help our brands and franchisees protect their most sensitive and valuable data through comprehensive and real-world scenario testing. The candidate will be expected to expound upon the genuine business risk(s) to the immediate brand, region, and overall business based on your findings, not just to gain escalated privileges. The candidate is expected to contextualize that into a real-world business solution to the problem which has been uncovered. 

The candidate will be expected to quickly assimilate new information frequently. As well as conceptualize and understand all of the potential threat vectors to each environment to adequately assess them. You will be joining a security team charged with protecting the largest restaurant company in the world, are you up to the challenge?

Responsibilities:

• Perform network penetration, web and mobile application testing, source code reviews, threat analysis, hardware assessments, wireless network assessments, and social-engineering assessments
• Develop comprehensive and accurate reports and presentations for both technical and executive audiences
• Work directly with technical services teams to remediate risks identified and to sharpen detection capabilities with our SOC.
• Recognize and safely utilize attacker tools, tactics, and procedures
• Develop scripts, tools, or methodologies to enhance Yum’s red teaming processes
• Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff

Requirements:

• Bachelor's degree in a technical field, and/or strong technical pentest certifications such as OSCP, OSCE, GXPN
• Professional level certification such as CISSP, CISM, CEH nice to have.
• 2-5 years' experience in at least three of the following:        

*Red Team pentest tools such as Kali, Bloodhound, MetaSploit, BurpSuite, etc

*Network penetration testing and manipulation of network infrastructure

*Mobile and/or web application assessments

*Shell scripting or automation of simple tasks using Perl, Python, Go, or Ruby

*Developing, extending, or modifying exploits, shellcode or exploit tools

*Developing applications or scripts in C#, ASP, .NET, ObjectiveC, Go, Java (J2EE), Python,  

   or Ruby

*Reverse engineering malware, data obfuscators, or ciphers

*Source code review for control flow and security flaw

• Strong knowledge of and preferably experience with at least one or more of the major cloud providers (AWS, Azure, and GCP)
• Strong work experience with Firewalls, IPS/IDS, SIEM, WAF, Vulnerability Management, and EndPoint Protection solutions.
• Working knowledge of CI/CD and SDLC deployment lifecycles and mechanisms
• Strong knowledge of tools used for wireless, web application, and network security testing
• Thorough understanding of network protocols, data on the wire, and covert channels
• Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell

Additional Qualifications:

• Ability to travel up to 30% (not sure what this will be yet)
• Ability to successfully interface with business stakeholders (internal and external)
• Ability to document and explain technical details in a concise, understandable manner
• Ability to manage and balance their own time among multiple tasks, and lead junior staff when required

#DICE

About Us

Yum! Brands, Inc., based in Louisville, Kentucky, has over 45,000 restaurants in more than 135 countries and territories and is one of the Aon Hewitt Top Companies for Leaders in North America. In 2018, Yum! Brands was recognized as part of the inaugural Bloomberg Gender-Equality Index. In 2017, Yum! Brands was named to the Dow Jones Sustainability North America Index and ranked among the top 100 Best Corporate Citizens by Corporate Responsibility Magazine. The company’s restaurant brands – KFC, Pizza Hut and Taco Bell – are global leaders of the chicken, pizza and Mexican-style food categories. Worldwide, the Yum! Brands system opens over seven new restaurants per day on average, making it a leader in global retail development.

Since our spin-off from PepsiCo in 1997, Yum! Brands has become a truly global company going from approximately 20 percent of profits coming from outside the U.S. to approximately 50 percent in 2016. We’re proud to be the worldwide leader in emerging markets with over 17,000 restaurants, nearly twice as many as the nearest competition. With less than 3 restaurants per million people in the top 10 emerging markets, compared to approximately 57 restaurants per million in the U.S., we are on the ground floor of global growth.

Our mission is to build the world’s most loved, trusted and fastest growing restaurant brands. We are evolving KFC, Pizza Hut and Taco Bell into iconic, distinctive and relevant global brands.

Importantly, we’re extremely proud of our 1.5 million employees around the globe and the unique culture we’ve built, one that’s filled with energy, opportunity, and fun. We believe in our people, trust in their positive intentions, encourage ideas from everyone, and have actively developed a workforce that is diverse in style and background. Yum! Brands is great place to be yourself, grow and make a difference. We have Grow Yourself Week which is devoted to your personal development.

Check out some of our great benefits:

•    4 weeks of vacation per year plus holidays
•    2 paid days off per year to volunteer
•    Onsite childcare through Bright Horizons
•    Onsite dining center (yes, you can eat KFC, Taco Bell or Pizza hut every day!)
•    Onsite dry cleaning, laundry services, concierge
•    Onsite gym with fitness classes and personal trainer sessions
•    Tuition reimbursement, education benefits and scholarship opportunities
•    Discounts for life’s adventures (ex: theme parks, wireless plans, etc.)
•    Generous parental leave for all new parents and adoption assistance program
•    401(k) with a 6% matching contribution from Yum! Brands with immediate vesting
•    Comprehensive medical, vision and dental including prescription drug benefits and 100% preventive care
•    Healthcare and dependent care flexible spending accounts
•    Recognition based culture and unique, fun events year round
•    Healthcare and dependent care flexible spending accounts
•    Recognition based culture and unique, fun events year round
•    Company paid life insurance
•    Grow Yourself Week which is devoted to your personal development