Remote-Red Team Lead
YRSG is instituting a COVID-19 vaccination mandate for health and safety reasons. Effective January 3, 2022, YRSG requires that corporate employees are fully vaccinated against COVID-19 as a condition of employment, subject to reasonable accommodation as required by law.
A successful Red Team Lead at Yum! Brands should possess a deep understanding of both information security and computer science, as well as maintain the ability to communicate with technical peers and business leaders throughout the organization. They should possess a solid foundation or deep understanding of concepts such as secure network architecture best practices, operating system security architecture, IAM principles, as well as website and mobile application security. The penetration tester must be able to learn industry standard processes such as the penetration testing execution standards (PTES) when delivering a penetration testing service. Yum Brands penetration services may require the following: network testing, web application testing, hardware/signals testing on IoT devices, and product efficacy testing.
This role is technical and challenging, with opportunities to work in some of the most exciting areas of security on extremely technical and challenging work. Yum Brands encourages creativity and expects the penetration tester to emulate real world threat adversaries in their approach to discovering and quantifying risk throughout the enterprise. The ideal candidate would be able to:
- Perform threat modeling through various Open Source Intelligence Techniques
- Plan a course of action to gain an advantage on current state of security
- Emulate real world threat adversarial trends, tactics, and procedures
- Execute the plan, quantify the risk, and communicate with broad range of audience
- Present relevant data in a digestible manner.
- Think well outside the box, and pick up new technical skills quickly
At Yum!, you'll be faced with complex problem-solving opportunities and hands-on testing opportunities daily. We help our brands and franchisees protect their most sensitive and valuable data through comprehensive and real-world scenario testing. The candidate will be expected to expound upon the genuine business risk(s) to the immediate brand, region, and overall business based on your findings, not just to gain escalated privileges. The candidate is expected to contextualize that into a real-world business solution to the problem which has been uncovered.
The candidate will be expected to quickly assimilate new information frequently. As well as conceptualize and understand all of the potential threat vectors to each environment to adequately assess them. You will be joining a security team charged with protecting the largest restaurant company in the world, are you up to the challenge?
- Perform network penetration, web and mobile application testing, source code reviews, threat analysis, hardware assessments, wireless network assessments, and social-engineering assessments
- Perform continuous Threat Hunting engagements for both internal and external platforms.
- Develop comprehensive and accurate reports and presentations for both technical and executive audiences
- Work directly with technical services teams to remediate risks identified and to sharpen detection capabilities with our SOC.
- Recognize and safely utilize attacker tools, tactics, and procedures
- Develop scripts, tools, or methodologies to enhance Yum’s red teaming processes
- Assist with scoping prospective engagements, leading engagements from kickoff through remediation, and mentoring less experienced staff
- Must be fully vaccinated by January 3, 2022, subject to reasonable accommodations. Proof of vaccination required.
- Bachelor's degree in a technical field, and/or strong technical pentest certifications such as OSCP, OSCE, GXPN
- Professional level certification such as CISSP, CISM, CEH nice to have.
- 2-5 years' experience in at least three of the following:
- Red Team pentest tools such as Kali, Bloodhound, MetaSploit, BurpSuite, etc
- Network penetration testing and manipulation of network infrastructure
- Mobile and/or web application assessments
- Shell scripting or automation of simple tasks using Perl, Python, Go, or Ruby
- Developing, extending, or modifying exploits, shellcode or exploit tools
- Developing applications or scripts in C#, ASP, .NET, ObjectiveC, Go, Java (J2EE), Python, or Ruby
- Reverse engineering malware, data obfuscators, or ciphers
- Source code review for control flow and security flaw
- Strong knowledge of and preferably experience with at least one or more of the major cloud providers (AWS, Azure, and GCP)
- Strong work experience with Firewalls, IPS/IDS, SIEM, WAF, Vulnerability Management, and EndPoint Protection solutions.
- Working knowledge of CI/CD and SDLC deployment lifecycles and mechanisms
- Strong knowledge of tools used for wireless, web application, and network security testing
- Thorough understanding of network protocols, data on the wire, and covert channels
- Mastery of Unix/Linux/Mac/Windows operating systems, including bash and Powershell
- Ability to travel up to 30% (not sure what this will be yet)
- Ability to successfully interface with business stakeholders (internal and external)
- Ability to document and explain technical details in a concise, understandable manner
- Ability to manage and balance their own time among multiple tasks, and lead junior staff when required
Our mission at Yum! is to build the world’s most loved, trusted and fastest growing restaurant brands. KFC, Pizza Hut, Taco Bell and The Habit Burger Grill continue to thrive as relevant, distinctive and easy to access global brands, with over seven new restaurants opening per day on average.
But it’s not about where we are – it’s about where we are going. We are using technology to create competitive advantages and drive unit economics for our 50,000 restaurants around the world, all designed to make it easier for customers to order the chicken, pizza, tacos and burgers they crave in our more than 150 countries and territories.
We do this work while caring for our people and our communities. In 2019, Yum! Brands was named to the Dow Jones Sustainability North America Index; the following year, the company ranked among the top 100 Best Corporate Citizens by 3BL Media. And in 2020, we committed $100 million over the next five years to unlock opportunity and fight inequality.
Yum! is a place where all employees can be themselves, make a difference and have fun. Our unique culture is built around our values of believing in our people, trusting in their positive intentions, encouraging ideas from everyone and recognizing wins — both big and small.
For those who join the world’s largest restaurant company, growth opportunities are endless.
Yum! has instituted a COVID-19 vaccination requirement for health and safety reasons. Yum!requires that corporate employees be fully vaccinated against COVID-19 and be able to show proof of vaccination upon starting with the company as a condition of employment, subject to reasonable accommodation as required by law.
Benefits at Yum!
Most of the employee programs and benefits are applicable in the U.S. Internationally, benefits are tailored by market and role. Check with your hiring team to see which ones apply to your job in your market.
Yum! Brands RSC, 1441 Gardiner Ln, Louisville, KY 40213, 502.874.8300