Why Wendy's When our square shaped burgers made their first sizzle on the scene more than 50 years ago, people knew our approach wasn’t like any other. Same goes for the way we support our employees. Our culture of openness, flexibility, and inclusiveness allows everybody to flourish in their own way. If you’re looking for a career where you can be part of the action as we continue to grow our iconic brand – We got you! The Information Security team is looking for a Senior Engineer to expand their Application Security practice. This is a hands-on role responsible for analyzing complex systems and applications, performing application security analysis, executing web application penetration tests, identifying potential and actual vulnerabilities, and working alongside architects, engineers and developers to influence secure product design and architecture for both on-prem and cloud solutions. The selected candidate should have experience with secure software design principles, software assurance methodologies, common vulnerability types and best-practices to avoid them, a working knowledge of operating system internals, network architectures and services, and IP protocols. The candidate should have prior experience in the creation and assessment of complex solutions through a CI/CD/CT pipeline, including testing automation. The ideal candidate will have an understanding of, and hands-on experience with, enterprise application design and development processes. A background in full-stack development, software assurance, quality assurance, or solutions architecture is a plus. Responsibilities Executes on the Company’s Software Assurance program to identify and mitigate application vulnerabilities throughout the development lifecycle using a variety of automated and manual security tools and techniques. Designs, develops, and implements custom security tooling that enable the Company to mitigate risk and ensure that information is protected and available to the business in a timely fashion. Collaborates with other technical leads (Developer, QA, Application, DevSecOps), product owners, project managers, and technical subject matter specialists to integrate security controls into a cohesive architecture that sufficiently mitigates risk to the company. Executes delivery of automated metrics and reporting systems to measure Application Security Engineering effectiveness and consistency. Maintains and administrates Application Security Engineering tooling and systems. Designs and implements integrations and automations between Application Security Engineering tooling/systems and other processes/systems. Develops, recommends, and enhances information risk management policies and standards, including controls, processes, and procedures to ensure that information is protected and available to the business in a timely fashion. Assists in management of external vendors and assist in the process of procuring and testing new vendor technology. Performs research of architectural issues for information security. Performs other duties as assigned. #LI-Remote
What we expect from you 5+ years of experience in an application security specific role; 7 years of experience preferred. One or more of the following: Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Global Information Assurance Certification (GIAC) or other industry certifications.Knowledge of, and experience with, common application security testing approaches, e.g. SAST, DAST, IAST, MAST, etc.Understanding of OpenSAMM, BSIMM, NIST SP800-30 R1, PTES, OWASP Top 10 and/or other industry recognized Risk Assessment/Pen Testing/Software Assurance frameworks.Working knowledge PCI DSS compliance requirements. Including prior PCI DSS compliance pen test/project experience.Familiarity with cloud-based technologies (e.g. AWS, Azure, etc.…) and DevSecOps model.Familiarity with agile programing environments, SDLC, automated testing technologies and common programming languages e.g. .NET, JavaScript, Java, Swift, Objective C, PHP, etcAbility to convey complex technical security concepts to technical and non-technical audiences including executives.Motivation to constantly improve processes and methodologies. Strong problem-solving aptitude with ability to think clearly under pressure and in challenging/complex environments. Ability to identify and understand how systems and tools work in the absence of instructions or training.Knowledge of, and experience utilizing, commercial and open source application security tools (e.g. Veracode, Checkmarx, QARK, Burp Suite, OWASP Zap, Arachni, Nikto, Retina, etc.).Knowledge of commercial and open source security (e.g. Nessus, Nexpose, SAINT, Qualys, Burp, Nmap, Kali Linux, Metasploit framework, Wireshark, Kismet, Aircrack-ng, etc...).Familiarity with common scripting languages (e.g. Python, Ruby, BASH, PowerShell, Perl, etc…) and the ability to write code independently in select language(s).Strong interpersonal, written, and oral communication skills. Highly self-motivated and directed and keen attention to detail.Knowledge of network architectures, enterprise routing, network services, system types, network devices, development platforms / software suites, database products, and operating systems (e.g. Linux, Windows, Cisco, Juniper, Oracle, SQL Server, Active Directory, LDAP, Java, .NET, etc.).Understanding of and experience with Agile methodology required; SAFe certification strongly preferred.Wendy’s was built on the premise, "Quality is our Recipe®," which remains the guidepost of the Wendy's system. Today, Wendy's and its franchisees employ hundreds of thousands of people across more than 7,000 restaurants worldwide with a vision of becoming the world's most thriving and beloved restaurant brand.Education: High School Diploma/GEDTravel: 10%Pay Range: $85,000 - $145,000 Annually
Wendy's is an equal employment opportunity employer who may provide reasonable accommodation to enable individuals with disabilities to perform the essential functions of the job.
