Back to search results

Reference Number: PR 0003594

Sr. Engineer - Offensive Security

1 Dave Thomas Blvd.
DUBLIN, OH 43017

What you'll do

Overview

The Information Security group is looking for a Senior Engineer in the Offensive Security area.  This is a hands-on role responsible for executing penetration testing, security consulting, and various other red team assessments of complex applications, operating systems, wired and wireless networks, mobile applications/devices, and IT operational processes.

The selected candidate should have experience and understanding various automated/manual penetration testing tools and use of exploits to evaluate security of operating systems, different network architectures, network services, and protocols.  The candidate should have prior experience conducting risk assessments using recognized security frameworks (e.g. NIST, SANS Top 20, OWASP Top 10, PCI DSS).

The ideal candidate will have understanding and hands-on experience with of a wide variety of IT support processes.  Background in Network Infrastructure, Server Engineering, Security Operations, and/or Application Development are considered a plus.

 

Specific Responsibilities Include

  • With full competence, executes penetration testing, and other security assessments of complex applications, operating systems, wired/wireless networks, and mobile applications/devices.
  • With full competence, collaborates with other technical leads (Network, Server, and Application), project managers, and technical subject matter specialists to integrate security controls into a cohesive architecture that sufficiently mitigates risk to the company.
  • As the representative of the Information Security team integrates with the DevOps and/or Software Development teams to ensure application code and build processes meet security requirements.
  • With full competence, develops, recommends, and enhances information risk management policies and standards, including controls, processes, and procedures to ensure that information is protected and available to the business in a timely fashion.
  • Maintains current knowledge of applicable compliance requirements and how they affect technology decisions and implementations.  Performs research of architectural issues for information security.
  • Is able to act as a source of direction, training, and guidance for less experienced staff. May be asked to mentor and coach other IT security staff to provide guidance and expertise in their growth.
  • Performs other duties as assigned

This position will be based at The Wendy's Company headquarters in Dublin, a suburb of Columbus, OH. Wendy’s is the world's second largest quick-service hamburger company and was built on the premise, "Quality is our Recipe®," which remains the guidepost of the Wendy's system. Today, Wendy's and its franchisees employ hundreds of thousands of people across more than 6,700 restaurants worldwide with a vision of becoming the world's most thriving and beloved restaurant brand. 

Not familiar with Columbus? Visit www.liveworkplaycolumbus.com

What we expect from you

Education / Experience

  • 5+ years of experience in an information security specific role; 7 years of experience preferred.    
  • Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), Offensive Security Certified Expert (OSCE), Global Information Assurance Certification (GIAC) or other industry certifications.
  • Knowledge of network architectures, enterprise routing, network services, system types, network devices, development platforms / software suites, database products, and operating systems (e.g. Linux, Windows, Cisco, Juniper, Oracle, SQL Server, Active Directory, LDAP, Java, .NET, etc.)
  • Understanding of NIST SP800-30 R1, PTES, OWASP SAMM, OWASP Top 10 and/or other industry recognized Risk Assessment/Pen Testing/Software Assurance frameworks.
  • Working knowledge PCI DSS compliance requirements.  Including prior PCI DSS compliance pen test/project experience.
  • Familiarity with cloud-based technologies (e.g. AWS, Azure, etc.) and DevOps model.
  • Familiarity with agile programming environments, SDLC, automated testing technologies and common programming languages such as .NET, JavaScript, Java, Swift, Objective C, PHP, etc.
  • Ability to convey complex technical security concepts to technical and non-technical audiences including executives.
  • Motivation to constantly improve processes and methodologies. Strong problem solving aptitude with ability to think clearly under pressure and in challenging/complex environments. Ability to identify and understand how systems and tools work in the absence of instructions or training.
  • Knowledge of commercial and open source security tools (e.g. Nessus, Nexpose, SAINT, Qualys, Burp, Nmap, Kali Linux, Metasploit framework, Wireshark, Kismet, Aircrack-ng, Veracode, Checkmarx, etc.)
  • Familiarity with common scripting languages (e.g. Python, Ruby, BASH, PowerShell, Perl, etc.) preferred. 
  • Strong interpersonal, written, and oral communication skills. Highly self-motivated and directed and keen attention to detail.
  • Bachelors Degree preferred but not required; relevant industry experience acceptable.  

Wendy's is an equal employment opportunity employer who may provide reasonable accommodation to enable individuals with disabilities to perform the essential functions of the job.

Wendy's is an equal employment opportunity employer who may provide reasonable accommodation to enable individuals with disabilities to perform the essential functions of the job.

About this location

1 Dave Thomas Blvd.
DUBLIN, OH 43017

Travel Directions