When our square shaped burgers made their first sizzle on the scene more than 50 years ago, people knew our approach wasn’t like any other. Same goes for the way we support our employees. Our culture of openness, flexibility, and inclusiveness allows everybody to flourish in their own way. If you’re looking for a career where you can be part of the action as we continue to grow our iconic brand – We got you!

The Information Security team is looking for a Senior Engineer to extend their Software Assurance and Security Innovation practice. This is a hands-on role responsible for assessing, designing, implementing, automating and documenting security solutions and processes pertaining to cloud infrastructure, application engineering, DevOps and other platforms. This role will work with platform engineers, innovation teams, and developers on secure best practices in Infrastructure as Code (IaC), cloud design patterns and CI/CD workflows.

The selected candidate should have experience with secure software design principles, software assurance methodologies, common vulnerability types and best-practices to avoid them, a working knowledge of operating system internals, network architectures and services, and IP protocols. The candidate should have prior experience in the creation and assessment of complex solutions through a CI/CD/CT pipeline, including testing automation.

The ideal candidate will have and understanding of, and hands-on experience with, enterprise application design and development processes as this role is responsible for analyzing complex systems and applications, performing application security analysis, executing penetration tests, and identifying potential and actual vulnerabilities. A background in full-stack development, software assurance, quality assurance, or solutions architecture is a plus.

• With full competence, operates security tooling and develops automations that enable the Company to mitigate risk and ensure that information is protected and available to the business in a timely fashion.
• As the representative of the Information Security team, integrates with the DevSecOps, QA, Platform Engineering, Software Development, and Innovation teams to ensure software architecture, application development and build processes meet security requirements.
• With full competence, collaborates with other technical leads (Developer, QA, Application, DevSecOps), product owners, project managers, and technical subject matter specialists to integrate security controls into a cohesive architecture that sufficiently mitigates risk to the company.
• With full competence, research, design and implement cloud compliance and monitoring solutions to provide observability and visibility to meet operational, audit and risk-based needs.
• With full competence, executes penetration testing, and other security assessments of complex applications, operating systems, wired/wireless networks, and mobile applications/devices.
• With full competence, develops, recommends, and enhances information risk management policies and standards, including controls, processes, and procedures to ensure that information is protected and available to the business in a timely fashion.
• Aid in management of external vendors and assist in the process of procuring and testing new vendor technology.
• Performs research of architectural issues for information security.
• Performs other duties as assigned.

• Education: Bachelors Degree; Additional education information (major, etc.): Computer Science; Preferred
• 3+ years of experience in an application security specific role; 5 years of experience preferred.
• One or more of the following: Certified Information Systems Security Professional (CISSP), AWS Certified Solutions Architect Professional, AWS Certified DevOps Engineer Professional, GIAC Cloud Security Automation (GCSA), or other industry recognized certifications.
• Knowledge of, and experience with, common application security testing approaches, e.g. SAST, DAST, IAST, MAST, etc.
• Understanding of OpenSAMM, BSIMM, NIST SP800-30 R1, PTES, OWASP Top 10 and/or other industry recognized Risk Assessment/Pen Testing/Software Assurance frameworks.
• Working knowledge of standard data storage formats and abstractions including YAML, JSON, XML, etc. along with industry-standard database technologies, e.g. SQL, NoSQL, GraphDB, etc.
• Expert understanding of cloud-based technologies and automation tooling, including experience integrating these technologies in holistic business solutions / CI/CD pipelines.
• Familiarity with agile programing environments, SDLC, automated testing technologies and common programming / scripting languages e.g. Python, Ruby, PowerShell, BASH, Perl, etc. and the ability to write code independently in select language(s).
• Ability to convey complex technical security concepts to technical and non-technical audiences including executives.
• Motivation to constantly improve processes and methodologies. Strong problem-solving aptitude with ability to think clearly under pressure and in challenging/complex environments.
• Ability to identify and understand how systems and tools work in the absence of instructions or training.
• Knowledge of, and experience utilizing, commercial and open source application security tools (e.g. Veracode, Checkmarx, QARK, Burp Suite, OWASP Zap, Arachni, Nikto, CodeQL, etc.)
• Knowledge of industry-standard DevOps automation and security tooling, including tflint, tfsec, trivy, Jenkins, GitLab, Azure DevOps, etc.
• Experience with package and dependency management systems, e.g. nuget, npm, bower, maven, gradle, etc., and security best-practices.
• Strong interpersonal, written, and oral communication skills.
• Highly self-motivated and directed and keen attention to detail.
  

“Wendy’s was built on the premise, "Quality is our Recipe®," which remains the guidepost of the Wendy's system. Today, Wendy's and its franchisees employ hundreds of thousands of people across more than 7,000 restaurants worldwide with a vision of becoming the world's most thriving and beloved restaurant brand.

The base pay range for this position is listed below. The base pay actually offered will take into account internal equity and budget for the open position and also may vary depending on the candidate’s job-related knowledge, skills, and experience, among other relevant factors.  This range does not include an estimated value for any benefits, bonus, or other incentives that may be applicable based on position. *  The target annual bonus for this role is 10% of annualized base salary, based on actual company and personal performance. 

Our square burgers make us different and so do our benefits!  Our restaurant support roles are eligible for a wide array of benefits, including things such as parental leave, free EAP sessions, company 401k match and other great offerings.  For more details about our benefits, including an overview of eligibility and terms for certain benefits, please visit our benefits website, www.wendysbenefits.com.*

*NOTE: Wendy’s benefits, bonus, and other incentives are governed by the applicable legal plans and policies and, where appropriate, may be subject to Board approval an individual award agreement terms.  Those documents supersede all other information regarding Wendy’s benefits, bonus, and other incentives.  Wendy’s retains the right to amend or terminate its plans and policies at its sole discretion, in accordance with applicable plans, policies and laws.”

#LI-Remote