AppSec Jobs
← Back to all jobs

Yum! Brands

Security Engineer III

IndiaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Yum! Brands

Yum! Brands is the largest restaurant company in the world by the number of locations, operating over 62,000 restaurants in more than 155 countries and territories. Founded in 1997 as Tricon Global Restaurants, the company rebranded to Yum! Brands in 2002. Its portfolio includes four well-known brands: KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill, each catering to different market segments. The company primarily operates through a franchised business model, with over 98% of its restaurants run by franchisees. Yum! Brands has a significant global presence, generating about half of its franchise revenue from international markets, particularly in fast-growing regions like China and India. The company focuses on sustainable growth and aims to expand its beloved restaurant brands while adapting to local tastes and preferences.

Industry

restaurants

Employees

40,000

395 engineers

Revenue

$8.2B

Website

Visit →

Security at Yum! Brands

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

  • Stated AppSec Mission: "Partner with US teams to provide security guidance as a subject matter expert around application security"– Security Engineer II .
  • Developer Enablement vs. Gatekeeping: "Conduct awareness campaigns with engineering teams to ensure application development adheres to YUM! Global Technology Risk Management..."– Security Engineer II .
  • Risk Philosophy: "Aligning with a risk-based approach, collaborate with third-party engineers...to identify, prioritize, and remediate vulnerabilities"– Security Engineer II .
  • Stated Pain Points or Goals: "Conduct threat modeling exercises to identify potential risks at the design and architecture stages"– Security Engineer III .
  • Gaps & Contradictions: No public statements found regarding 'paved road' or 'developer-first' branding.

Security Team

Org Structure & Reporting Line: Information not publicly available. Key Public-Facing Leaders: Ethan Steiger, Chief Security Officer – https://www.linkedin.com/in/ethansteiger. Key Quote: "CHIEF SECURITY OFFICER with 25 years combined experience in establishing respected…"– Ethan Steiger LinkedIn . Active AppSec Job Postings (as_of:): Count: 2 (Security Engineer II and III). Common Skill/Tool Patterns: Emphasis on SAST, DAST, container scanning, and threat modeling. Gaps & Contradictions: Specific reporting lines (e.g., AppSec to CISO) are not explicitly defined in public profiles.

Key Initiatives

Security Champions Program: No Evidence Found. "Shift Left"in Practice: "Conduct threat modeling exercises to identify potential risks at the design and architecture stages"– Security Engineer III . Vulnerability Management Process: Intake: "...scanning tools for containers, SAST, DAST, and crowd sourced pen testing."– Security Engineer II . Triage/Remediation: "...collaborate with third-party engineers...to identify, prioritize, and remediate vulnerabilities"– Security Engineer II . Secure SDLC Artifacts: "...ensure application development adheres to YUM! Global Technology Risk Management development standards."– Security Engineer II . Recent Initiatives (Last 6 Months): Information not publicly available. Gaps & Contradictions: No evidence of a formal 'Security Champions' program or specific remediation SLAs (e.g., 30-day fix) found in public data.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.