About Us

The Kraft Heinz Company is one of the largest food and beverage companies in the world, with eight $1 billion+ brands and global sales of approximately $25 billion. We’re a globally trusted producer of high-quality, great-tasting, and nutritious foods for over 150 years. Our brands are truly global, with products produced and marketed in over 40 countries. These beloved products include condiments and sauces, cheese and dairy, meals, meats, refreshment beverages, coffee, infant and nutrition products, and numerous other grocery products in a portfolio of more than 200 legacy and emerging brands.

No matter the brand, we’re united under one vision: To sustainably grow by delighting more consumers globally. Bringing this vision to life is our team of 39,000+ food lovers, creative thinkers, and high performers worldwide. Together, we help provide meals to those in need through our global partnership with Rise Against Hunger. We also stand committed to responsible, sustainable practices that extend to every facet of our business, our consumers, and our communities. Every day, we’re transforming the food industry with bold thinking and unprecedented results. If you share our passion – and are ready to create the future, build a legacy, and lead as a global citizen – there’s only one thing to do: join our table and let’s make life delicious!

Our Culture of Ownership, Meritocracy and Collaboration

We're not afraid to think differently. Embrace new ideas. Dream big. We empower our people at every level – from entry-level intern to senior leader – to own their work. We share a responsibility to think like Owners – to be mindful of the collective and sustained success of Kraft Heinz – which we apply to every situation, every day.

As part of Kraft Heinz, you're supported to grow and achieve. You’re expected to bring your authentic self to work every day, to lead with humility, and drive outstanding performance at every level – and you’ll be rewarded. You’re given opportunities to leave a mark and build a legacy. But you won’t do it alone. You’re supported by passionate teammates along the way, and our collective, collaborative spirit fuels our incredible progress.

General information

All posting locations: Chicago, Illinois, United States of America

Job Function: 04 - IT

Department: 04 - 06 - Security & Compliance

Date Published: 15-Sep-2021

Job Type: Regular

Description & Requirements

Role (Manager- Cloud Application Security)

Do you love working hands-on with Developers to guide and provide development teams with application security best practice solutions? IF YES - keep reading!

The Manager of Cloud Application Security will be responsible for building security into all KraftHeinz’s products end-to-end. This includes providing guidance- enablement- workshops- education- and best practices to drive specific technical and architectural principles into KraftHeinz. This position is responsible for the analysis- evaluation- and execution of an ideal application security offering that integrates development activities- information security- and the automated release methods within the CI/CD pipeline. Ultimately- the successful candidate has a strong sense of development lifecycles and information security- all accompanied by a highly personable and engaging communication approach.

Primary Responsibilities

  • Through close collaboration with product and engineering teams- ensure the adoption of SDLC and security best practices across the entire application lifecycle
  • Improve security reporting- including coordinating vulnerability management- penetration testing- and infrastructure compliance
  • You will have responsibilities for secure development methodologies and mechanisms for all KraftHeinz products and services
  • Inform choices through a security lens for the entire development lifecycle- including design- coding & development- QA & security testing- and release
  • Collaborative work with cloud operations team to develop key patterns and templates to implement secure guardrails
  • You will drive effective integration and adoption of best practices- latest methods & techniques in identifying design flaws and software issues
  • The secure design- architecture- and implementation of new applications. This includes secure software development lifecycle (SDLC) practices which incorporate threat modeling and security testing
  • Define- document- and publish Application Security standards in a practical and consumable format for developers. Ensure compliance with applicable security controls when writing such standards.
  • Organizing training to improve employees’ knowledge and skills for future organizational growth as it relates to Architecture principles and standards.
  • Teach- enable- and advocate key Architecture and Technical principles and implementation across all engineers inside the Product Engineering Organization.
  • Lead vendor resources to accomplish the adoption and implementation of devsecops principles- training- and secure coding.

Qualifications

  • Bachelor’s degree and 4+ years of relevant information security experience
  • 4+ years of hands-on experience in application security- pen test- OWASP- security benchmarks- and automation
  • Security tooling and best practices- such as pre-commit/pre-receive hooks- dependency scanning- SAST- IAST- OSS- DAST- RASP- and vulnerability management- etc.
  • Strong understanding of methodologies and tools for threat analysis of complex systems- such as threat modeling and software fuzzing
  • Prior experiencing in implementing and integrating tools for static analysis- dynamic analysis- fuzzing- and penetration testing
  • Microservice architecture expertise and best practices in securing APIs and containers across multi-cloud environments
  • The ability to code is a mandatory skill. Of particular importance is the ability to work with Delivery Infrastructure coding (e.g. Terraform- other required scripting such as Python)
  • Experience working within an Agile Development Lifecycle
  • Experience using Azure DevOps

Equal Opportunity Employer–minorities/females/veterans/individuals with disabilities/sexual orientation/gender identity