Job Openings at KFC

WHAT WILL YOU SPEND YOUR TIME DOING?

Security Operations & Management (30%)

• Contribute to, maintain, and enforce security policies, procedures, and standards.
• Oversee security risk assessments, vulnerability scans, and penetration tests.
• Monitor and triage security alerts from SIEM/EDR tools; investigate events, determine root cause analysis, and coordinate remediation.
• Coordinate with IT teams to implement technical safeguards, including firewalls, encryption, identity and access controls.
• Progress awareness programs to educate employees on security best practices.

Governance, Risk & Compliance (30%)

• Produce periodic risk reports and dashboards for leadership, highlighting trends, key risks, and recommended mitigations.
• Assist in policy/procedure development, secure baselines, and compliance evidence collection for audits.
• Contribute to risk assessments (systems, projects, suppliers), translating technical issues into business risk statements with likelihood/impact.
• Support control design and testing aligned to frameworks (ISO 27001 Annex A, NIST CSF, CIS Controls) and regulatory obligations (e.g., GDPR; PCI DSS if in scope).
• Hold clear authority to challenge priorities, influence sequencing of investment, and recommend funding decisions at enterprise level

Incident Response & Readiness (20%)

• Participate in incident response (IR) lifecycle: detection, analysis, containment, eradication, recovery, lessons learned.
• Maintain IR playbooks and run tabletop exercises; drive post-incident improvements and control tuning.

Vulnerability & Patch Management (20%)

• Own scheduled vulnerability scans; analyze findings, assign risk scores, and produce remediation plans in partnership with Infrastructure/tech teams.
• Track patching SLAs, exceptions, and compensating controls; measure and report progress against risk-based targets.
• Validate remediation through rescanning and regression checks

Working relationships:

• Cross functional teams within technology; this includes making them clear on the security standards in relation to the products they own and making sure any suppliers they managed are clear on expectations.
• Wider business teams: this includes awareness on security posture and best practice, including items such as password behaviour, device control and application screen (onboarding of SaaS solutions etc).
• Global teams; includes working with our Yum! partners to ensure global compliance, trends and alignment, directly with audit but indirectly with strategy and alignment to new process/tools.

WHAT WE LOVE FROM YOU: 

Education/Certifications 

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent practical experience).
• Relevant certifications (one or more strongly preferred): CompTIA Security+, CySA+, SSCP, GIAC (e.g., GSEC/GCIH), AZ-500, MS-500, CCSK/CCSP, ISO 27001.

Experience 

• Solid experience in a security analyst or similar role within IT security operations.
• Hands-on experience with vulnerability management (scanning, analysis, and remediation coordination).
• Practical experience with endpoint security/EDR and SIEM alert triage and incident remediation.
• Demonstrated ability to produce risk reports and drive risk mitigation actions with cross-functional teams.
• Exposure to incident response and security testing (e.g., assisting with pen tests, red team findings, or threat modeling).
• Familiarity with industry standards controls and regulations (e.g., NIST, CIS, GDPR, HIPAA).
• Familiarity with Directory Services (Active Directory and Entra ID) with emphasis on security.
• Good communication skills and the ability to collaborate effectively with diverse teams.

Knowledge and Expertise 

• Risk & Compliance: Solid understanding of risk assessment methodologies, control frameworks (ISO 27001, NIST CSF, CIS Controls), and regulatory basics (GDPR; PCI DSS).
• Security Controls: Network, endpoint, identity, data protection, secure configuration, and logging/monitoring fundamentals.
• Cloud & Modern IT: Working knowledge of security in Microsoft 365, Azure (IAM, Conditional Access, Defender suite), and common SaaS platforms.
• Threat Landscape: Awareness of common attack vectors (phishing, ransomware, privilege misuse, misconfiguration) and defense-in-depth strategies.

Skills 

• Analytical & Detail-Oriented: Keen eye for anomalies; precise documentation and follow-through.
• Communication: Clear written and verbal communication—translating technical detail into business-friendly risk insights.
• Collaboration: Works well with Infrastructure, Application, and Business teams; influences without authority.
• Self-Motivation: Proactive ownership; drives tasks to completion with minimal supervision.
• Process Discipline: Organizes workload, meets deadlines, and adheres to SLAs and standards.
• Ethics & Confidentiality: Handles sensitive information with discretion and integrity.

go to method of application »

ABOUT THE ROLE

• Accountable for the design, ownership, and continuous improvement of KFC UK&I’s network solutions, ensuring secure, resilient, and high-performing connectivity across 1,000+ restaurants and corporate environments. 
• Responsible for leading the network engineering team, mentoring two network engineers, and managing the delivery and lifecycle of network technology and services. Vendor collaboration is a key part of this role as KFC have partnered with various organisations to assist with the day-to-day operation. 

WHAT WILL YOU SPEND YOUR TIME DOING?

Network Solution Design & Authority

• Owner of network architecture and design, accountable for developing and maintaining scalable, secure, resilient, and innovative solutions that align with business and security requirements.
• Responsible for evaluating emerging technologies, driving adoption of best practices, and ensuring all network solutions are future-proof and cost-effective.
• Team Leadership & Mentoring
• Lead, mentor, and develop a team of network engineers, managing their workload, performance, and professional growth.
• Allocate tasks, set priorities, and ensure the team delivers high-quality support and project outcomes within agreed SLAs.
• Operational Excellence
• Accountable for the operational integrity of WAN, LAN, Wi-Fi, and cloud-based network services.
• Oversee incident response, troubleshooting, and root cause analysis for complex network issues, ensuring timely resolution and minimal business impact.
• Owner of network device configuration management, backup, and disaster recovery processes.

Security & Compliance

• Responsible for enforcing network security baselines, compliance with internal policies, and external standards (e.g., ISO 27001, NIST CSF).
• Collaborate with the Security team on vulnerability management, incident response, and audit readiness.

Supplier & Stakeholder Management

• Act as the primary technical authority with network service providers and hardware vendors, accountable for SLA adherence, capacity planning, and service improvement.
• Coordinate change windows, communications, and post-change validation with business and IT stakeholders.

Documentation & Governance

• Owner of network documentation, including diagrams, inventories, runbooks, and change records.
• Contribute to architecture standards, design reviews, and continuous improvement initiatives.

On-call & Travel

• Participate in an on-call rota for major incidents and perform occasional travel to sites and data centers.

Working relationships:

• Cross functional teams within technology; collaborate with infrastructure, security, and Tech teams to align network designs and configurations with security standards.
• Wider business teams: Engage with operational and business units to promote awareness of network security best practices.
• Global teams; work closely with global partners (e.g., Yum! brands) to maintain compliance with corporate standards and security policies.
• 3rd Party Partner teams: work closely with partners to maintain the security and operational integrity of the network and associated services.

WHAT WE LOVE FROM YOU: 

Education/Certifications

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent practical experience). 
• Cisco CCNP or higher (or equivalent). 
• Cloud networking certification (e.g., Azure/AWS) highly desirable. 
• Security certifications (e.g., CompTIA Security+, CySA+, or SSCP) are advantageous.

Knowledge and Expertise 

• Routing & Switching: Expert knowledge of BGP, static routing, route redistribution. VLANs, trunking, STP variants, LACP/EtherChannel.
• Cloud & Modern IT: Significant knowledge of cloud networking principles including the design and configuration of services (Azure/AWS), including Express Routes, vNets, NGS’s, routing tables, and security appliances.
• Networking Principles & Protocols: Expert understanding of network protocols and infrastructure such as TCP/IP, DNS, DHCP, 802.1x. SD-WAN, PKI, Radius, QoS, IP addressing and subnetting.
• Firewalls: Substantial understanding and experience of policy & object configuration, IPS/IDS, web filtering, application control, SSL inspection, VPN’s, IPsec tunnels, HA clusters, segmentation, and NAT.
• Security Controls: Proven ability to implement, and maintain robust network security measures for infrastructure, users, and devices. Skilled in configuring security policies, logging and monitoring, and integrating advanced solutions such as IDS/IPS, NAC, and network segmentation.
• Management & Monitoring: Proficient with SNMP, syslog, SIEM, and network automation, capacity planning and monitoring tools including introducing such tooling.
• Threat Landscape: Deep understanding of common networking attack vectors and defense-in-depth strategies.
• Risk & Compliance: Board understanding of risk assessment methodologies, control frameworks (ISO 27001, NIST CSF, CIS Controls).

Skills 

• Analytical & Detail-Oriented: Keen eye for anomalies; precise documentation and follow-through.
• Communication: Clear written and verbal communication—translating technical detail into business-friendly risk insights.
• Collaboration: Works well with Infrastructure, Application, and Business teams; influences without authority.
• Self-Motivation: Proactive ownership; drives tasks to completion with minimal supervision.
• Process Discipline: Organizes workload, meets deadlines, and adheres to SLAs and standards.
• Ethics & Confidentiality: Handles sensitive information with discretion and integrity

go to method of application »

Support and maintain KFC UK&I’s network infrastructure for 1,000+ restaurants, ensuring secure and reliable connectivity. 

Responsibilities include SD-WAN, switch management, security settings, supplier coordination, troubleshooting, upgrades, performance monitoring, and compliance. Requires strong stakeholder engagement and expertise in large-scale networks.

WHAT WILL YOU SPEND YOUR TIME DOING?

Network Operations & Support 

• Provide operational support for WAN, LAN, Wi-Fi solutions and cloud-based network services across the estate, including cloud. 
• Respond to incidents and service requests, including hybrid connectivity issues between data centers, store sites, and cloud platforms.
• Troubleshoot complex issues: routing, switching, 802.1X, Wi-Fi performance, firewall policies, and SD-WAN overlays/underlays.
• Monitor capacity, performance, and availability; proactively remediate risks and single points of failure.
• Maintain and test regular backups of network device configurations. 
• Ensure backup processes are automated, tested, and stored securely in compliance with organisational policies. 
• Develop and maintain disaster recovery procedures for network infrastructure, including restoration steps and failover strategies.

Configuration & Deployment

• Implement and maintain network configurations in line with organisational standards and best practices. 
• Support network upgrades, migrations, and technology refresh projects across distributed environments including cloud.
• Ensure accurate configuration of network devices, including switches, firewalls, and wireless controllers and both in the physical and virtual space. 
• Validate and test changes before deployment to minimise risk and ensure service continuity.
• Plan and execute pilots, phased rollouts, and post-implementation reviews across distributed sites.

Security & Compliance

• Enforce network security baselines across on-premise and cloud environments, including least privilege, segmentation, encryption, secure management, logging, and patching.
• Collaborate with the Security team on vulnerability management, incident response, and audit readiness.
• Update and maintain secure configurations in line with company polices and standards.

Supplier & Stakeholder Management

• Act as technical lead with network service providers and hardware vendors; ensure SLA adherence, capacity planning, and service improvement.
• Coordinate change windows, communications, and post-change validation with store operations and IT stakeholders.

Documentation & Governance

• Maintain accurate network diagrams, inventories, runbooks, standard operating procedures, and change records.
• Contribute to architecture standards, design reviews, and continuous improvement initiatives.

On-call

• Participate in an on-call rota for major incidents and perform occasional travel to sites and data centers.

Working relationships

• Cross functional teams within technology; collaborate with infrastructure, security, and Tech teams to align network designs and configurations with security standards.
• Wider business teams: Engage with operational and business units to promote awareness of network security best practices.
• Global teams; work closely with global partners (e.g., Yum! brands) to maintain compliance with corporate standards and security policies.

WHAT WE LOVE FROM YOU: 

Education & Certifications

• Bachelor’s degree in Computer Science, Information Security, or related field (or equivalent experience).
• CCNA/CCNP or equivalent; cloud networking certification (Azure/AWS) preferred.
• Security certifications (e.g., Security+, CySA+, SSCP) a plus.

Experience

• Experience in large enterprise network engineering, ideally in retail or multi-site environments.
• Hands-on delivery and support of SD-WAN, large-scale Wi-Fi, NAC, and firewall solutions across hybrid (cloud/on-prem) environments.
• Experience managing switches, routers, firewalls, and wireless controllers across multi-vendor networks.
• Proven ability to deliver change in high-availability, mission-critical environments with minimal downtime.
• Strong vendor management experience, including SLA oversight.

Technical Knowledge

• Networking: BGP, static routing, VLANs, STP, LACP, TCP/IP, DNS, DHCP, QoS, subnetting.
• Cloud: Azure/AWS networking, including ExpressRoute, VNets, routing tables, and security services.
• Security: Firewalls (IPS/IDS, VPNs, SSL inspection, NAT, segmentation), NAC, and network security controls.
• Monitoring & Automation: SNMP, syslog, SIEM, network monitoring, automation, and capacity planning.
• Risk & Compliance: Understanding of network threats, defense-in-depth, and frameworks such as ISO 27001, NIST, and CIS.

Skills & Behaviours

• Strong analytical skills with attention to detail and documentation.
• Clear communicator, able to translate technical risk into business terms.
• Collaborative, proactive, and able to work across technical and business teams.
• Organized, self-directed, and committed to ethical handling of sensitive information