Job Description

Ready to make your next big professional move? Join us on our journey to achieve our big dream of building the most loved restaurant brands in the world. Restaurant Brands International Inc. is one of the world's largest quick service restaurant companies, with nearly $45 billion in annual system-wide sales and over 32,000 restaurants in more than 120 countries and territories. RBI owns four of the world's most prominent and iconic quick service restaurant brands – TIM HORTONS, BURGER KING, POPEYES, and FIREHOUSE SUBS. These independently operated brands have been serving their respective guests, franchisees, and communities for decades. Through its Restaurant Brands for Good framework, RBI is committed to improving sustainable outcomes related to its food, the planet, and its people and communities. RBI is focused on growing the TIM HORTONS, BURGER KING, POPEYES, and FIREHOUSE SUBS brands by leveraging their core values, employee and franchisee relationships, and long-standing community support. Each brand benefits from global scale and shared best practices through ownership by Restaurant Brands International Inc. We are seeking a Senior Engineer to lead the design and implementation of robust security practices across our engineering and cloud infrastructure. This role is crucial in securing our development lifecycle, infrastructure, and cloud-native environments. Responsibilities include building secure pipelines, enhancing detection capabilities, mentoring team members, and continuously identifying and remediating security gaps. Role & Responsibilities: Lead secure software development lifecycle (SDLC) practices across engineering teams. Design, implement, and maintain secure CI/CD pipelines, integrating tools for SAST, DAST, and dependency scanning (e.g., CodeQL, GitHub Advanced Security). Configure and maintain security in source control systems, preferably GitHub. Develop, maintain, and monitor security controls across cloud environments, with a focus on AWS. Configure and manage security logging and monitoring solutions, particularly SIEM tools. Guide secure infrastructure using Terraform and other Infrastructure-as-Code (IaC) tools. Ensure security in serverless environments and API-based architectures. Implement and support Zero Trust Network Architecture, working with SASE platforms and identity-based access controls. Deploy and manage Data Loss Prevention (DLP) strategies across cloud services, endpoints, and email. Build and maintain Standard Operating Procedures (SOPs) and engineering documentation, including internal guides, playbooks, and runbooks. Identify security gaps in systems, workflows, or architecture and develop actionable solutions. Perform security investigations and respond to alerts; fine-tune detection rules to reduce false positives and increase detection accuracy. Build and implement automation to streamline security tasks and incident response procedures. Conduct threat modeling, risk assessments, and vulnerability management activities. Lead incident response and forensic investigations on Windows and Linux systems. Collaborate with IT, DevOps, and engineering teams to promote security best practices. Guide and mentor junior team members, fostering a knowledge-sharing culture. Educate developers and engineers on OWASP Top 10 and secure coding standards. Stay current with evolving cybersecurity threats, tools, and techniques in cloud computing. Qualifications: 5+ years of experience in security engineering with a strong background in application and cloud security. Deep understanding of secure development practices and integrating security into the SDLC. Knowledge of OWASP Top 10, CWE, and secure web practices. Hands-on experience with: Code scanning tools: CodeQL, SAST/DAST, dependency scanners. CI/CD tools: GitHub Actions, Jenkins, or similar. SIEM systems: Splunk, ELK, or equivalent. Cloud security, especially AWS: IAM, VPCs, KMS, and related services. Designing and implementing Zero Trust architectures and working with SASE platforms. Experience with DLP solutions across endpoints, cloud, and messaging platforms. Strong knowledge of networking protocols, TLS, DNS, and web app architectures. Experience with both Linux and Windows environments. Knowledge of email security protocols such as DMARC, SPF, DKIM, and phishing detection. Ability to create and maintain technical documentation, SOPs, and automation scripts. Proficiency in scripting languages like Python, Bash, or JavaScript. Experience with bug bounty platforms or responsible disclosure programs. Familiarity with security frameworks like Zero Trust, NIST 800-207, or ISO 27001. Infrastructure as Code: Terraform (primary), CloudFormation, or others. Comfortable with on-call rotations. Experience with containers and orchestration: Docker, Kubernetes, including RBAC and security policies. Experience with serverless architectures such as AWS Lambda. We offer comprehensive benefits focusing on physical, mental, and financial wellness, including global paid parental leave, telemedicine, and mental health support. Restaurant Brands International is an equal opportunity employer, committed to diversity and inclusion. Accommodations are available for applicants with disabilities upon request. #J-18808-Ljbffr Restaurant Brands International

Job Tags

Similar Jobs