Sr. Analyst, Automation Engineer
Restaurant Brands International · Miami, FL · 2 wk ago
EngineeringFull-time
What You'll Do
- Lead security automation strategy, standards, and implementation across cloud, DevSecOps, and GRC engineering domains
- Design and implement automated controls, continuous monitoring, and evidence collection aligned to NIST, PCI, and SOX requirements
- Build and enhance secure CI/CD pipelines using GitHub and CircleCI for both traditional developers and emerging AI-enabled developer communities
- Implement Infrastructure as Code with Terraform and configuration management with Ansible to improve consistency, security, and scale
- Develop automation to improve operational security, detection, and response efficiency using platforms such as CrowdStrike, CrowdStrike SIEM, GitHub Advanced Security, Qualys, and Netskope
- Develop automation for secrets management and least-privilege identity enforcement
- Enhance observability and security telemetry pipelines to improve detection and response
- Support incident response automation, playbooks, and post-incident analysis
- Apply threat modeling and risk-based design principles to security automation solutions
- Leverage AI-assisted development, intelligent automation, and developer guardrails where appropriate to improve engineering speed and security outcomes
- Partner with Infrastructure, Cloud, Cybersecurity, and Application teams to establish reusable automation patterns and self-service capabilities
What You’ll Bring
- 3+ years of experience in DevSecOps, Security Engineering, or a related space, with a passion for building secure, scalable systems
- Strong Python skills and hands-on experience working with GitHub, CI/CD pipelines, and automation
- Experience working in AWS environments, using tools like Terraform, and building secure-by-design infrastructure and application pipelines
- A track record of automating security, compliance, or operational processes to improve efficiency and reduce risk
- Familiarity with containerization and orchestration tools like Docker and Kubernetes (EKS is a plus)
- Experience implementing application security practices (SAST, DAST, SCA) and integrating them into the development lifecycle
- Solid understanding of identity, secrets management, and modern security best practices
- Exposure to observability, logging, and security telemetry, you know how to make systems visible and actionable
- Experience with threat modeling or thinking through systems from a risk-based security perspective
- Solid understanding of security and compliance frameworks (NIST, PCI, SOX, or similar)
- Ability to collaborate across teams and influence technical decisions
- Experience securing APIs and microservices architectures