Senior Security Engineer

Jobinhalt

About Restaurant Brands International

Restaurant Brands International Inc. is one of the world’s largest quick service restaurant companies with over $40 billion in annual system-wide sales and over 30,000 restaurants in more than 100 countries. RBI owns four of the world’s most prominent and iconic quick service restaurant brands – TIM HORTONS®, BURGER KING®, POPEYES®, and FIREHOUSE SUBS®. These independently operated brands have been serving their respective guests, franchisees and communities for decades. Through its Restaurant Brands for Good framework, RBI is improving sustainable outcomes related to its food, the planet, and people and communities.

The Senior Security Engineer will have a passion for managing corporate security along with a desire to relentlessly champion best practices. This role is responsible for performing all functions required to support day-to-day data security operations, supporting and maintaining a broad suite of information security infrastructure, accountable for security and networking infrastructure component availability and integrity, monitoring compliance with IT security policy, working in partnership with the SOC, and coordinating investigation and reporting of security incidents. Participate in the planning, design, installation, and maintenance of security systems in support of security policies. Work with Information Technology staff and business units to assess risk and address security issues. They will be a key contributor to the gathering and analysis of threat intelligence and conducting proactive research to analyze security weaknesses and recommend appropriate strategies. They will play a role in sourcing and implementing new security solutions to better protect the organization and as appropriate coordinate with vendors to implement security solutions.

Responsibilities And Duties

• Experience in managing highly complex, hyper-scaled multi-platform environments (servers, networks, storage, virtualization, systems monitoring and management).
• Experience in collaborating with multiple security solutions providers to run proof of concepts.
• Partner with application development and implementation/support teams to develop and implement software security strategies tailored to the specific risks facing the organization, including threat modeling and software vendor / outsourced provider best practices and recommended configurations.
• Implement, monitor, configure, and maintain security systems and tools in scope of Security team.
• Working with other members of the Information Security team, maintain a balanced application security program based on a well-defined application security framework.
• Conduct application security assessments / penetration tests and implement tools for on-demand and automated code reviews.
• Strong working knowledge of Microsoft Windows Active Directory environments, AWS, O365, VM Servers, VDI, and other enterprise-wide systems and applications.
• Contribute to the development of policies, procedures, standards
• Develop technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks.
• Manage the suite of security tools in place or to be implemented that help to monitor and maintain required security posture.
• Ensure that the company knows as much as possible, as quickly as possible about security incidents related to security infrastructure and network components.
• Ensure integration of technology that upholds the Information Security policies and standards, as well as meets business objectives
• Ability to effectively analyzing threats, including Phishing emails or other incident and working with internal IT teams to resolve this type of issues.
• Experience and have functional understanding of one or more public cloud providers and infrastructure security protections and weaknesses
• Prepare and document standard operating procedures and protocols, policies, and procedures for tools in scope of Security team.
• Technical collaboration with colleagues to consult for design and to be available for escalations and support.
• Exhibit excellence in communication, responsiveness, and attention to detail.
• maintain and manage relations with vendors and related suppliers to foster strong partnership
  
  

Skills

• 7+ years’ of work experience in Cyber Security related duties such as incident detection, response and forensics. Software Developer/Architect, Software QA, or App Security Architect.
• Experience in architecting and deploying security solutions.
• Experience with the functionality, operation and maintenance of Security related technologies and solutions (firewalls, IPS, WIDS, WAF, SIEM, DLP, RMS, vulnerability scanner, web proxy, endpoint security, etc); Network security experience is a plus.
• Proficient in at least one of the following languages: Java, .NET, Node.js, or Python.
• Understand application architectural patterns, such as MVC, Microservices, Event-driven etc. experience is a plus.
• Demonstrated business acumen and an ability to work with developers, QA personnel, DBAs, and business stakeholders to define security requirements, development practices, test scenarios, and deployment strategies.
• Knowledge and application of OWASP Top 10 in practice.
• Demonstrated experience with establishing software development policies across an a global IT organization.
• Experience working in with Agile/Scrum/Kanban methodologies.
• Demonstrated experience performing code reviews and penetration testing.
• Knowledge in IT configuration management, end point defense, log management, updates and patching, security policies, password management, risk assessment, incident response and mitigation techniques.
• Ability to interact and communicate with customers of varying levels of expertise.
• Ability to prioritize job responsibilities. Knowledge of security systems software.
• College degree in computer science, engineering, information systems, information security, or other relevant area of study.
• Preferred certifications, but not required:
• CISSP (Certified Information Systems Security Professional)
• CEH
• Security+
• OSCP, OSCE, or OSWE
  

Restaurant Brands International and all of its affiliated companies (collectively, RBI) are equal opportunity and affirmative action employers that do not discriminate on the basis of race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or veteran status, or any other characteristic protected by local, state, provincial or federal laws, rules, or regulations. RBI’s policy applies to all terms and conditions of employment. Accommodation is available for applicants with disabilities upon request.

50236484