Let’s get started
By clicking ‘Next’, I agree to the Terms of Service
and Privacy Policy
Jobs / Job page
Sr. Security Engineer image - Rise Careers
Job details

Sr. Security Engineer

Ready to make your next big professional move? Join us on our journey to achieve our big dream of building the most loved restaurant brands in the world.   

Restaurant Brands International Inc. is one of the world's largest quick service restaurant companies with nearly $45 billion in annual system-wide sales and over 32,000 restaurants in more than 120 countries and territories.

RBI owns four of the world's most prominent and iconic quick service restaurant brands – TIM HORTONS®, BURGER KING®, POPEYES®, and FIREHOUSE SUBS®. These independently operated brands have been serving their respective guests, franchisees and communities for decades. Through its Restaurant Brands for Good framework, RBI is improving sustainable outcomes related to its food, the planet, and people and communities.

RBI is committed to growing the TIM HORTONS®, BURGER KING®, POPEYES® and FIREHOUSE SUBS® brands by leveraging their respective core values, employee and franchisee relationships, and long track records of community support. Each brand benefits from the global scale and shared best practices that come from ownership by Restaurant Brands International Inc.

We are seeking a Senior Security Engineer to lead the design and implementation of robust security practices across our engineering and cloud infrastructure. This role plays a critical part in securing our development lifecycle, infrastructure, and cloud-native environments. You will be responsible for building secure pipelines, improving detection capabilities, and mentoring team members, while continuously identifying and remediating security gaps.

Role & Responsibilities:

  • Lead secure software development lifecycle (SDLC) practices across engineering teams. 
  • Design, implement, and maintain secure CI/CD pipelines, integrating tools for SAST, DAST, and dependency scanning (e.g., CodeQL, GitHub Advanced Security). 
  • Configure and maintain security in source control systems, preferably GitHub. 
  • Develop, maintain, and monitor security controls across cloud environments, with a strong preference for AWS. 
  • Configure and manage security logging and monitoring solutions, particularly SIEM tools. 
  • Guide secure infrastructure using Terraform and other Infrastructure-as-Code (IaC) tools. 
  • Ensure security in serverless environments and API-based architectures. 
  • Implement and support Zero Trust Network Architecture, working with SASE platforms and identity-based access controls. 
  • Deploy and manage DLP (Data Loss Prevention) strategies across cloud services, endpoints, and email. 
  • Build and maintain Standard Operating Procedures (SOPs) and engineering documentation, including internal guides, playbooks, and runbooks. 
  • Identify security gaps in systems, workflows, or architecture and develop actionable solutions to address them. 
  • Perform security investigations and respond to alerts; fine-tune detection rules to reduce false positives and increase detection accuracy. 
  • Build and implement automation to streamline and optimize repetitive security tasks and incident response procedures. 
  • Conduct threat modeling, risk assessments, and vulnerability management activities. 
  • Lead incident response and forensic investigations on both Windows and Linux systems. 
  • Work collaboratively with IT, DevOps, and engineering teams to drive security best practices. 
  • Guide and mentor junior team members, fostering a knowledge-sharing culture. 
  • Educate developers and engineers on OWASP Top 10 and secure coding standards. 
  • Stay current with evolving threats, tools, and techniques in cybersecurity and cloud computing. 

Qualifications:

  • 5+ years in security engineering with a strong application and cloud security background. 
  • Deep understanding of secure development practices and integrating security into the Software Development Life Cycle (SDLC). 
  • In-depth knowledge of OWASP Top 10, CWE, and secure web practices. 
  • Hands-on experience with:  
  • Code scanning tools: CodeQL, SAST/DAST, dependency scanners. 
  • CI/CD tooling: GitHub Actions, Jenkins, or similar. 
  • SIEM: Implementation and log ingestion (e.g., Splunk, ELK, or equivalent). 
  • Cloud security: AWS preferred; experience with IAM, VPCs, KMS, and other AWS services. 
  • Proven experience designing and implementing Zero Trust architectures and working with SASE platforms (e.g., Zscaler, Netskope, or Prisma Access). 
  • Strong experience with DLP solutions across endpoints, cloud, and messaging platforms. 
  • Strong grasp of networking protocols, TLS, DNS, HTTP, and web application architectures. 
  • Strong experience with both Linux and Windows environments. 
  • Experience with email security (e.g., DMARC, SPF, DKIM, phishing detection). 
  • Ability to create and maintain technical documentation, SOPs, playbooks, and automation scripts. 
  • Proficiency in scripting or programming languages (Python, Bash, JS, etc.). 
  • Familiarity with bug bounty platforms or responsible disclosure programs. 
  • Experience with security frameworks like Zero Trust, NIST 800-207, or ISO 27001. 
  • Infrastructure as Code: Terraform (primary), CloudFormation or others. 
  • Containers and orchestration: Docker, Kubernetes, including RBAC, pod security policies, etc. 
  • Serverless architectures: AWS Lambda or similar. 

Benefits at all of our global offices are focused on physical, mental and financial wellness. We offer unique and progressive benefits, including a comprehensive global paid parental leave program that supports employees as they expand their families, free telemedicine and mental wellness support.

Restaurant Brands International and all of its affiliated companies (collectively, RBI) are equal opportunity and affirmative action employers that do not discriminate on the basis of race, national origin, religion, age, color, sex, sexual orientation, gender identity, disability, or veteran status, or any other characteristic protected by local, state, provincial or federal laws, rules, or regulations. RBI's policy applies to all terms and conditions of employment. Accommodation is available for applicants with disabilities upon request.

Average salary estimate

$115000 / YEARLY (est.)
min
max
$100000K
$130000K

If an employer mentions a salary or salary range on their job, we display it as an "Employer Estimate". If a job has no salary data, Rise displays an estimate if available.

What You Should Know About Sr. Security Engineer, RBI (VA)

Ready to make your next big professional move? Join Restaurant Brands International Inc. as a Senior Security Engineer at our Miami Corporate Office, where we’re on a journey to build the world’s most loved restaurant brands. RBI encompasses iconic names like TIM HORTONS®, BURGER KING®, POPEYES®, and FIREHOUSE SUBS®, and we're looking for an experienced individual to lead the charge in implementing robust security practices. As a Senior Security Engineer, you'll play a pivotal role in securing our development lifecycle and cloud infrastructure, ensuring everything from building secure pipelines to conducting thorough security investigations. You'll be hands-on with tools like CodeQL and SIEM technologies, while also mentoring fellow team members and fostering a culture of security awareness. What makes this role exciting is that you won't just be identifying security gaps but actively working on actionable solutions while collaborating closely with IT and engineering teams. With a commitment to continuous improvement, you'll help us stay current with evolving cybersecurity threats. If you're someone who is passionate about creating secure environments and enjoys working with a variety of technologies in a fast-paced, supportive setting, we want to hear from you!

Frequently Asked Questions (FAQs) for Sr. Security Engineer Role at RBI (VA)
What are the responsibilities of a Senior Security Engineer at Restaurant Brands International?

A Senior Security Engineer at Restaurant Brands International is tasked with leading secure software development lifecycle practices, designing and implementing secure CI/CD pipelines, and maintaining security controls across cloud environments, primarily AWS. You'll also perform security investigations, educate teams on secure practices, and continuously identify and address security gaps to ensure robust defense mechanisms across all systems.

Join Rise to see the full answer
What qualifications are needed to be a Senior Security Engineer at RBI?

To qualify as a Senior Security Engineer at Restaurant Brands International, candidates should have at least 5 years in security engineering, with extensive knowledge of secure development practices and cloud security. Familiarity with tools like Docker, Terraform, and various coding and scripting languages is essential. Experience in designing Zero Trust architectures and leading incident responses also plays a critical role in this position.

Join Rise to see the full answer
What specific tools will a Senior Security Engineer use at Restaurant Brands International?

As a Senior Security Engineer at Restaurant Brands International, you will use a range of tools including CodeQL for code scanning, CI/CD tools like GitHub Actions for pipelines, and various SIEM systems for security monitoring. Your role may also necessitate the use of DLP solutions and knowledge of cloud services such as AWS, along with container orchestration technologies like Docker and Kubernetes.

Join Rise to see the full answer
How does a Senior Security Engineer at RBI contribute to the company's culture?

A Senior Security Engineer at Restaurant Brands International contributes to the company culture by fostering collaboration between IT and engineering teams, mentoring junior members, and encouraging a proactive approach to security. By educating others on secure coding standards and developing playbooks and SOPs, you'll help create a culture that prioritizes security awareness across all departments.

Join Rise to see the full answer
What are the career advancement opportunities for a Senior Security Engineer at RBI?

Career advancement opportunities for a Senior Security Engineer at Restaurant Brands International include potential leadership roles in security architecture, infrastructure security, or even strategic positions like Chief Information Security Officer. Continuous learning through professional development programs and staying updated on industry standards will also help pave the way for future roles.

Join Rise to see the full answer
Common Interview Questions for Sr. Security Engineer
Can you explain the secure software development lifecycle (SDLC)?

In an interview, it's important to highlight how the secure SDLC incorporates security practices at every stage, from requirements gathering to design, implementation, testing, deployment, and maintenance. Emphasize the tools and methodologies you use, such as threat modeling and security reviews, to ensure that security is integrated seamlessly into the development process.

Join Rise to see the full answer
How would you implement a Zero Trust architecture in our environment?

When discussing Zero Trust, explain the principles of never trusting any device or user by default. You could describe how you'd implement identity-based access controls and segmentation to ensure that every request for resources is authenticated and authorized, using technologies that support Zero Trust, such as SASE or SIEM tools.

Join Rise to see the full answer
What is your experience with AWS security services?

Highlight specific AWS services you have worked with, such as IAM, VPCs, KMS, and CloudTrail. Discuss how you’ve configured these services for optimal security, your approach to monitoring and logging, and any successful projects where AWS security features significantly mitigated risk.

Join Rise to see the full answer
Describe a time you identified and remediated a security gap.

Use the STAR method to describe a specific instance where you pinpointed a vulnerability. Walk through the steps taken to analyze the risk, the solution you implemented, and how this prevented further issues, showcasing your proactive approach to problem-solving.

Join Rise to see the full answer
What strategies do you use for incident response?

In your answer, outline your methodology for incident response, including preparation, detection, containment, eradication, recovery, and lessons learned. Highlight your experience in leading forensic investigations and how you communicate findings to stakeholders.

Join Rise to see the full answer
What tools do you prefer for code security scanning?

Discuss the specific tools such as CodeQL, SAST, and DAST that you have experience with. Talk about why you prefer certain tools based on project needs, their strengths in spotting vulnerabilities, and how you've integrated these tools into the CI/CD pipeline.

Join Rise to see the full answer
How do you stay current with cyber security trends and vulnerabilities?

Mention specific online resources, communities, or courses that you follow regularly. Highlight how engaging with forums, attending conferences, or continuous education helps enhance your knowledge and equips you with innovative approaches to security challenges.

Join Rise to see the full answer
Can you explain your experience with Data Loss Prevention (DLP) strategies?

Provide examples of DLP solutions you've implemented, including configuration and monitoring aspects. Explain how you ensured compliance and reduced risks related to sensitive data through effective policies and technology.

Join Rise to see the full answer
How would you educate developers about secure coding standards?

Discuss your approach to training developers on secure coding practices, such as hosting workshops, developing clear instructional materials, or using practical examples. Emphasize the importance of continuous learning and engagement in fostering a security-first mindset.

Join Rise to see the full answer
How do you assess the security posture of an organization?

Explain the processes you typically undertake, including risk assessments, vulnerability scans, and penetration tests. Share any frameworks you follow, such as NIST or ISO 27001, and how you use the results to prioritize improvements.

Join Rise to see the full answer
Similar Jobs
Photo of the Rise User
RBI (VA) Hybrid Corp - Miami Corporate Office
Posted 2 days ago

Take the lead in shaping global food safety strategies for one of the largest quick service restaurant companies in the world.

Photo of the Rise User

Join Restaurant Brands International as a Sr. Financial Analyst to drive financial insights and budget management for iconic restaurant brands.

Photo of the Rise User

Join Peraton as a Wireless Network Administrator and support critical operations for U.S. Special Operations Command.

Photo of the Rise User
Posted 12 days ago

As a Senior Site Reliability Engineer, you will enhance our payment solutions' reliability and security in a fast-paced environment.

Photo of the Rise User
Posted 9 days ago
Photo of the Rise User
American Express Remote Phoenix, Arizona, United States
Posted 9 days ago
Inclusive & Diverse
Empathetic
Collaboration over Competition
Growth & Learning
Transparent & Candid
Medical Insurance
Dental Insurance
Mental Health Resources
Life insurance
Disability Insurance
Child Care stipend
Employee Resource Groups
Learning & Development

Step into the role of Service Assurance Engineer at American Express, where you can shape the technology landscape while ensuring exceptional customer experiences.

Posted 9 days ago

Join CACI as an Information Systems Security Officer (ISSO) and play a crucial role in protecting national security through advanced cybersecurity measures.

Photo of the Rise User
Posted 14 days ago

Join Visa's Cyber Security team as a Senior Cybersecurity Engineer specializing in IAM processes and AI integration.

Photo of the Rise User

As an HPC Application Designer, you will design and support system software for the Research Computing Center at Florida State University.

Photo of the Rise User
KIHOMAC Hybrid No location specified
Posted 7 days ago

We are looking for a skilled SolarWinds Application Engineer to maintain and support critical network monitoring applications.

MATCH
Calculating your matching score...
FUNDING
SENIORITY LEVEL REQUIREMENT
TEAM SIZE
No info
EMPLOYMENT TYPE
Full-time, on-site
DATE POSTED
April 11, 2025

Subscribe to Rise newsletter

Risa star 🔮 Hi, I'm Risa! Your AI
Career Copilot
Want to see a list of jobs tailored to
you, just ask me below!
LATEST ACTIVITY
F
Someone from OH, Oxford just viewed Supply Chain Intern at Fortune Brands
Photo of the Rise User
8 people applied to Director, CyberSecurity at Visa
Photo of the Rise User
Someone from OH, Cincinnati just viewed Student Programs Coordinator at University of South Florida
Photo of the Rise User
Someone from OH, Columbiana just viewed Talent Relations Specialist at 3Pillar
Photo of the Rise User
Someone from OH, North Ridgeville just viewed Product Operations Manager at Athennian
Photo of the Rise User
64 people applied to SOC Analyst I at Epsilon
Photo of the Rise User
Someone from OH, Toledo just viewed Sr. Writer and Training Specialist at Zero to Three
Photo of the Rise User
Someone from OH, Oxford just viewed Sr. Staff, Security Research (Risk Management) at Zscaler
Photo of the Rise User
7 people applied to Salesforce Administrator at AHEAD
C
10 people applied to ISSE/ ISSO at Centuria
Photo of the Rise User
68 people applied to Cybersecurity Intern at Dewberry
Photo of the Rise User
Someone from OH, Columbus just viewed Credentialing Analyst at Experian
S
Someone from OH, Cincinnati just viewed Director, Logistics & Operations at Starface World
Photo of the Rise User
Someone from OH, Westlake just viewed Senior Data Engineer - (Remote) at Jobgether
K
Someone from OH, Lima just viewed Talent Operations Associate at Kinaxis Inc.
Photo of the Rise User
Someone from OH, Delaware just viewed Quality Engineer, Call Intelligence (Contract) at Replicant
Photo of the Rise User
Someone from OH, Lima just viewed Trainee Recruitment Consultant at Gi Group Holding
Photo of the Rise User
Someone from OH, Lima just viewed Associate Talent Development Partner at Niche
Photo of the Rise User
Someone from OH, Lima just viewed Talent Acquisition Coordinator at Clio
Photo of the Rise User
Someone from OH, Lima just viewed Remote Tax Professional at H&R Block
Photo of the Rise User
Someone from OH, Lima just viewed Senior SMB Client Onboarding Partner at H&R Block