Sr. Analyst, Automation Engineer

About The Position

Requirements

• 3+ years of experience in DevSecOps, Security Engineering, or a related space, with a passion for building secure, scalable systems
• Strong Python skills and hands-on experience working with GitHub, CI/CD pipelines, and automation
• Experience working in AWS environments, using tools like Terraform, and building secure-by-design infrastructure and application pipelines
• A track record of automating security, compliance, or operational processes to improve efficiency and reduce risk
• Familiarity with containerization and orchestration tools like Docker and Kubernetes (EKS is a plus)
• Experience implementing application security practices (SAST, DAST, SCA) and integrating them into the development lifecycle
• Solid understanding of identity, secrets management, and modern security best practices
• Exposure to observability, logging, and security telemetry
• Experience with threat modeling or thinking through systems from a risk-based security perspective
• Working knowledge of security and compliance frameworks (NIST, PCI, SOX, or similar)
• Ability to collaborate across teams and influence technical decisions
• Experience securing APIs and microservices architectures

Nice To Haves

• Industry certifications like AWS Security Specialty, CISSP, CISM, or CKS
• Experience with tools like Ansible, policy-as-code frameworks, or SOAR platforms
• Familiarity with security tools such as GitHub Advanced Security, CrowdStrike, Qualys, Netskope, or similar
• Interest or experience in applying AI/ML or GenAI to security, automation, or engineering productivity
• Background in fast-paced, distributed environments like QSR, retail, or franchise organizations
• Additional certifications in cloud, security, or DevSecOps

Responsibilities

• Lead security automation strategy, standards, and implementation across cloud, DevSecOps, and GRC engineering domains
• Design and implement automated controls, continuous monitoring, and evidence collection aligned to NIST, PCI, and SOX requirements
• Build and enhance secure CI/CD pipelines using GitHub and CircleCI for both traditional developers and emerging AI-enabled developer communities
• Implement Infrastructure as Code with Terraform and configuration management with Ansible to improve consistency, security, and scale
• Develop automation to improve operational security, detection, and response efficiency using platforms such as CrowdStrike, CrowdStrike SIEM, GitHub Advanced Security, Qualys, and Netskope
• Design and implement container and Kubernetes (EKS) security controls including image scanning and runtime protection
• Integrate application security testing (SAST, DAST, SCA, secrets scanning) into CI/CD pipelines
• Develop automation for secrets management and least-privilege identity enforcement
• Enhance observability and security telemetry pipelines to improve detection and response
• Support incident response automation, playbooks, and post-incident analysis
• Apply threat modeling and risk-based design principles to security automation solutions
• Integrate security findings, policy checks, code scanning, vulnerability data, and cloud controls into orchestrated engineering workflows
• Leverage AI-assisted development, intelligent automation, and developer guardrails where appropriate to improve engineering speed and security outcomes
• Partner with Infrastructure, Cloud, Cybersecurity, and Application teams to establish reusable automation patterns and self-service capabilities

Benefits

• Unique and progressive benefits
• Comprehensive global paid parental leave program that supports employees as they expand their families
• Free telemedicine
• Mental wellness support