Job Description

As a Security Operations Center Analyst, you will use defensive measures and information collected from various sources to identify, analyze, and report events that occur or within the network to protect the information, information systems, and networks from threats. You will support the Incident Response process by aiding and responding in the event of a crisis or urgent situation to mitigate immediate and potential cyber threats. As needed, you will use mitigation, preparedness, response, and recovery approaches to maximize the organization’s security.

You will work alongside our Incident Response and other Cyber Operations teams to identify and report on security incidents as they occur. In this role, you will demonstrate accountability, agility, leverage your strong security skills to engage long term projects focusing on security operations, security event monitoring, and incident response.

Global Technology Risk Management (GTRM) is the team that is ultimately responsible for the securing of McDonald’s information assets at a global level. This role works directly within GTRM, the organization responsible for our Cybersecurity Operations & Incident Response program and critical services, ensuring our leadership makes informed risk-based decisions.

We are moving fast and are adding to our best-in-class team, and joining McDonald’s means thinking big every day and preparing for a career that will impact the world. We are customer-obsessed, committed to being leaders in our industry, and believe we are better when we work together. Over the last several

years, we have launched home delivery, radically improved the digital experiences of our restaurants, introduced mobile pay, and have so much more to come. These critical initiatives require an essential capability to identify, detect, and resolve security gaps before a real-world adversary finds them.

McDonald’s is investing heavily in technology to drive our growth. We’re looking at how to use technology to improve the customer experience and build new customer experiences. We’re also exploring technologies that can help us reduce or eliminate repetitive tasks and make employees’ jobs more exciting and rewarding. With all the new projects and initiatives, it is an exciting time to be on the cybersecurity team, helping to make a safer and Better McDonald’s.

RESPONSIBILITIES

The ideal candidate must have an understanding of cybersecurity practices, cloud technologies, detection and response frameworks and methodologies, and incident handling procedures (containment, eradication, recovery, and lessons learned). They must be familiar with adhering to established incident response playbooks and practices, have an intense attention to detail, and be willing to work collaboratively across multiple global multi-functional teams. The candidate must have:

• Demonstrated knowledge of computer networking concepts, protocols, and network security methodologies
• Ability to analyze cyber threats and vulnerabilities
• Capability to understand authentication, authorization, and access control methods
• Demonstrated skill in utilizing intrusion detection methodologies and techniques for detecting host and network-based intrusions
• Awareness of common system and application security threats and vulnerabilities
• Understanding of what constitutes a network attack and a network attack’s relationship to both threats and vulnerabilities
• Firm understanding of common adversarial tactics, techniques, and procedures
• An understanding of the stages of a cyber attack (e.g., reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
• Use security operations tools to monitor and analyze system activity to identify malicious activity continually
• Characterize and analyze network traffic and logs to identify anomalous activity and potential threats to McDonald’s assets
• Receive and analyze network alerts from various sources within the enterprise and determine root cause of alerts
• Assist in constructing signatures that can be implemented on defense network tools in response to new or observed threats within the network environment or enclave
• Monitor external data sources to maintain currency of cyber defense threat conditions and resolve security issues may impact the enterprise
• Provides cybersecurity recommendations to leadership based on significant threats and vulnerabilities
• Work with collaborators to resolve computer security incidents and vulnerability compliance

Qualifications

MINIMUM REQUIREMENTS

• Bachelor’s degree or equivalent experience in Computer science, cybersecurity, information technology, software engineering, information systems, or computer engineering
• 2+ years of experience working in security operations or incident response role

DESIRED SKILLS:

• Professional certification such as GIAC, GCIH, GCIA
• Experience working from Incident Response Playbooks
• Experience working with case management tools, SOAR, email security solutions, SIEM, and EDR technologies
• Experience with network/data analysis, packet capture analysis, malware detection, custom intrusion signature development, and advanced information assurance
• Experience developing automation through scripting languages such as Python

Additional Information

McDonald’s is committed to providing qualified individuals with reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact recruiting.supportteam@us.mcd.com

McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Nothing in this job posting or description should be construed as an offer or guarantee of employment.