Job Description

McDonald's is seeking an Analyst to join our cybersecurity team as an Application Security specialist. In this role, you will play a crucial part in ensuring that our software meets McDonald's security standards while enabling innovation to meet our customers' evolving needs. You will collaborate with multi-functional teams to understand business and technology requirements, and assist in implementing solutions aligned with global frameworks, deployment guidelines, and standards.

McDonald’s is investing heavily in technology to drive our growth. We’re looking at how to use technology to improve the customer experience and build new customer experiences. We’re also exploring technologies that can help us reduce or eliminate repetitive tasks and make employees’ jobs more rewarding. With all the new projects and initiatives, it is a dynamic era to be on the cybersecurity team, helping to make a safer and Better McDonald's!

Responsibilities:

• Collaborate with internal and external product and development teams to integrate security tools, standards, and processes into the Secure Software Development Lifecycle (SSDLC).
• Support front-end and back-end development teams in triaging and developing plans for remediation of application threats and vulnerabilities on a global scale.
• Coordinate efforts across global teams of application security consultants and suppliers.
• Create and maintain documentation related to coordinated security processes and controls.
• Provide recommendations on Information Security policies and define governance procedures for secure application development.
• Configure application security tools, processes, and documentation to support alignment with OWASP Top 10, Industry Standards, Current Events, and Best-Practices.
• Support the development of a technical roadmap to address the evolving threat landscape.
• Support application penetration testing, threat modeling, and vulnerability scanning initiatives.
• Stay up to date on the latest threats and share insights with the team through lunch-n-learns.

Qualifications

• Bachelor’s degree in Systems Engineering, Computer Science, Information Technology/Security, or related fields.
• Familiarity with key compliance and IT frameworks such as NIST, OWASP SAMM, PCI, GDPR, CCPA, HIPAA.
• Background/abilities in modern application development languages used in mobile and web applications.
• Experience with tooling related to static, dynamic, and composition analysis (SAST/DAST/SCA).

Desired Skills:

• Understanding of complex multinational companies and distributed business models.
• Good interpersonal skills with the ability to communicate complex technical concepts to non-technical partners.
• Proficient in technical writing and creating policies, standards, procedures, and guidelines.
• Ability to interpret and understand business needs and effectively communicate them to information security teams.
• Demonstrable ability to identify project objectives and define optimal project approaches to align security controls with program success.

Additional Information

McDonald’s is committed to providing qualified individuals with reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact recruiting.supportteam@us.mcd.com

McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Nothing in this job posting or description should be construed as an offer or guarantee of employment.