Sorry, this listing is no longer accepting applications. Don’t worry, we have more awesome opportunities and internships for you.

US Security Engineer

M

McDonald's Corporation

US Security Engineer

Chicago, IL
Full Time
Paid
Similar Jobs
  • Responsibilities

    Job Description

    Interested in growing McDonald’s US restaurant technology security? We are seeking someone who is curious and interested in learning, brings strong communication and collaboration skills, and helps others grow by sharing their expertise and support. The ideal candidate will have a strong information security background including previous experience with using the MITRE ATT&CK framework as well as prior threat analysis experience. DFIR experience with Microsoft Windows Server and Client Operating Systems. SIEM or other similar log aggregation solutions including proficiency with tuning, alerting, and event analysis. Experience using Endpoint Detection and Response tools such as Sentinel One, CrowdStrike or similar. Using Nessus or Qualys scanning tools and evaluating vulnerabilities. This candidate should be well versed in the NIST Cyber Security Framework, Incident Response procedures, and vulnerability management tools. The candidate must have previous experience with PCI compliance in a merchant environment as well as strong working knowledge of network protocols, understanding of the OSI model, authentication models, and security architectures. Experience in a retail environment is preferred. Candidate must be an organized self-starter who can work independently with minimal direction.

    McDonald's Corporation has an opportunity for an Information Security Engineer on the Global Technology Infrastructure & Operations / US IT Security team.

    The GTIO / US IT Security department is responsible for ensuring that restaurant technology is secure and being monitored for unauthorized activity and threats.

    In this role, the Information Security Engineer will work with product owners, business owners, and security customers to monitor and action identified threats, and advise and assist with implementing risk mitigations for a wide variety of security technologies used in restaurants. Duties include, but are not limited to, monitoring, tuning, and responding to threats identified by security controls, reviewing new project initiatives for proper security controls, conducting risk assessments, and evaluating risks, as well as participating in the annual PCI assessment processes. This role will help to shape, define, design, and implement additional security controls and processes that control the integrity and availability of technology used in the restaurant environment.

    • Conduct and evaluate security risk assessments associated with restaurant technologies, documenting identified risks and vulnerability for product owners.
    • Supervise and guide annual PCI assessment, working with a Project Manager, PCI assessor and process owners to ensure that the McDonald’s cardholder environment remains secure and maintains it annual PCI-DSS certification.
    • Monitor SentinelOne in the restaurant environment, work with our service provider to actively monitor, identify and respond to threats and vulnerabilities.
    • Perform regular Nessus scans of the restaurant environment to identify vulnerabilities and work with various owners to resolve or mitigate vulnerabilities.
    • Participate in activities associated with the scope and management of restaurant penetration testing.
    • Provide subject matter support to the business and collaborate closely with managed third-party security services as it pertains to centralized security solutions that monitor endpoint devices in restaurants.
    • Evaluate SentinelOne upgrade paths/functionality and make recommendations to leadership based on applicability to restaurant technologies and appropriately layered security.
    • Evaluate security vulnerabilities and patches, advising and recommending to business leaders on applicability of patches to restaurant technologies.
    • Provide level 3 support for security alerts received from MSSP / SOC.
    • Participate in documenting technology solutions and maintaining documentation as required for compliance and risk assessment activities
  • Qualifications

    Qualifications

    • Must be fully vaccinated (i.e., at least 2 weeks after last dose) for COVID-19 and, if hired, present proof of vaccination by start date.
    • 5 - 10 years IT Security
    • Bachelor's degree - Business or IT with related experience
    • Security certification: CISSP, GSEC, CEH, or Security+
    • Excellent verbal and written communication skills
    • Experience with Payment Card Industry (PCI) Report on Compliance (ROC) process
    • Experience with SentinelOne administration (or other EDR technologies)
    • Knowledge of security scanning products (Nessus, Qualys)
    • Administrator level knowledge – Windows and Linux environments
    • Familiarity with firewall administration concepts
    • Proficiency with Microsoft Access, Word, Excel, PowerPoint, SharePoint, and Visio
    • Experience developing complex Visio diagrams
    • SEIM log aggregation
    • Security Operations Center (SOC) analyst
    • IDS/IPS, NetGen Firewall administration
    • Endpoint security administration
    • Excellent problem-solving skills and ability to focus on details
    • Technical writing and creating Visio diagrams

    Additional Information

    McDonald’s is committed to providing qualified individuals with disabilities reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact recruiting.supportteam@us.mcd.com

    McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

    Nothing in this job posting or description should be construed as an offer or guarantee of employment.