Analyst, Penetration Testing

McDonald’s new growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni-channel restaurant brand. As the consumer landscape shifts, we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 4Ds (Delivery, Digital, Drive Thru, and Development). Our growth pillars emphasize the critical role technology plays as the best-in-class, global omni-channel restaurant brand. Technology enables the organization through digital technologies, and improving the customer, crew, and employee experience each and every day.

Leading the security of our business is the Global Cyber Security (GCS) organization made up of leading practitioners who partner with the enterprise and provide security for the next set of groundbreaking opportunities business. We take on the highest security challenges for McDonalds – driving security platforms, enabling McDonalds to do business securely, and helping continuously mature secure practices for McDonalds all while improving operational effectiveness. GCS provides access to compelling career paths for aspiring technologists. It’s bonus points when you get to see your family and friends use the tech you secure at their favorite McDonald’s restaurant.

The Analyst role will be part of the Penetration Testing team within Global Cyber Security and will work with the Director of Penetration Testing. We are looking for an emerging professional who has experience with web and network penetration testing. The ideal candidate will have developed skills in ethical hacking techniques and will be familiar with examining network, endpoint, cloud, and application security attack surfaces and vulnerabilities. We value superb communication skills, a passion for learning, leadership traits, resilience, and self-awareness. Analysts need to grasp the different steps involved in a cyber-attack, like reconnaissance, privilege escalation, persistence, and defense evasion. This role is perfect for those embarking on their career in offensive security, offering a unique opportunity to grow and make a significant impact on one of the world’s most recognizable brands.

Responsibilities

• Assist in the identification of vulnerabilities and exposures within enterprise networks, systems, and applications through guided offensive security engagements.
• Contribute to preparing technical documents, reports, and summaries from analyses to provide situational awareness to partners.
• Support the exploitation of embedded systems, web and mobile apps, cloud platforms, and office and restaurant networks.
• Regularly update management and partners on the progress of projects, ensuring timely and effective communication.

Benefits eligible: Yes

Bonus eligible: Yes

The expected salary range for this role is $98,140.00 to $125,130.00 per year

The above represents the encouraged salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience, and other job-related factors.

• Exposure to penetration testing tools and techniques (e.g., nmap, Burp Suite, Impacket Suite, Bloodhound, situational awareness, etc.).
• Excellent written and verbal communication/presentation skills to describe assessment details and technical analysis.
• Proficiency in leading multiple concurrent workstreams and competing priorities.
• Work within a global/multinational enterprise with flexible schedule accommodations for meetings, engagements, and operations.
• Experience with technical writing and demonstrating various creative communication mechanisms to diverse audiences.
• Understand the purpose and utilization of frameworks such as MITRE ATT&CK and the Cyber Kill Chain.

Desired Skills:

• Bachelor's degree or equivalent experience in offensive/defensive cybersecurity roles.
• Professional credentials such as OSCP, OSCE, OSEP, OSWE, GWAPT, GPEN, GXPN, GRTP, CRTO, PNPT, or comparable credentials.
• Knowledge of networking and web protocols (e.g., TCP/UDP, SSL/TLS, Wi-Fi protocols, routing, HTTP/S, REST/SOAP APIs, etc.).
• Knowledge of Windows/Active Directory/Linux systems administration and attack surface.
• Proficiency with programming and scripting. (Python, Powershell, Go, C, C++, C#, Javascript, etc.).
• Ability to lead multiple concurrent workstreams and competing priorities.
• Exposure to global/multinational enterprises with flexible schedule accommodations for meetings, engagements, and operations.
• Proficient in applying commercial and open-source offensive security tools like C2, BAS, and EASM.
• Exposure to leading/using enterprise defensive security services such as EDR, SIEM, Email Gateway, and SOAR.

Benefits eligible: This position offers health and welfare benefits, a 401(k) plan, adoption assistance program, educational assistance program, flexible ways of working, and time off policies (including sick leave, parental leave, and vacation/PTO). Eligibility requirements apply to some benefits and may depend on job classification and length of employment. 

Bonus eligible: This position is eligible for a bonus, calculated based on individual and company performance.

McDonald’s is committed to providing qualified individuals with reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact [email protected]

McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Nothing in this job posting or description should be construed as an offer or guarantee of employment.