Snr Manager, Cyber Defense Detection & Response

Job Description
Company Description:
McDonald's growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni-channel restaurant brand. As the consumer landscape shifts we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 3Ds (Delivery, Digital and Drive Thru). McDonald's will accelerate technology innovation so 65M+ customers a day will experience a fast, easy experience, whether at one of our 25,000 and growing Drive Thrus, through McDelivery, dine-in or takeaway.
McDonald's Global Technology is here to power tomorrow's feel-good moments.
That's why you'll find us at the forefront of transformative technology, exploring new and innovative ways to serve our millions of customers and spread happiness one delicious Hot Fudge Sundae-dipped fry at a time. Using AI, robotics and emerging tech, we're digitizing the Golden Arches. Combine that with our unparalleled global scale, and we're reshaping all areas of the business, industry and every community that is home to a McDonald's restaurant. We face complex tech challenges every day. But that's where our diverse and talented teams come in. They're made up of the best and brightest from all over the globe, and they thrive in the space where feel-good meets fast-paced.
Check out the McDonald's Global Technology Technical Blog to learn how technology and our global team are directly enabling the Accelerating the Arches strategy.
Job Description:
As the Senior Manager for the Global Security Operations Center Detection and Response Team, you will have a direct impact on the tactical implementation of incident response and security operations across McDonald's. This role involves enhancing our incident response, threat monitoring, and forensics capabilities in collaboration with cyber threat intelligence and offensive security teams. Your expertise will shape incident response strategies, playbook development, and program maturity.
Working within the GSOC Detection and Response Team you will identify and investigate intrusions, determine their cause and extent, and respond effectively. Leveraging SIEM, EDR, and email security solutions, along with threat intelligence sources, you will play a crucial role in ensuring McDonald's cybersecurity resilience. This role operates within a specialized team that responds to complex security events worldwide and conducts cyber threat hunting in multifaceted environments, utilizing various tools and techniques. The role works directly within Global Cyber Security (GCS), the organization responsible for our Cybersecurity Operations & Incident Response program and critical services, ensuring our leadership makes informed risk-based decisions.
You will work in a fast-paced and highly collaborative environment, contributing to incident response and eDiscovery/Forensics efforts, and your expertise will be instrumental in safeguarding McDonald's security in an ever-evolving threat landscape.
McDonald's is investing heavily in technology to drive our growth. We're looking at how to use technology to improve the customer experience and build new customer experiences. We're also exploring technologies that can help us reduce or eliminate repetitive tasks and make employees' jobs more exciting and rewarding. With all the new projects and initiatives, it is an exciting time to be on the cybersecurity team, helping to make a safer and Better McDonald's.
The ideal candidate:
Should possess prior experience in incident response and computer forensics, along with a demonstrated ability to collaborate effectively in the field of cyber threat intelligence. This role demands a proven track record in incident handling, including hands-on experience working within or alongside security incident investigation teams.
The candidate is expected to exhibit expertise in tracking advanced persistent threats (APTs) and targeted cybercrime threat campaigns, encompassing a comprehensive understanding of their associated Tactics, Techniques, and Procedures (TTPs) and malicious toolsets. Proficiency with a range of cybersecurity tools and a solid background in cyber security operations, security monitoring, Endpoint Detection and Response (EDR), and Security Information and Event Management (SIEM) solutions is essential for success in this role.
Within the realm of eDiscovery and Forensics, the candidate should be familiar with both Windows and Unix-based operating systems, as well as administrative tools for these platforms. Proficiency in Windows disk and memory forensics, Unix or Linux disk and memory forensics, and static and dynamic malware analysis is required. Furthermore, a deep understanding of forensic file system and memory techniques, along with mastery of widely-used toolsets such as EnCase, FTK (Forensic Toolkit), IDA Pro, or OllyDbg, constitutes a fundamental aspect of this position.
Responsibilities:

• Monitor for threats in collaboration with SOC/SIEM partners, understanding escalation criteria and thresholds.
• Mentor analysts to promote their performance and career growth in alignment with department and organizational objectives.
• Plan and execute protective measures, including policy, processes, and cybersecurity awareness.
• Develop and implement remediation plans in conjunction with incident response requirements.
• Support threat hunting efforts across market networks, identifying indicators of compromise (IOCs) and evidence of compromise.
• Identify attacker tools, tactics, and procedures to develop IOCs based on security solution output.
• Participate in the creation and dissemination of tactical threat products, such as reports and briefings.
• Provide tuning guidance to managed security providers for detection signatures.
• Collect, analyze, and provide informed assessments of technical IOCs gathered during security events to refine detection and response efforts.
• Share IOCs with the Cyber Threat Intelligence team for additional enrichment and hunting opportunities.
• Collaborate directly with the Offensive Security team to support market-level testing of emerging threats correlated with security events at McDonald's.

Desired Skills:

• Security certifications: OSCP, SANS GIAC (GREM, GCFA, GCIH), CISSP.
• Familiarity with exploitation and vulnerability analysis.
• Proficiency in technical writing and demonstrating various creative mechanisms to communicate to diverse audiences.
• Network traffic and protocol analysis utilizing tools such as Wireshark.
• Applied knowledge of security controls such as authentication and identity management, security-enhanced network architectures, and application-based controls (including Windows, Unix, and network equipment).
• Strong analytic, qualitative, and quantitative reasoning skills.

Qualifications:

• Bachelor's degree or equivalent experience in Computer Science, Cybersecurity, Information Technology, Software Engineering, Information Systems, or Computer Engineering.
• Experience in IT Security Incident Management, with a focus on global problem and incident management.
• Strong experience working with a SOC/NOC and legal operations.
• Demonstrated expertise in leading SOC Teams.
• In-depth understanding and practical application of the NIST Framework for Cybersecurity.
• Strong commitment to cybersecurity and a sense of personal accountability for the organization's security posture.

Additional Information:
McDonald's is an equal opportunity employer committed to the diversity of our workforce. We promote an inclusive work environment that creates feel-good moments for everyone. McDonald's provides reasonable accommodations to qualified individuals with disabilities as part of the application or hiring process or to perform the essential functions of their job. If you need assistance accessing or reading this job posting or otherwise feel you need an accommodation during the application or hiring process, please contact [email protected] . Reasonable accommodations will be determined on a case-by-case basis.
McDonald's provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Nothing in this job posting or description should be construed as an offer or guarantee of employment.