Analyst, Penetration Testing (Cyber Security)

at  McDonalds Corporation

Company Description
McDonald’s new growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni-channel restaurant brand. As the consumer landscape shifts, we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 3Ds (Delivery, Digital and Drive Thru). McDonald’s will accelerate technology innovation so 65M+ customers a day will experience a fast, easy experience, whether at one of our 25,000 and growing Drive Thrus, through McDelivery, dine-in or takeaway.
Leading this revolution is McDonald’s Global Technology organization made up of intrapreneurs who get to build really cool tech with scary smart people using the latest innovations like AI, IOT, and edge computing. We do this working along diverse, global teams who are always hungry for a challenge. It’s bonus points when you get to see your family and friends use the tech you build at their favorite McD restaurant.
Job Description
The Analyst role will be part of the Offensive Security team within Global Cyber Security and will report to the Director of Offensive Security.
We are looking for an emerging professional who has experience with web and network penetration testing.

EXPERIENCED REQUIRED:

• Exposure to penetration testing tools and techniques (e.g., nmap, Burp Suite, Impacket Suite, Bloodhound, situational awareness, etc.).
• Excellent written and verbal communication/presentation skills to describe assessment details and technical analysis.
• Proficiency in managing multiple concurrent workstreams and competing priorities.
• Work within a global/multinational enterprise with flexible schedule accommodations for meetings, engagements, and operations.
• Experience with technical writing and demonstrating various creative communication mechanisms to diverse audiences.
• Understand the purpose and utilization of frameworks such as MITRE ATT&CK and the Cyber Kill Chain.

QUALIFICATIONS

• Bachelor’s degree or equivalent technical experience in offensive/defensive cybersecurity roles.
• Professional credentials such as OSCP, OSCE, OSEP, OSWE, GWAPT, GPEN, GXPN, GRTP, CRTO, PNPT, or comparable credentials.
• Knowledge of networking and web protocols (e.g., TCP/UDP, SSL/TLS, Wi-Fi protocols, routing, HTTP/S, REST/SOAP APIs, etc.).
• Knowledge of Windows/Active Directory/Linux systems administration and attack surface.
• Proficiency with programming and scripting. (Python, PowerShell, Go, C, C++, C#, JavaScript, etc.).
• Ability to manage multiple concurrent workstreams and competing priorities.
• Exposure to global/multinational enterprises with flexible schedule accommodations for meetings, engagements, and operations.
• Competency in working with and leveraging commercial/open-source offensive security tooling, such as C2, Breach and Attack Simulations (BAS), External Attack Surface Management (EASM), and other related services.
• Exposure to managing/using enterprise defensive security services such as EDR, SIEM, Email Gateway, and SOAR.
  Additional Information

• Assist in the identification of vulnerabilities and exposures within enterprise networks, systems, and applications through guided offensive security engagements.
• Contribute to preparing technical documents, reports, and summaries from analyses to provide situational awareness to stakeholders.
• Support the exploitation of embedded systems, web and mobile apps, cloud platforms, and office and restaurant networks.
• Regularly update management and stakeholders on the progress of projects, ensuring timely and effective communication.