Analyst, Cyber Defense, Detection & Response - L2

Department Overview

As an L2 Response Analyst in the Security Operations Center (SOC), you use defensive strategies and data from multiple sources to detect, analyze, and report cybersecurity incidents. You help protect McDonald's information assets. You support the Incident Response process, handle crisis situations, and reduce immediate and future cyber risks. Your skills in security operations, event monitoring, and incident handling are essential. This position is part of Global Cyber Security (GCS), which manages our Cyber Defense & Incident Response program and vital services, helping leadership make informed risk decisions.

In collaboration with the Incident Response and Cyber Defense teams, you will contribute to long-term projects that improve our security posture. Our team is expanding quickly, and joining McDonald's means embracing big ideas daily while building a career that makes a global impact. We focus deeply on customers and strive to be industry leaders.

McDonald's or equivalent experience is investing heavily in technology to drive our growth. We are looking at how to use technology to improve the customer experience and build new customer experiences. We are also exploring technologies that can help us reduce or eliminate repetitive tasks and make employees’ jobs more exciting and rewarding. With all the new projects and initiatives, it is an exciting time to be on the cybersecurity team, helping to make a safer and Better McDonald's.

Duties

• Continuously monitor and analyze system activity using security operations tools to identify malicious activity.
• Characterize and analyze network traffic and logs to identify potential threats to McDonald’s assets.
• Examine network alerts from multiple sources across the enterprise to identify their root cause.
• Provide timely detection, identification, and analysis of possible attacks and intrusions, differentiating them from benign activities.
• Collaborate with the Incident Response (IR) team, market partners, and SOC to validate security events and offer tuning feedback.
• Perform event correlation to gain situational awareness and assess the efficiency of observed attacks.
• Perform security operations along with incident response trend analysis and reporting.
• Assist in constructing signatures for defense network tools in response to new or observed threats.
• Assist in eDiscovery and Forensic investigations.
• Monitor external data sources to stay informed about cyber defense threat conditions.
• Provide cybersecurity advice to leadership based on major threats and vulnerabilities.
• Collaborate with collaborators to resolve computer security incidents and ensure vulnerability compliance.

Qualifications

The ideal candidate for this role should have a strong grasp of cybersecurity methods, cloud platforms, detection and response systems, and incident management processes (containment, eradication, recovery, and lessons learned). They should be proficient in following defined incident response playbooks and procedures, demonstrate keen attention to detail, and collaborate effectively with global cross-functional teams. The candidate must have:

• Proficiency in computer networking concepts, protocols, and network security methodologies.
• Strong capability to assess cyber threats and vulnerabilities.
• Competence in authentication, authorization, and access control methods.
• Proficiency in applying intrusion detection methodologies and techniques for detecting host and network-based intrusions.
• Comprehensive understanding of system and application security threats and weaknesses.
• In-depth knowledge of network attacks and how they relate to threats and vulnerabilities.
• Proficiency in adversarial tactics, techniques, and procedures.
• Comprehensive knowledge of the stages of a cyber attack.
• Proficiency with Windows, MacOS, and/or Linux operating systems.

Minimum Requirements

• Bachelor’s degree or equivalent experience in Computer Science, Cybersecurity, Information Technology, Software Engineering, Information Systems, or Computer Engineering.
• 2+ years of experience working in a security operations or incident response role.

Desired Skills:

• Professional certification such as GIAC, GCIH, GCIA.
• Experience working with Incident Response Playbooks.
• Experience working with case management tools, SOAR, email security solutions, SIEM, and EDR technologies.
• Experience with network/data analysis, packet capture analysis, malware detection, custom intrusion signature development, and advanced information assurance.
• Experience developing automation through scripting languages such as Python.

Compensation

Bonus Eligible: YES

Long - Term Incentive: NO

Benefits Eligible: YES

Salary Range

The expected salary range for this role is $104,482.00 - $130,602.00 per year
 
The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience, and other job-related factors.