Director, Incident Response, Cyber Defense

Department Overview

The Director of Incident Response is the senior technical authority for McDonald’s global cybersecurity incidents. This role leads response to the most critical events while shaping the enterprise’s long-term incident response strategy.

You will design and evolve scalable frameworks that combine detection engineering, forensics, threat intelligence, and automation to strengthen resilience. Beyond containment and recovery, you’ll translate emerging threats into proactive defense strategies and advise executives during crises.

Collaboration is key, working with Threat Operations, Penetration Testing, Detection Engineering, and business collaborators to improve enterprise-wide readiness. You’ll also mentor security analysts, sharing technical expertise and building the next generation of responders.

This role necessitates exhibited expertise in intricate investigations, good judgment in fast-paced circumstances, and the capability to impact across a global, matrixed environment. It is a pinnacle technical position within the Detection & Response program, offering broad impact without direct people management responsibilities.

Responsibilities & Accountabilities

• Serve as the lead responder and technical authority for global crisis-level cybersecurity incidents, coordinating across executive, legal, and operational teams.
• Architect and optimize detection and containment strategies that align to business operations and risk tolerance.
• Develop detection logic, automation workflows, and forensic capabilities to accelerate MTTD and MTTR across distributed environments.
• Author and present high-impact executive-level incident reports and technical debriefs.
• Lead efforts to harden enterprise resilience by embedding lessons learned from incidents into architecture, policies, and controls.
• Champion training, mentoring, and upskilling of existing team members by building structured career pathways, facilitating cross-team knowledge sharing, and guiding analysts toward advanced technical and leadership roles.

Qualifications

The ideal candidate for this role is a recognized subject matter authority in incident response with a demonstrated ability to lead complex, enterprise-wide security investigations. You bring deep technical expertise, critical thinking, and operational excellence to the table. You are fluent in modern adversary tradecraft, and your insights directly influence global cyber defense strategy. The candidate must have:

• Proven expertise in conducting and directing advanced investigations involving APTs, insider threats, malware outbreaks, and zero-day exploitation across hybrid environments (on-prem/cloud).
• Proficiency in core security fields such as digital forensics (host and memory), malware reverse engineering, adversary simulation, and advanced threat detection.
• Outstanding communication and storytelling skills—capable of distilling intricate technical situations for senior, legal, and business management.
• Experience leading cross-functional incident postmortems, driving remediation roadmaps, and advancing organizational readiness through simulations, playbooks, and tabletop exercises.
• Ability to drive continuous improvement by evaluating emerging technologies, evolving adversary tactics, and integrating new intelligence into response playbooks.

Minimum Requirements

• Bachelor’s degree in Computer Science, Cybersecurity, Information Technology, or a related discipline—or equivalent hands-on experience in critical environments.
• 12+ years of proven experience in cybersecurity with a minimum of 7 years in senior-level incident response roles, including crisis-level incident handling and enterprise forensics.

Desired Skills:

• Advanced security certifications such as CISSP, OSCE, GCFA, GNFA, GREM, or GCTI.
• Experience architecting scalable IR capabilities or transforming incident response programs across large, globally distributed enterprises.
• Strong understanding of legal and regulatory requirements surrounding data breach handling, eDiscovery, and evidence preservation (e.g., GDPR, PCI-DSS, CCPA).
• Fluency in threat intelligence integration and proactive threat hunting workflows across multiple telemetry sources.
• Experience supporting executive-level briefings during high-profile or media-sensitive incidents.
• Prior involvement in red/blue/purple team partnership or adversary emulation planning.
• Experience building, mentoring, and scaling high-performing security teams, with a focus on knowledge transfer and professional development.
• Familiarity with cloud-native security architectures (AWS, Azure, GCP) and incident response in containerized or serverless environments.

Compensation

Bonus Eligible: Yes

Long - Term Incentive: Yes

Benefits Eligible: Yes

Salary Range

The expected salary range for this role is $168,350.00 - $218,860.00 per year
 
The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience, and other job-related factors.