Senior Analyst, Cyber Defense - Threat Operations

Department Overview

The Senior Analyst, Cyber Defense – Threat Operations position at McDonald's offers an outstanding chance for those eager to advance cyber defense through tactical threat intelligence and innovative initiatives. You will perform insider threat investigations and proactively identify insider risks across our global enterprise. You will lead efforts to protect our digital assets by conducting investigative threat hunts based on well-informed hypotheses. You will gather OSINT from surface, deep, and dark web sources to enhance visibility and improve response to external threats. Moreover, you will promote automation, develop detection content, and refine processes to support the Global SOC and IR teams. Join our driven team and help us build an extraordinary cyber defense strategy!

Responsibilities

· Triage alerts and events from intelligence partners while maintaining awareness of trending attacks, vectors, and emerging threats.

· Lead insider threat investigations and partner with other functions (HR, Legal, SOC, DataSec) to reduce internal exposure.

· Support the SOC with Tier III analysis and correlate telemetry across endpoint, identity, network, and cloud environments.

· Conduct proactive threat hunts grounded in clear assumptions aligned with MITRE ATT&CK.

· Publish reusable hunt notebooks and detection improvements using SPL, KQL, and Sigma.

· Willingness to train others, and act as a technical lead to help upskill the team.

· Conduct OSINT and deep web intelligence operations to identify digital threats (e.g. exposed credentials, infostealers) and reduce external exposure.

· Align controls with MITRE D3FEND, author technical advisories, drive runbooks/playbooks, improve workflows, and train/upskill team members as a technical lead.

Qualifications

Candidates must have practical experience in threat hunting, tactical CTI, insider threat, and daily use of security tools and telemetry. They should be skilled in analytical methods, the intelligence cycle, and detection based on frameworks like MITRE ATT&CK and D3FEND. They need to clearly present information to both technical and non-technical groups. Familiarity with models such as ATT&CK, Cyber Kill Chain, Diamond Model, Pyramid of Pain, D3FEND, and the NIST Cybersecurity Framework is required. Knowledge of malware techniques, threat actor TTPs, and common threat terminology is critical. Experience working with intelligence-sharing groups and collaborating with SOC and IR teams is important. Candidates must show deep technical understanding of the cyber threat landscape and countermeasures. It is important that they can analyze, condense, and effectively share large amounts of information with leadership and dynamic audiences.

· Bachelor’s degree or equivalent proven experience, complemented by relevant certifications like GIAC (GCTI/GOSI/GCIA/GCED), CompTIA Security+, or EC‑Council C|TIA (or similar training).

· 4–6+ years in cybersecurity roles such as SOC, IR, CTI, and hunting. Regularly work with SIEM, EDR, DLP, identity, and cloud telemetry. Include 2–4 years performing internal and external threat reconnaissance.

· 3+ years passionate about intelligence and threat hunting, operationalizing IOCs and TTPs at a global enterprise scale.

· Experience working alongside global enterprise organizations and collaborating across distributed teams.

· Direct experience running Threat Intelligence Platforms (MISP, ThreatConnect, Anomali) and STIX/TAXII 2.1 data ingestion and export.

Required Skills

· Familiar with network security architecture concepts, including topology, protocols, components, and defense-in-depth principles.

· Ability to work effectively with minimal oversight in a fast-paced, fluid environment while prioritizing tasks efficiently.

· Strong team-player mentality with willingness to collaborate across a distributed team and multiple departments.

· Proficient in MITRE ATT&CK (Enterprise), investigative hunt methods, and writing threat hunting queries across platforms to build detections and playbooks.

· Hands-on experience with SIEM, XDR, EDR, integrating threat intelligence feeds, and proficiency in DLP, UEBA, UAM for detecting internal risks while collaborating with HR, Legal, and IR.

· Experienced in OSINT and dark-web investigations, emphasizing OPSEC and evidence preservation, along with scripting/automation (Python, PowerShell) for enrichment and content management.

· Strong analytical skills, multi-functional security knowledge, and ability to present publicly as a leader with a clear security viewpoint.

· High integrity, dependability, autonomy, and outstanding interpersonal communication, negotiation, and presentation skills.

Desired Qualifications

· Master’s degree or comparable professional experience.

· Prior Military/US Government all-source or cyber intelligence background.

· Familiarity with SOAR workflows and case management.

· Strong understanding of data analytics and data visualization guidelines.

· Experience using Artificial Intelligence (AI) to streamline security operations.

Compensation

Bonus Eligible: YES

Long - Term Incentive: YES

Benefits Eligible: YES

Salary Range

The expected salary range for this role is $127,332.00 - $159,165.00 per year
 
The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience, and other job-related factors.