Sr Analyst, Cyber Defense

As an L3 Response Analyst in the Security Operations Center (SOC), you apply defensive techniques and information from multiple sources to detect, analyze, and report cybersecurity incidents. You help protect McDonald's information assets. You support Incident Response, handle crisis situations, and reduce both immediate and potential cyber threats. Your knowledge of security operations, event monitoring, eDiscovery, forensics, and incident response is essential. This role is part of Global Cyber Security (GCS), which manages our Cybersecurity Defense & Incident Response program and critical services. It ensures leadership receives informed, risk-based insights.  

Working within the Incident Response team and coordinating with other Cyber Defense teams to identify and report on security incidents as they occur and overseeing end-to-end remediation. Activities will include triaging security events, network and endpoint analysis, malware reverse engineering, threat hunting, vulnerability-related blocking issues, and resolving security incidents from detection to remediation. As part of the Security Defense team, you will create and implement standard operating procedures, playbooks, and processes to help streamline response monitoring, investigations, and analysis research. The role works directly within GCS, the organization responsible for our Cybersecurity Defense & Incident Response program and critical services, ensuring our leadership makes informed risk-based decisions. 

The ideal candidate must have strong knowledge of cybersecurity practices, cloud platforms, detection and response systems, and all incident‑handling phases (containment, eradication, recovery, and lessons learned). They must follow and promote established incident response playbooks and procedures, work accurately, and collaborate effectively with global cross‑functional teams.

Required competencies:

• Advanced understanding of computer networking concepts, protocols, and network security methods.
• Solid experience assessing and reducing cyber threats and vulnerabilities.
• Advanced skills in authentication, authorization, and access control.
• Ability to apply and develop intrusion detection methods for host- and network-based threats.
• Strong knowledge of system and application security risks and the ability to develop and implement mitigation measures.
• Broad awareness of network attacks, related threats and vulnerabilities, and the ability to define countermeasures.
• Expertise in adversarial tactics, techniques, and procedures, with the ability to anticipate and neutralize them.
• Proficiency in eDiscovery and forensic investigations, including evidence collection, preservation, analysis, and presentation.
• Deep understanding of cyber‑attack phases and the ability to design defense strategies for each stage.
• Skill in Windows, MacOS, and/or Linux, including advanced security setup and troubleshooting.
• Experience mentoring junior analysts and supporting their skill development.
• Ability to design and implement advanced threat detection and response strategies.
• Skill in presenting detailed information and recommendations to senior management.

Responsibilities:

• Continuously monitor and analyze system activity with security operations tools to detect malicious behavior.
• Analyze network traffic and logs to identify threats to McDonald’s assets.
• Provide timely detection, identification, and analysis of potential attacks, distinguish threats from normal activity, and review tuning recommendations.
• Work with key collaborators to validate security events and support incident remediation.
• Perform event correlation for situational awareness and attack assessment.
• Conduct security operations and incident response trend analysis and reporting.
• Perform eDiscovery and forensic investigations to support incident investigations.
• Mentor analysts to support performance and growth aligned with team and organizational objectives.
• Develop and execute remediation plans based on incident response requirements.
• Support threat hunting across market networks by identifying IOCs and evidence of compromise.
• Lead and mentor junior analysts to strengthen team capability.

Minimum Requirements:

• Bachelor’s degree or equivalent experience in Computer Science, Cybersecurity, IT, Software Engineering, Information Systems, or Computer Engineering.
• 5+ years of experience in security operations or incident response, with a focus on forensic capabilities.

Desired Skills:

• Certifications such as GIAC, GCIH, GCIA, ITIL, GCFE, or GCFA.
• Familiarity with the NIST Risk Management Framework, NIST Cybersecurity Framework, and Cyber Kill Chain.
• Experience with case management platforms, SOAR, email protection, SIEM, EDR tools, and forensic tools (Autopsy, Velociraptor, Ghidra).
• Experience working with large, complex multinational organizations.
• Experience developing automation with scripting languages such as Python.

The ideal candidate must have strong knowledge of cybersecurity practices, cloud platforms, detection and response systems, and all incident‑handling phases (containment, eradication, recovery, and lessons learned). They must follow and promote established incident response playbooks and procedures, work accurately, and collaborate effectively with global cross‑functional teams.

Required competencies:

• Advanced understanding of computer networking concepts, protocols, and network security methods.
• Solid experience assessing and reducing cyber threats and vulnerabilities.
• Advanced skills in authentication, authorization, and access control.
• Ability to apply and develop intrusion detection methods for host- and network-based threats.
• Strong knowledge of system and application security risks and the ability to develop and implement mitigation measures.
• Broad awareness of network attacks, related threats and vulnerabilities, and the ability to define countermeasures.
• Expertise in adversarial tactics, techniques, and procedures, with the ability to anticipate and neutralize them.
• Proficiency in eDiscovery and forensic investigations, including evidence collection, preservation, analysis, and presentation.
• Deep understanding of cyber‑attack phases and the ability to design defense strategies for each stage.
• Skill in Windows, MacOS, and/or Linux, including advanced security setup and troubleshooting.
• Experience mentoring junior analysts and supporting their skill development.
• Ability to design and implement advanced threat detection and response strategies.
• Skill in presenting detailed information and recommendations to senior management.

Responsibilities:

• Continuously monitor and analyze system activity with security operations tools to detect malicious behavior.
• Analyze network traffic and logs to identify threats to McDonald’s assets.
• Provide timely detection, identification, and analysis of potential attacks, distinguish threats from normal activity, and review tuning recommendations.
• Work with key collaborators to validate security events and support incident remediation.
• Perform event correlation for situational awareness and attack assessment.
• Conduct security operations and incident response trend analysis and reporting.
• Perform eDiscovery and forensic investigations to support incident investigations.
• Mentor analysts to support performance and growth aligned with team and organizational objectives.
• Develop and execute remediation plans based on incident response requirements.
• Support threat hunting across market networks by identifying IOCs and evidence of compromise.
• Lead and mentor junior analysts to strengthen team capability.

Minimum Requirements:

• Bachelor’s degree or equivalent experience in Computer Science, Cybersecurity, IT, Software Engineering, Information Systems, or Computer Engineering.
• 5+ years of experience in security operations or incident response, with a focus on forensic capabilities.

Desired Skills:

• Certifications such as GIAC, GCIH, GCIA, ITIL, GCFE, or GCFA.
• Familiarity with the NIST Risk Management Framework, NIST Cybersecurity Framework, and Cyber Kill Chain.
• Experience with case management platforms, SOAR, email protection, SIEM, EDR tools, and forensic tools (Autopsy, Velociraptor, Ghidra).
• Experience working with large, complex multinational organizations.
• Experience developing automation with scripting languages such as Python.