Analyst, Application Security

Department Overview

The Global Technology organization designs, builds, and operates the platforms behind our global omni-channel experience. Within Global Technology, Global Cybersecurity Services (GCS) protects McDonald’s customers, crew, and brand by securing our digital ecosystem end-to-end.

The External Web Application and API Protection (E-WAAP) team is responsible for securing McDonald’s external web and API surfaces across web, mobile, and partner integrations using Akamai’s edge security platform (WAF, bot management, DDoS, CDN, and API security).

Duties

The Analyst, Application & API Security role is an entry-to-early-career position on the E-WAAP team. As an Analyst, you focus on monitoring, initial triage, staging validation, and operational support for Akamai security configurations, working closely with Engineers and Senior Engineers.

This role is a strong starting point for a career in application security, platform engineering, or cloud security.

Responsibilities & Accountabilities:

• Monitoring & first-line triage
• Monitor Akamai dashboards (Grafana), alerts, and logs for unusual traffic, errors, or performance issues impacting web or API properties.
• Perform first-line triage on alerts and tickets, gather context (affected application, timeframe, changes), and escalate to Engineers with clear summaries.
• Track incidents, changes, and requests in ServiceNow/Jira and ensure work items are correctly categorized and updated.
• Staging & validation
• Support staging configuration reviews by validating that URLs, headers, origins, and basic WAF/route behavior match expectations.
• Execute standard validation playbooks (e.g., test paths, error scenarios, status codes) and document results for Engineers.
• Assist with post-change and post-deployment validations in production to confirm no negative user impact.
• Data analysis & reporting
• Collect and organize metrics related to WAF activity, attack trends, false positives, performance, and coverage; help prepare recurring reports.
• Perform basic log analysis using dashboards, queries, and filters to highlight spikes, notable patterns, or anomalies.
• Documentation & process
• Maintain and update Confluence pages, runbooks, and SOPs for common tasks (validation steps, intake requirements, escalation paths).
• Help improve onboarding and intake templates used by application teams when requesting E-WAAP services.
• Participate in Agile ceremonies to stay aligned on priorities and upcoming work, capturing action items and updating tickets.

Qualifications

Basic Qualifications

• Bachelor’s degree in computer science, Information Technology, Engineering, or equivalent practical experience.
• 2-5 years of relevant experience in IT operations, support, security, or a related internship / apprenticeship.

• Basic understanding of Linux or cloud environments and basic scripting (Python, Bash, PowerShell, or similar).
• Basic Understanding of HTTP, TLS, DNS, CDN, SDK concepts, and basic web development (HTML, JavaScript, APIs).

• Basic understanding of web technologies (HTTP, browsers, simple web application behavior) and an interest in security.
• Comfort working with dashboards, logs, and ticketing tools (e.g., ServiceNow, Jira).
• Strong attention to detail, curiosity to learn, and willingness to follow structured processes and documentation.

Preferred Qualifications

• Exposure to any WAF/CDN platform (Akamai, Cloudflare, F5, etc.) through coursework, labs, internships, or self-learning.
• Experience using collaboration tools (Confluence, Jira, Teams) in a team environment.