Cyber Engineer III - API Security

Apply now »

Date: May 5, 2026

Location: Mexico City, MX, 6600

Company: McDonald's Corporation

Company Description

McDonald’s growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni-channel restaurant brand. As the consumer landscape shifts we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 3Ds (Delivery, Digital and Drive Thru). McDonald’s will accelerate technology innovation so 65M+ customers a day will experience a fast, easy experience, whether at one of our 25,000 and growing Drive Thrus, through McDelivery, dine-in or takeaway. 

McDonald’s Global Technology is here to power tomorrow’s feel-good moments.  

That’s why you’ll find us at the forefront of transformative technology, exploring new and innovative ways to serve our millions of customers and spread happiness one delicious Hot Fudge Sundae-dipped fry at a time. Using AI, robotics and emerging tech, we’re digitizing the Golden Arches. Combine that with our unparalleled global scale, and we’re reshaping all areas of the business, industry and every community that is home to a McDonald’s restaurant. We face complex tech challenges every day. But that’s where our diverse and talented teams come in. They’re made up of the best and brightest from all over the globe, and they thrive in the space where feel-good meets fast-paced.

Our Global Mexico City Office will be a hub for technology innovation and operational support to help us build the solutions that will improve our customer, crew and employee experience each and every day. 

Department Overview

McDonald’s new growth strategy, Accelerating the Arches, is built on our ambition to Double Down on the 3Ds: Delivery, Digital, and Drive-Thru. Technology is at the center of this strategy, enabling 65M+ customers each day to enjoy fast, easy, and secure experiences across web, mobile, and restaurant channels.

The Global Technology organization designs, builds, and operates the platforms behind our global omni-channel experience. Within Global Technology, Global Cybersecurity Services (GCS) protects McDonald’s customers, crew, and brand by securing our digital ecosystem end-to-end.

The External Web Application and API Protection (E-WAAP) team is responsible for securing McDonald’s external web and API surfaces across web, mobile, and partner integrations using Akamai’s edge security platform (WAF, bot management, DDoS, CDN, and API security).

The Senior Engineer, Application & API Security is a key member of the E-WAAP team and serves as a technical lead for our Akamai-based web and API security platform. You will:

  • Lead onboarding of new applications and APIs onto Akamai (WAF, CDN, bot, and API security capabilities).
  • Design and tune security policies to protect against OWASP Top 10, API abuse, bots, and DDoS while preserving performance and user experience.
  • Partner with product teams, developers, and cloud teams to embed E-WAAP into CI/CD and DevSecOps workflows.

This role reports into the G5 Manager, Application & API Security (E-WAAP) and will provide coaching and technical direction to G3 Engineers and G2/G3 Analysts as we in-source capabilities from our managed services provider.

Duties

 

Responsibilities & Accountabilities:

  • Platform engineering & design
    • Lead the onboarding of new web and API workloads to Akamai, from discovery and architecture review to staging, validation, and production cutover.
    • Design and implement WAF, bot management, DDoS, and rate-limiting policies tailored to application risk profiles and business requirements.
    • Build reusable configuration patterns, templates, and reference architectures for common McDonald’s application types (e.g., marketing sites, e-commerce, APIs, partner integrations).
    • Use Akamai APIs, automation frameworks, and infrastructure-as-code (e.g., Terraform, Python, CI/CD pipelines) to manage configurations at scale.
  • Security operations & tuning
    • Lead incident triage and investigations for WAF, API, and bot-related events; coordinate containment, tuning, and long-term fixes.
    • Analyze WAF and CDN logs to identify attacks, false positives, and evasion attempts; refine policies, exception sets, and custom rules.
    • Collaborate with Security Operations, Threat Intelligence, and product security teams to map emerging threats into new or updated rulesets.
    • Drive continuous improvement in detection quality, block rates, and false-positive reduction while maintaining performance SLAs.
  • Dev & automation focus
    • Partner with developers to integrate Akamai security checks into CI/CD (e.g., automated policy promotions, pre-prod validation jobs, automated regression checks).
    • Develop internal tools and scripts (Python, Bash, TypeScript, etc.) to streamline common workflows (policy cloning, bulk updates, configuration linting).
    • Provide technical requirements and guidance into product roadmaps for observability, logging, and security analytics.
  • Governance, metrics, and leadership
    • Own platform health and risk metrics (coverage, rule adoption, false positives, incident volume, MTTR) and present them regularly to leadership and stakeholders.
    • Lead operational governance forums with product teams to review posture, tuning backlog, and upcoming changes.
    • Mentor and coach G3 Engineers and Analysts; provide guidance on investigations, change reviews, and documentation.
    • Contribute to and lead updates of SOPs, intake processes, runbooks, and standards for Akamai and E-WAAP.

Qualifications

  • Bachelor’s degree in computer science, Engineering, Information Technology, or equivalent experience.
  • Knowledge of Agile software development process including application of Agile techniques and delivery practices and promoting adoption of Agile methodologies to secure outcome-driven mindset in product teams.
  • Experience working with large-scale, global, high-availability platforms (CDN, edge, or cloud) where performance and latency are critical.
  • Prior experience with Akamai APIs, Terraform, or other infrastructure-as-code tools for managing Akamai configurations at scale.
  • Familiarity with SIEM/SOAR tools and log analysis for WAF and CDN events.
  • Industry certifications in security or cloud (e.g., CISSP, CCSP, GIAC, cloud provider security certifications).

Additional information
At McDonalds we are People from all Walks of Life...


People are at the heart of everything we do, and they make the McDonalds experience. We embrace diversity and are committed to creating an inclusive culture that means people can be their best authentic self in our restaurants and offices, which helps us to better serve our customers. We have a strong heritage of diversity and representation within our communities, which we are proud of. The diversity of our people, customers, Franchisees, and suppliers gives us strength.

We do not tolerate inequality, injustice, or discrimination of any kind. These are hugely important issues and a brand with our reach and relevance means we have a very meaningful role to play.

We also recognise our responsibility as a large employer to continue being active in our communities, helping to develop skills and drive aspirations that will help people to be more aware of the world of work and more successful within it, whether with McDonalds or elsewhere.