Analyst, Penetration Testing (Cyber Security)

Job Description
Company Description:
McDonald's new growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni-channel restaurant brand. As the consumer landscape shifts, we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 3Ds (Delivery, Digital and Drive Thru). McDonald's will accelerate technology innovation so 65M+ customers a day will experience a fast, easy experience, whether at one of our 25,000 and growing Drive Thrus, through McDelivery, dine-in or takeaway.
Leading this revolution is McDonald's Global Technology organization made up of intrapreneurs who get to build really cool tech with scary smart people using the latest innovations like AI, IOT, and edge computing. We do this working along diverse, global teams who are always hungry for a challenge. It's bonus points when you get to see your family and friends use the tech you build at their favorite McD restaurant.
Job Description:
The Analyst role will be part of the Offensive Security team within Global Cyber Security and will report to the Director of Offensive Security.
We are looking for an emerging professional who has experience with web and network penetration testing.
The ideal candidate will have:

• Developed skills in ethical hacking techniques and will be familiar with examining network, endpoint, cloud, and application security attack surfaces and vulnerabilities
• Excellent communication skills, a passion for learning, leadership traits, resilience, and self-awareness
• Analysts are expected to have an advanced understanding of the various stages of a cyber-attack, such as reconnaissance, privilege escalation, persistence, and defense evasion
• Perfect role for those embarking on their career in offensive security, offering a unique opportunity to grow and make a significant impact on one of the world's most recognizable brands.

Responsibilities:

• Assist in the identification of vulnerabilities and exposures within enterprise networks, systems, and applications through guided offensive security engagements.
• Contribute to preparing technical documents, reports, and summaries from analyses to provide situational awareness to stakeholders.
• Support the exploitation of embedded systems, web and mobile apps, cloud platforms, and office and restaurant networks.
• Regularly update management and stakeholders on the progress of projects, ensuring timely and effective communication.

Experienced required:

• Exposure to penetration testing tools and techniques (e.g., nmap, Burp Suite, Impacket Suite, Bloodhound, situational awareness, etc.).
• Excellent written and verbal communication/presentation skills to describe assessment details and technical analysis.
• Proficiency in managing multiple concurrent workstreams and competing priorities.
• Work within a global/multinational enterprise with flexible schedule accommodations for meetings, engagements, and operations.
• Experience with technical writing and demonstrating various creative communication mechanisms to diverse audiences.
• Understand the purpose and utilization of frameworks such as MITRE ATT&CK and the Cyber Kill Chain.

Qualifications:

• Bachelor's degree or equivalent technical experience in offensive/defensive cybersecurity roles.
• Professional credentials such as OSCP, OSCE, OSEP, OSWE, GWAPT, GPEN, GXPN, GRTP, CRTO, PNPT, or comparable credentials.
• Knowledge of networking and web protocols (e.g., TCP/UDP, SSL/TLS, Wi-Fi protocols, routing, HTTP/S, REST/SOAP APIs, etc.).
• Knowledge of Windows/Active Directory/Linux systems administration and attack surface.
• Proficiency with programming and scripting. (Python, PowerShell, Go, C, C++, C#, JavaScript, etc.).
• Ability to manage multiple concurrent workstreams and competing priorities.
• Exposure to global/multinational enterprises with flexible schedule accommodations for meetings, engagements, and operations.
• Competency in working with and leveraging commercial/open-source offensive security tooling, such as C2, Breach and Attack Simulations (BAS), External Attack Surface Management (EASM), and other related services.
• Exposure to managing/using enterprise defensive security services such as EDR, SIEM, Email Gateway, and SOAR.

Additional Information:
At McDonald's we are People from all Walks of Life...
People are at the heart of everything we do, and they make the McDonald's experience. We embrace diversity and are committed to creating an inclusive culture that means people can be their best authentic self in our restaurants and offices, which helps us to better serve our customers. We have a strong heritage of diversity and representation within our communities, which we are proud of. The diversity of our people, customers, Franchisees and suppliers gives us strength.
We do not tolerate inequality, injustice or discrimination of any kind. These are hugely important issues and a brand with our reach and relevance means we have a very meaningful role to play.
We also recognise our responsibility as a large employer to continue being active in our communities, helping to develop skills and drive aspirations that will help people to be more aware of the world of work and more successful within it, whether with McDonald's or elsewhere."