US Security Engineer

Company Description

McDonald’s is proud to be one of the most recognized brands in the world, with restaurants in over 100 countries that serve 70 million customers daily. As the global leader in the food service industry, our legacy of innovation and hard work continues to drive us.
From drive thru updates to delivery to mobile order and pay, we are innovating quickly and growing. Joining McDonald’s means thinking big and preparing for a career that can have influence around the world.

At McDonald’s, we see every day as a chance to create positive impact. We lead through our values centered on inclusivity, service, integrity, community and family. From support of Ronald McDonald House Charities to our Youth Opportunity project and sustainability initiatives, our values keep us dedicated to using our scale for good: good for our customers, people, industry and planet. We also offer a broad range of outstanding benefits including a sabbatical program, tuition assistance and flexible work arrangements – check them out here!

We are enjoying the flexibility of a hybrid work model, splitting our time between remote work and connecting with co-workers in our state-of-the-art headquarters. Located in the booming West Loop of downtown Chicago, it’s set up to be a global hub that cultivates collaboration:

  • Take a class at Hamburger University
  • Sample future items in our Test Kitchen
  • Utilize the latest technology to connect with your team around the globe

We are an equal opportunity employer committed to the diversity of our crew members, staff, operators, and suppliers. We promote an inclusive work environment that creates feel-good moments for everyone. We are interested in people who enhance our company culture: Does this role interest you? We encourage you to apply even if you don’t meet every single requirement!

Job Description

Interested in growing McDonald’s US restaurant technology security? We are seeking someone who is curious and interested in learning, brings strong communication and collaboration skills, and helps others grow by sharing their expertise and support. The ideal candidate will have a strong information security background including previous experience with using the MITRE ATT&CK framework as well as prior threat analysis experience. DFIR experience with Microsoft Windows Server and Client Operating Systems. SIEM or other similar log aggregation solutions including proficiency with tuning, alerting, and event analysis. Experience using Endpoint Detection and Response tools such as Sentinel One, CrowdStrike or similar. Using Nessus or Qualys scanning tools and evaluating vulnerabilities. This candidate should be well versed in the NIST Cyber Security Framework, Incident Response procedures, and vulnerability management tools. The candidate must have previous experience with PCI compliance in a merchant environment as well as strong working knowledge of network protocols, understanding of the OSI model, authentication models, and security architectures. Experience in a retail environment is preferred. Candidate must be an organized self-starter who can work independently with minimal direction.

McDonald’s Corporation has an opportunity for an Information Security Engineer on the Global Technology Infrastructure & Operations / US IT Security team.

The GTIO / US IT Security department is responsible for ensuring that restaurant technology is secure and being monitored for unauthorized activity and threats.

In this role, the Information Security Engineer will work with product owners, business owners, and security customers to monitor and action identified threats, and advise and assist with implementing risk mitigations for a wide variety of security technologies used in restaurants. Duties include, but are not limited to, monitoring, tuning, and responding to threats identified by security controls, reviewing new project initiatives for proper security controls, conducting risk assessments, and evaluating risks, as well as participating in the annual PCI assessment processes. This role will help to shape, define, design, and implement additional security controls and processes that control the integrity and availability of technology used in the restaurant environment.

  • Conduct and evaluate security risk assessments associated with restaurant technologies, documenting identified risks and vulnerability for product owners.
  • Supervise and guide annual PCI assessment, working with a Project Manager, PCI assessor and process owners to ensure that the McDonald’s cardholder environment remains secure and maintains it annual PCI-DSS certification.
  • Monitor SentinelOne in the restaurant environment, work with our service provider to actively monitor, identify and respond to threats and vulnerabilities.
  • Perform regular Nessus scans of the restaurant environment to identify vulnerabilities and work with various owners to resolve or mitigate vulnerabilities.
  • Participate in activities associated with the scope and management of restaurant penetration testing.
  • Provide subject matter support to the business and collaborate closely with managed third-party security services as it pertains to centralized security solutions that monitor endpoint devices in restaurants.
  • Evaluate SentinelOne upgrade paths/functionality and make recommendations to leadership based on applicability to restaurant technologies and appropriately layered security.
  • Evaluate security vulnerabilities and patches, advising and recommending to business leaders on applicability of patches to restaurant technologies.
  • Provide level 3 support for security alerts received from MSSP / SOC.
  • Participate in documenting technology solutions and maintaining documentation as required for compliance and risk assessment activities

Qualifications

  • Must be fully vaccinated (i.e., at least 2 weeks after last dose) for COVID-19 and, if hired, present proof of vaccination by start date.
  • 5 – 10 years IT Security
  • Bachelor’s degree – Business or IT with related experience
  • Security certification: CISSP, GSEC, CEH, or Security+
  • Excellent verbal and written communication skills
  • Experience with Payment Card Industry (PCI) Report on Compliance (ROC) process
  • Experience with SentinelOne administration (or other EDR technologies)
  • Knowledge of security scanning products (Nessus, Qualys)
  • Administrator level knowledge – Windows and Linux environments
  • Familiarity with firewall administration concepts
  • Proficiency with Microsoft Access, Word, Excel, PowerPoint, SharePoint, and Visio
  • Experience developing complex Visio diagrams
  • SEIM log aggregation
  • Security Operations Center (SOC) analyst
  • IDS/IPS, NetGen Firewall administration
  • Endpoint security administration
  • Excellent problem-solving skills and ability to focus on details
  • Technical writing and creating Visio diagrams

Additional Information

McDonald’s is committed to providing qualified individuals with disabilities reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact recruiting.supportteam@us.mcd.com

McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Nothing in this job posting or description should be construed as an offer or guarantee of employment.

Job ID : REF2950I

More Information

Apply for this job

Leave your thoughts

Share this job