Jobs2Careers logoHome
Turn Job Alerts On
McDonald's Hero
McDonald's Logo
McDonald's
Chicago,IL
$209,207/yr
New

Description

Company Description:McDonald's growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni‑channel restaurant brand. As the consumer landscape shifts we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 3Ds (Delivery, Digital and Drive Thru). McDonald's will accelerate technology innovation so 65M+ customers a day will experience a fast, easy experience, whether at one of our 25,000 and growing drive‑thrus, through McDelivery, dine‑in or takeaway.McDonald's Global Technology is here to power tomorrow's feel‑good moments.That's why you'll find us at the forefront of transformative technology, exploring new and innovative ways to serve our millions of customers and spread happiness one delicious Hot Fudge Sundae‑dipped fry at a time. Using AI, robotics and emerging tech, we're digitizing the Golden Arches. Combine that with our unparalleled global scale, and we're reshaping all areas of the business, industry and every community that is home to a McDonald's restaurant. We face complex tech challenges every day. But that's where our diverse and talented teams come in. They're made up of the best and brightest from all over the globe, and they thrive in the space where feel‑good meets fast‑paced.Check out the McDonald's Global Technology Technical Blog to learn how technology and our global team are directly enabling the Accelerating the Arches strategy.Department OverviewAs Senior Manager, Offensive Security, you will lead a global team of penetration testers and red team operators responsible for proactively identifying, validating, and communicating real‑world security risks across McDonald's enterprise. Reporting directly to the Director, Threat Operations & Offensive Security, you are the primary people leader on the offensive security side of the organization — managing all individual contributors across the United States and United Kingdom.This role is both strategic and deeply technical. You will own the day‑to‑day operations of offensive security services while simultaneously bridging the gap between highly technical hackers and senior executive leadership. You will be responsible for assessment planning and scheduling, stakeholder and customer relationship management, operational delivery, and communicating risk‑based outcomes to audiences ranging from engineering teams to the CIO and CISO.You will partner closely with Incident Response, Detection Engineering, Security Operations (GSOC), Threat Operations, and Technology Risk partners to execute Purple Team exercises and cross‑domain engagements that continuously strengthen McDonald's detection and response capabilities. This role sits within Global Cyber Security (GCS), the organization responsible for securing McDonald's information assets at a global level and ensuring our leadership makes informed, risk‑based decisions.ResponsibilitiesOperational Leadership & Service DeliveryOwn day‑to‑day operations of McDonald's Offensive Security program, including intake management, assessment scheduling, scoping, rules of engagement, execution oversight, and reportingManage complex, concurrent testing engagements across cloud, network, infrastructure, hardware, application, mobile, and SaaS environmentsServe as the primary customer‑facing point of contact for internal stakeholdersRed Team & Adversary EmulationPlan and execute Red Team operations, adversary simulations, and adversary emulation exercises informed by real‑world threat intelligence and the MITRE ATT&CK frameworkDesign and lead custom Cyber Defense Exercises (CDX), tabletop simulations, social engineering campaigns, and physical security assessmentsExecutive Communication & MetricsTranslate complex technical findings into actionable, risk‑ranked business impact assessments for executive leadership, including CIO and CISO audiencesDevelop, measure, and track metrics and KPIs to assess the performance, effectiveness, and business value of offensive security operationsProduce high‑quality technical reports, executive summaries, findings documentation, and remediation recommendationsPeople Leadership & Team DevelopmentServe as the people leader for all offensive security individual contributors (penetration testers, red team operators, offensive security analysts) across the US and UKProvide hands‑on technical guidance and mentorship — able to work side‑by‑side with the team on complex assessments while coaching junior and senior analysts alikeStrategy & Program DevelopmentSupport the Director in defining and executing the offensive security strategy, roadmap, and program objectives aligned to enterprise risk prioritiesCollaborate cross‑functionally with different teams to ensure offensive findings feed into unified remediation pipelinesQualifications8+ years of experience in offensive security, penetration testing, red teaming, or ethical hacking4+ years of direct people leadership experience managing technical cybersecurity teams3+ years of experience managing complex, global projects and initiatives across multiple regionsExpert‑level understanding of adversarial tactics, techniques, and procedures (TTPs), the cyber kill chain, and MITRE ATT&CK frameworkExtensive hands‑on experience across multiple testing disciplines: application, cloud, network, infrastructure, hardware, and mobile penetration testingDemonstrated ability to lead teams through all stages of a cyber‑attack lifecycle (reconnaissance, scanning, enumeration, gaining access, privilege escalation, maintaining access, network exploitation, and covering tracks)Qualified to mentor analysts in examining system and application security threats and vulnerabilities (e.g., buffer overflow, cross‑site scripting, SQL injection, race conditions, return‑oriented attacks, malicious code)Proven ability to operate with minimal oversight, make quick and effective decisions, and navigate ambiguity in fast‑paced, deadline‑driven environmentsMastery of commercial and open‑source offensive security tools and frameworksDesired SkillsProfessional certifications such as OSCP, OSCE, GXPN, GCPN, GCDA, GPEN, GWAPT, CRTO, CEH, or equivalentExpert understanding of cloud security architectures (Azure, AWS, GCP) and modern application/API security testingExperience with C2 frameworks (e.g., Cobalt Strike, Mythic, Sliver), BAS platforms (e.g., SafeBreach), and EASM toolsExperience managing vulnerability disclosure programs (VDP), bug bounty programs, or coordinated disclosure processesStrong understanding of SIEM/SOAR platforms, detection engineering workflows, and how offensive findings integrate with defensive operationsExperience managing MSSP relationships, vendor SOWs, and hybrid delivery models for offensive security servicesCompensationBonus Eligible: YESLong‑Term Incentive: YESBenefits Eligible: YESSalary RangeThe expected salary range for this role is $167,366.00 – $209,207.00 per year.The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience and other job‑related factors.Additional InformationBenefits eligible: This position offers health and welfare benefits, including but not limited to comprehensive health insurance, which includes medical, prescription drug, mental health, dental and vision coverage, as well as life insurance.Bonus eligible: This position is eligible for a bonus, calculated based on individual and company performance.Long‑term Incentive eligible: This position is eligible for stock or other equity grants pursuant to McDonald's long‑term incentive plan.McDonald's is an equal opportunity employer committed to the diversity of our workforce. We promote an inclusive work environment that creates feel‑good moments for everyone. McDonald's provides reasonable accommodations to qualified individuals with disabilities as part of the application or hiring process or to perform the essential functions of their job. If you need assistance accessing or reading this job posting or otherwise feel you need an accommodation during the application or hiring process, please contact mcdhrbenefits@us.mcd.com. Reasonable accommodations will be determined on a case‑by‑case basis.McDonald's provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.Nothing in this job posting or description should be construed as an offer or guarantee of employment.#J-18808-Ljbffr

Turn Job Alerts On
McDonald's Hero
McDonald's Logo
McDonald's
Chicago,IL
$209,207/yr
New

Description

Company Description:McDonald's growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni‑channel restaurant brand. As the consumer landscape shifts we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 3Ds (Delivery, Digital and Drive Thru). McDonald's will accelerate technology innovation so 65M+ customers a day will experience a fast, easy experience, whether at one of our 25,000 and growing drive‑thrus, through McDelivery, dine‑in or takeaway.McDonald's Global Technology is here to power tomorrow's feel‑good moments.That's why you'll find us at the forefront of transformative technology, exploring new and innovative ways to serve our millions of customers and spread happiness one delicious Hot Fudge Sundae‑dipped fry at a time. Using AI, robotics and emerging tech, we're digitizing the Golden Arches. Combine that with our unparalleled global scale, and we're reshaping all areas of the business, industry and every community that is home to a McDonald's restaurant. We face complex tech challenges every day. But that's where our diverse and talented teams come in. They're made up of the best and brightest from all over the globe, and they thrive in the space where feel‑good meets fast‑paced.Check out the McDonald's Global Technology Technical Blog to learn how technology and our global team are directly enabling the Accelerating the Arches strategy.Department OverviewAs Senior Manager, Offensive Security, you will lead a global team of penetration testers and red team operators responsible for proactively identifying, validating, and communicating real‑world security risks across McDonald's enterprise. Reporting directly to the Director, Threat Operations & Offensive Security, you are the primary people leader on the offensive security side of the organization — managing all individual contributors across the United States and United Kingdom.This role is both strategic and deeply technical. You will own the day‑to‑day operations of offensive security services while simultaneously bridging the gap between highly technical hackers and senior executive leadership. You will be responsible for assessment planning and scheduling, stakeholder and customer relationship management, operational delivery, and communicating risk‑based outcomes to audiences ranging from engineering teams to the CIO and CISO.You will partner closely with Incident Response, Detection Engineering, Security Operations (GSOC), Threat Operations, and Technology Risk partners to execute Purple Team exercises and cross‑domain engagements that continuously strengthen McDonald's detection and response capabilities. This role sits within Global Cyber Security (GCS), the organization responsible for securing McDonald's information assets at a global level and ensuring our leadership makes informed, risk‑based decisions.ResponsibilitiesOperational Leadership & Service DeliveryOwn day‑to‑day operations of McDonald's Offensive Security program, including intake management, assessment scheduling, scoping, rules of engagement, execution oversight, and reportingManage complex, concurrent testing engagements across cloud, network, infrastructure, hardware, application, mobile, and SaaS environmentsServe as the primary customer‑facing point of contact for internal stakeholdersRed Team & Adversary EmulationPlan and execute Red Team operations, adversary simulations, and adversary emulation exercises informed by real‑world threat intelligence and the MITRE ATT&CK frameworkDesign and lead custom Cyber Defense Exercises (CDX), tabletop simulations, social engineering campaigns, and physical security assessmentsExecutive Communication & MetricsTranslate complex technical findings into actionable, risk‑ranked business impact assessments for executive leadership, including CIO and CISO audiencesDevelop, measure, and track metrics and KPIs to assess the performance, effectiveness, and business value of offensive security operationsProduce high‑quality technical reports, executive summaries, findings documentation, and remediation recommendationsPeople Leadership & Team DevelopmentServe as the people leader for all offensive security individual contributors (penetration testers, red team operators, offensive security analysts) across the US and UKProvide hands‑on technical guidance and mentorship — able to work side‑by‑side with the team on complex assessments while coaching junior and senior analysts alikeStrategy & Program DevelopmentSupport the Director in defining and executing the offensive security strategy, roadmap, and program objectives aligned to enterprise risk prioritiesCollaborate cross‑functionally with different teams to ensure offensive findings feed into unified remediation pipelinesQualifications8+ years of experience in offensive security, penetration testing, red teaming, or ethical hacking4+ years of direct people leadership experience managing technical cybersecurity teams3+ years of experience managing complex, global projects and initiatives across multiple regionsExpert‑level understanding of adversarial tactics, techniques, and procedures (TTPs), the cyber kill chain, and MITRE ATT&CK frameworkExtensive hands‑on experience across multiple testing disciplines: application, cloud, network, infrastructure, hardware, and mobile penetration testingDemonstrated ability to lead teams through all stages of a cyber‑attack lifecycle (reconnaissance, scanning, enumeration, gaining access, privilege escalation, maintaining access, network exploitation, and covering tracks)Qualified to mentor analysts in examining system and application security threats and vulnerabilities (e.g., buffer overflow, cross‑site scripting, SQL injection, race conditions, return‑oriented attacks, malicious code)Proven ability to operate with minimal oversight, make quick and effective decisions, and navigate ambiguity in fast‑paced, deadline‑driven environmentsMastery of commercial and open‑source offensive security tools and frameworksDesired SkillsProfessional certifications such as OSCP, OSCE, GXPN, GCPN, GCDA, GPEN, GWAPT, CRTO, CEH, or equivalentExpert understanding of cloud security architectures (Azure, AWS, GCP) and modern application/API security testingExperience with C2 frameworks (e.g., Cobalt Strike, Mythic, Sliver), BAS platforms (e.g., SafeBreach), and EASM toolsExperience managing vulnerability disclosure programs (VDP), bug bounty programs, or coordinated disclosure processesStrong understanding of SIEM/SOAR platforms, detection engineering workflows, and how offensive findings integrate with defensive operationsExperience managing MSSP relationships, vendor SOWs, and hybrid delivery models for offensive security servicesCompensationBonus Eligible: YESLong‑Term Incentive: YESBenefits Eligible: YESSalary RangeThe expected salary range for this role is $167,366.00 – $209,207.00 per year.The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience and other job‑related factors.Additional InformationBenefits eligible: This position offers health and welfare benefits, including but not limited to comprehensive health insurance, which includes medical, prescription drug, mental health, dental and vision coverage, as well as life insurance.Bonus eligible: This position is eligible for a bonus, calculated based on individual and company performance.Long‑term Incentive eligible: This position is eligible for stock or other equity grants pursuant to McDonald's long‑term incentive plan.McDonald's is an equal opportunity employer committed to the diversity of our workforce. We promote an inclusive work environment that creates feel‑good moments for everyone. McDonald's provides reasonable accommodations to qualified individuals with disabilities as part of the application or hiring process or to perform the essential functions of their job. If you need assistance accessing or reading this job posting or otherwise feel you need an accommodation during the application or hiring process, please contact mcdhrbenefits@us.mcd.com. Reasonable accommodations will be determined on a case‑by‑case basis.McDonald's provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.Nothing in this job posting or description should be construed as an offer or guarantee of employment.#J-18808-Ljbffr


Smart Searches

Related Job Titles To Defense

Browse Jobs in Top Cities

Browse Jobs by State

Browse Jobs by Title

Post a Job

About

Advice

Contact

© 2026 Jobs2Careers. All rights reserved.

Privacy Policy

Terms of Use

Your Privacy ChoicesCalifornia Consumer Privacy Act (CCPA) Opt-Out Icon

Logos provided by Logo.dev

Jobs2Careers Powered by Talroo