Company Description
McDonald’s is proud to be one of the most recognized brands in the world, with restaurants in over 100 countries that serve 70 million customers daily. As the global leader in the food service industry, our legacy of innovation and hard work continues to drive us.
From drive thru updates to delivery to mobile order and pay, we are innovating quickly and growing. Joining McDonald's means thinking big and preparing for a career that can have influence around the world.
At McDonald’s, we see every day as a chance to create positive impact. We lead through our values centered on inclusivity, service, integrity, community and family. From support of Ronald McDonald House Charities to our Youth Opportunity project and sustainability initiatives, our values keep us dedicated to using our scale for good: good for our customers, people, industry and planet. We also offer a broad range of outstanding benefits including a sabbatical program, tuition assistance and flexible work arrangements - !
While most of us are working remote during COVID-19, we're excited to get back to our state-of-the-art headquarters in the booming West Loop of downtown Chicago! It's set up to be a global hub that cultivates collaboration:
Job Description
· Manage security vulnerability lifecycle from detection to notification and closure
· Proactively identify security threats in public cloud infrastructure
· Meet with a variety of stake holders to prioritize and remediate vulnerabilities
· Identify gaps in vulnerability management tooling and work with our technical partners and clients to assist with remediation of cloud vulnerabilities
· Monitor and review Cloud vulnerability and compliance scan results, and determine best strategy to drive remediation
· Perform research and analysis of cloud vulnerability assessments
· Maintain core body of knowledge on emerging cloud security risks and vulnerabilities
· Analyze penetration test results and engage with technology partners and business units to resolve identified vulnerabilities
· Engage with application and product teams to improve DevOps hygiene as it relates to application and vulnerability management
· Provide input and feedback on security architectures and employ automation for security controls where possible to improve process efficiency, effectiveness, and response
· Ensure appropriate operational hygiene is in place (OS/Application patching and vulnerability remediation, adoption of latest images, etc.)
· Define and report vulnerability and threat program roadmap, status, and metrics
· Act as a mentor and leader to team members
Key Competencies
· Outcome-Driven Orientation – Achieve results through calculated risks and manage important relationships. Stay immersed in Cloud Security and new capabilities to ensure no surprises. Engage relevant cloud capability Engineers, cloud product owners, business units and enterprise management on resolving trade-offs of scope, priority, business and technical risk, and business impact of dependencies. Collaborate with product teams as needed to ensure full transparency, keeping product stakeholders up to date with the latest on delivery status, product risks and scope changes.
· Communication – Convey the Cloud Security vision and other messages requiring action, in a way that brings people on board and builds their enthusiasm and engagement. Represent the Cloud Security product within that community ensuring all ecosystem partners feel heard, and well-served by the cloud organization. Keep everyone on the same page about cloud consumer needs and Cloud Security alignment.
· Technical Knowledge and Proficiency – Understand the language the Cloud Security product team uses to conduct the business of the team and be familiar with all the tools and techniques required to communicate with and assign work to a team. Operate within core technologies required to deliver Cloud Security capabilities. Translate technical language into business language to bridge the gap between business and technical professionals engaged in the full capability value stream.
Other Competencies
· 2+ years of experience in Information Security and vulnerability management
· Hands-on experience driving vulnerability management activities/programs
· Strong familiarity with Linux and Windows operating systems and cloud provider ecosystems like Amazon AWS; Practical knowledge of AWS foundation services
· Experience vulnerability scanning & management tools (Qualys, Prisma Cloud)
Additional Information
McDonald’s is committed to providing qualified individuals with disabilities reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact
McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Nothing in this job posting or description should be construed as an offer or guarantee of employment.
McDonald’s is proud to be one of the most recognized brands in the world, with restaurants in over 100 countries that serve 70 million customers daily. As the global leader in the food service industry, our legacy of innovation and hard work continues to drive us.
From drive thru updates to delivery to mobile order and pay, we are innovating quickly and growing. Joining McDonald's means thinking big and preparing for a career that can have influence around the world.
At McDonald’s, we see every day as a chance to create positive impact. We lead through our values centered on inclusivity, service, integrity, community and family. From support of Ronald McDonald House Charities to our Youth Opportunity project and sustainability initiatives, our values keep us dedicated to using our scale for good: good for our customers, people, industry and planet. We also offer a broad range of outstanding benefits including a sabbatical program, tuition assistance and flexible work arrangements - !
While most of us are working remote during COVID-19, we're excited to get back to our state-of-the-art headquarters in the booming West Loop of downtown Chicago! It's set up to be a global hub that cultivates collaboration:
- Take a class at Hamburger University
- Sample future items in our Test Kitchen
- Utilize the latest technology to connect with your team around the globe
Job Description
· Manage security vulnerability lifecycle from detection to notification and closure
· Proactively identify security threats in public cloud infrastructure
· Meet with a variety of stake holders to prioritize and remediate vulnerabilities
· Identify gaps in vulnerability management tooling and work with our technical partners and clients to assist with remediation of cloud vulnerabilities
· Monitor and review Cloud vulnerability and compliance scan results, and determine best strategy to drive remediation
· Perform research and analysis of cloud vulnerability assessments
· Maintain core body of knowledge on emerging cloud security risks and vulnerabilities
· Analyze penetration test results and engage with technology partners and business units to resolve identified vulnerabilities
· Engage with application and product teams to improve DevOps hygiene as it relates to application and vulnerability management
· Provide input and feedback on security architectures and employ automation for security controls where possible to improve process efficiency, effectiveness, and response
· Ensure appropriate operational hygiene is in place (OS/Application patching and vulnerability remediation, adoption of latest images, etc.)
· Define and report vulnerability and threat program roadmap, status, and metrics
· Act as a mentor and leader to team members
Key Competencies
- Business Acumen and Cloud Knowledge – Understand the financial drivers and dynamics driving business growth, and the organization's business goals. Enforce consistent standards for planning, designing, and deploying Cloud controls.
- Building Relationships – Establish and maintain support from key stakeholders to both identify and achieve Cloud Security objectives and outcomes. Builds professional networks among relevant stakeholders within and outside the Cloud Security product team in a manner designed to maximize the success of our cloud environment.
- Influencing, Collaborating With, and Leading Others – Communicate business unit and Cloud Security goals, objectives and priorities in a persuasive manner that builds support, agreement, and commitment. Exerts servant leadership, based on achieving common objectives. Takes actions that influence others to create support, gain trust and motivate actions in others, or win concessions without damaging relationships. Understands change management principles and techniques in helping the organization execute change as required to execute the overall Cloud Security product strategy. Reconciles perspectives on cloud architecture strategy and priorities into a consensus supported by the Cloud Security product owner and other stakeholders.
- Outside-In, Consumer-Driven, Design Thinking Perspective – Understand design thinking principals and techniques. Align Cloud Security capability with cloud governance product strategies. Reference consumer and market analytics when presenting ideas for key Cloud Security product decisions.
· Outcome-Driven Orientation – Achieve results through calculated risks and manage important relationships. Stay immersed in Cloud Security and new capabilities to ensure no surprises. Engage relevant cloud capability Engineers, cloud product owners, business units and enterprise management on resolving trade-offs of scope, priority, business and technical risk, and business impact of dependencies. Collaborate with product teams as needed to ensure full transparency, keeping product stakeholders up to date with the latest on delivery status, product risks and scope changes.
· Communication – Convey the Cloud Security vision and other messages requiring action, in a way that brings people on board and builds their enthusiasm and engagement. Represent the Cloud Security product within that community ensuring all ecosystem partners feel heard, and well-served by the cloud organization. Keep everyone on the same page about cloud consumer needs and Cloud Security alignment.
· Technical Knowledge and Proficiency – Understand the language the Cloud Security product team uses to conduct the business of the team and be familiar with all the tools and techniques required to communicate with and assign work to a team. Operate within core technologies required to deliver Cloud Security capabilities. Translate technical language into business language to bridge the gap between business and technical professionals engaged in the full capability value stream.
Other Competencies
- Strong time management skills
- Excellent communication, both verbal and written
- Complex problem-solving and ability to work well under minimal supervision
- Ability to work in a fast paced and changing environment
- Ability to influence without authority and work in a matrix organizational environment
· 2+ years of experience in Information Security and vulnerability management
· Hands-on experience driving vulnerability management activities/programs
· Strong familiarity with Linux and Windows operating systems and cloud provider ecosystems like Amazon AWS; Practical knowledge of AWS foundation services
· Experience vulnerability scanning & management tools (Qualys, Prisma Cloud)
- Experience communicating effectively with multiple levels of the organization
- Bachelor’s degree in Computer Science, Information Security, or related field preferred
- Certificate of Cloud Security Knowledge (CCSK) preferred, or other relevant security, cloud architecture, developer, sys-admin certification.
Additional Information
McDonald’s is committed to providing qualified individuals with disabilities reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact
McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
Nothing in this job posting or description should be construed as an offer or guarantee of employment.