Apply on Employer Site

McDonald's · 9 hours ago

Senior Analyst, Cyber Defense - Threat Operations

Chicago, IL, US, 60607

Full-time

Onsite

Mid, Senior Level

$127K/yr - $159K/yr

4+ years exp

McDonald's is a globally recognized brand and leader in the foodservice industry, committed to innovation and positive impact. The Senior Analyst, Cyber Defense – Threat Operations will advance cyber defense through tactical threat intelligence, conduct insider threat investigations, and enhance visibility to external threats. This role involves leading efforts to protect digital assets and support the Global SOC and IR teams.

Restaurants

H1B Sponsor Likely

Responsibilities

Triage alerts and events from intelligence partners while maintaining awareness of trending attacks, vectors, and emerging threats

Lead insider threat investigations and partner with other functions (HR, Legal, SOC, DataSec) to reduce internal exposure

Support the SOC with Tier III analysis and correlate telemetry across endpoint, identity, network, and cloud environments

Conduct proactive threat hunts grounded in clear assumptions aligned with MITRE ATT&CK

Publish reusable hunt notebooks and detection improvements using SPL, KQL, and Sigma

Willingness to train others, and act as a technical lead to help upskill the team

Conduct OSINT and deep web intelligence operations to identify digital threats (e.g. exposed credentials, infostealers) and reduce external exposure

Align controls with MITRE D3FEND, author technical advisories, drive runbooks/playbooks, improve workflows, and train/upskill team members as a technical lead

Qualification

Threat huntingMITRE ATT&CKSIEMOSINT investigationsCybersecurity frameworksAnalytical skillsScripting/automationCollaborationDependabilityTeam playerPresentation skillsInterpersonal communication

Required

Practical experience in threat hunting, tactical CTI, insider threat, and daily use of security tools and telemetry

Skilled in analytical methods, the intelligence cycle, and detection based on frameworks like MITRE ATT&CK and D3FEND

Ability to clearly present information to both technical and non-technical groups

Familiarity with models such as ATT&CK, Cyber Kill Chain, Diamond Model, Pyramid of Pain, D3FEND, and the NIST Cybersecurity Framework

Knowledge of malware techniques, threat actor TTPs, and common threat terminology

Experience working with intelligence-sharing groups and collaborating with SOC and IR teams

Deep technical understanding of the cyber threat landscape and countermeasures

Ability to analyze, condense, and effectively share large amounts of information with leadership and dynamic audiences

Bachelor's degree or equivalent proven experience, complemented by relevant certifications like GIAC (GCTI/GOSI/GCIA/GCED), CompTIA Security+, or EC‑Council C|TIA (or similar training)

4–6+ years in cybersecurity roles such as SOC, IR, CTI, and hunting

Regularly work with SIEM, EDR, DLP, identity, and cloud telemetry

Include 2–4 years performing internal and external threat reconnaissance

3+ years passionate about intelligence and threat hunting, operationalizing IOCs and TTPs at a global enterprise scale

Experience working alongside global enterprise organizations and collaborating across distributed teams

Direct experience running Threat Intelligence Platforms (MISP, ThreatConnect, Anomali) and STIX/TAXII 2.1 data ingestion and export

Familiar with network security architecture concepts, including topology, protocols, components, and defense-in-depth principles

Ability to work effectively with minimal oversight in a fast-paced, fluid environment while prioritizing tasks efficiently

Strong team-player mentality with willingness to collaborate across a distributed team and multiple departments

Proficient in MITRE ATT&CK (Enterprise), investigative hunt methods, and writing threat hunting queries across platforms to build detections and playbooks

Hands-on experience with SIEM, XDR, EDR, integrating threat intelligence feeds, and proficiency in DLP, UEBA, UAM for detecting internal risks while collaborating with HR, Legal, and IR

Experienced in OSINT and dark-web investigations, emphasizing OPSEC and evidence preservation, along with scripting/automation (Python, PowerShell) for enrichment and content management

Strong analytical skills, multi-functional security knowledge, and ability to present publicly as a leader with a clear security viewpoint

High integrity, dependability, autonomy, and outstanding interpersonal communication, negotiation, and presentation skills

Preferred

Master's degree or comparable professional experience

Prior Military/US Government all-source or cyber intelligence background

Familiarity with SOAR workflows and case management

Strong understanding of data analytics and data visualization guidelines

Experience using Artificial Intelligence (AI) to streamline security operations

Benefits

Health and welfare benefits

A 401(k) plan

Adoption assistance program

Educational assistance program

Flexible ways of working

Time off policies (including sick leave, parental leave, and vacation/PTO)

Company

McDonald's

Glassdoor3.6

McDonald’s is the world’s leading global foodservice retailer with over 37,000 locations in over 100 countries.

Founded in 1955

Chicago, Illinois, US

10001+ employees

https://corporate.mcdonalds.com/

H1B Sponsorship

McDonald's has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)

Distribution of Different Job Fields Receiving Sponsorship

Represents job field similar to this job

Trends of Total Sponsorships

2025 (61)

2024 (77)

2023 (37)

2022 (31)

2021 (60)

2020 (12)