Sr. Manager - Cyber Defence [T500-15178]

About McDonald’s: One of the world’s largest employers with locations in more than 100 countries, McDonald’s Corporation has corporate opportunities in Hyderabad. Our global offices serve as dynamic innovation and operations hubs, designed to expand McDonald's global talent base and in-house expertise. Our new office in Hyderabad will bring together knowledge across business, technology, analytics, and AI, accelerating our ability to deliver impactful solutions for the business and our customers across the globe. Position Summary: Sr. Manager, Cyber Defense As the Senior Manager for the Global Security Operations Center Detection and Response Team, you will have a direct impact on the tactical implementation of incident response and security operations across McDonald's. This role involves enhancing our incident response, threat monitoring, and forensics capabilities in collaboration with cyber threat intelligence and offensive security teams. Your expertise will shape incident response strategies, playbook development, and program maturity. Working within the GSOC Detection and Response Team you will identify and investigate intrusions, determine their cause and extent, and respond effectively. Leveraging SIEM, EDR, and email security solutions, along with threat intelligence sources, you will play a crucial role in ensuring McDonald's cybersecurity resilience. This role operates within a specialized team that responds to complex security events worldwide and conducts cyber threat hunting in multifaceted environments, utilizing various tools and techniques. The role works directly within Global Cyber Security (GCS), the organization responsible for our Cybersecurity Operations & Incident Response program and critical services, ensuring our leadership makes informed risk-based decisions. You will work in a fast-paced and highly collaborative environment, contributing to incident response and eDiscovery/Forensics efforts, and your expertise will be instrumental in safeguarding McDonald's security in an ever-evolving threat landscape. While no two days are likely to be the same, your typical responsibilities will include:

• Monitor for threats in collaboration with SOC / SIEM partners, understanding escalation criteria and thresholds.
• Mentor analysts to promote their performance and career growth in alignment with department and organizational objectives.
• Plan and execute protective measures, including policy, processes, and cybersecurity awareness.
• Develop and implement remediation plans in conjunction with incident response requirements.
• Support threat hunting efforts across market networks, identifying indicators of compromise (IOCs) and evidence of compromise.
• Identify attacker tools, tactics, and procedures to develop IOCs based on security solution output.
• Participate in the creation and dissemination of tactical threat products, such as reports and briefings.
• Provide tuning guidance to managed security providers for detection signatures.
• Collect, analyze, and provide informed assessments of technical IOCs gathered during security events to refine detection and response efforts.
• Share IOCs with the Cyber Threat Intelligence team for additional enrichment and hunting opportunities.
• Collaborate directly with the Offensive Security team to support market-level testing of emerging threats correlated with security events at McDonald's.

Who we are looking for:

• Bachelor’s degree or equivalent experience in Computer Science, Cybersecurity, Information Technology, Software Engineering, Information Systems, or Computer Engineering.
• 6+ years of experience in IT Security Incident Management, with a focus on global problem and incident management.
• Strong experience working with a SOC / NOC and legal operations.
• Demonstrated expertise in leading SOC Teams.
• In-depth understanding and practical application of the NIST Framework for Cybersecurity.
• Strong commitment to cybersecurity and a sense of personal accountability for the organization's security posture.
• Security certifications: OSCP, SANS GIAC (GREM, GCFA, GCIH), CISSP.
• Familiarity with exploitation and vulnerability analysis.
• Proficiency in technical writing and demonstrating various creative mechanisms to communicate to diverse audiences.
• Network traffic and protocol analysis utilizing tools such as Wireshark.
• Applied knowledge of security controls such as authentication and identity management, security-enhanced network architectures, and application-based controls (including Windows, Unix, and network equipment).
• Strong analytic, qualitative, and quantitative reasoning skills.

The ideal candidate should possess prior experience in incident response and computer forensics, along with a demonstrated ability to collaborate effectively in the field of cyber threat intelligence. This role demands a proven track record in incident handling, including hands-on experience working within or alongside security incident investigation teams. The candidate is expected to exhibit expertise in tracking advanced persistent threats (APTs) and targeted cybercrime threat campaigns, encompassing a comprehensive understanding of their associated Tactics, Techniques, and Procedures (TTPs) and malicious toolsets. Proficiency with a range of cybersecurity tools and a solid background in cyber security operations, security monitoring, Endpoint Detection and Response (EDR), and Security Information and Event Management (SIEM) solutions is essential for success in this role. Within the realm of eDiscovery and Forensics, the candidate should be familiar with both Windows and Unix-based operating systems, as well as administrative tools for these platforms. Proficiency in Windows disk and memory forensics, Unix or Linux disk and memory forensics, and static and dynamic malware analysis is required. Furthermore, a deep understanding of forensic file system and memory techniques, along with mastery of widely used toolsets such as EnCase, FTK (Forensic Toolkit), IDA Pro, or OllyDbg, constitutes a fundamental aspect of this position. Work location: Hyderabad, India Work pattern: Full time role Work mode: Hybrid Additional Information: McDonald’s is committed to providing qualified individuals with disabilities with reasonable accommodations to perform the essential functions of their jobs. McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. McDonald’s Capability Center India Private Limited (“McDonald’s in India”) is a proud equal opportunity employer and is committed to hiring a diverse workforce and sustaining an inclusive culture. At McDonald’s in India, employment decisions are based on merit, job requirements, and business needs, and all qualified candidates are considered for employment. McDonald’s in India does not discriminate based on race, religion, colour, age, gender, marital status, nationality, ethnic origin, sexual orientation, political affiliation, veteran status, disability status, medical history, parental status, genetic information, or any other basis protected under state or local laws. Nothing in this job posting or description should be construed as an offer or guarantee of employment.