Senior Penetration Tester

Company Description:

McDonald’s is proud to be one of the most recognized brands in the world, with restaurants in over 100 countries that serve 70 million customers daily. As the global leader in the food service industry, our legacy of innovation and hard work continues to drive us.
From drive thru updates to delivery to mobile order and pay, we are innovating quickly and growing. Joining McDonald's means thinking big and preparing for a career that can have influence around the world.

At McDonald’s, we see every day as a chance to create positive impact. We lead through our values centered on inclusivity, service, integrity, community and family. From support of Ronald McDonald House Charities to our Youth Opportunity project and sustainability initiatives, our values keep us dedicated to using our scale for good: good for our customers, people, industry and planet. We also offer a broad range of outstanding benefits including a sabbatical program, tuition assistance and flexible work arrangements - check them out here!

We are enjoying the flexibility of a hybrid work model, in which employees spend part of their week connecting with co-workers in our state-of-the-art headquarters. Located in the booming West Loop of downtown Chicago, it's set up to be a global hub that cultivates collaboration:

• Take a class at Hamburger University
• Sample future items in our Test Kitchen
• Utilize the latest technology to connect with your team around the globe

We are an equal opportunity employer committed to the diversity of our crew members, staff, operators, and suppliers. We promote an inclusive work environment that creates feel-good moments for everyone. 

Job Description:

McDonald’s has been evolving rapidly, from improving the customer’s digital experience and introducing delivery throughout the world, to shifting our sourcing to farms that produce cage-free eggs. McDonald’s strives to deliver a "wow" experience for customers, support a balanced model that improves care of animals and the environment, and uphold our industry-leading quality standards.

Do you have a passion for Technology? Are you comfortable with operating systems like Windows and Linux, cloud environments (e.g. Azure, AWS), databases, scripting, web programming, networking, and data analytics? Are you looking forward to learn, develop new skills and dive deep into new technology areas with your colleagues, onsite and off-shore? We have an outstanding opportunity for a hardworking standout colleague to join our Security & Privacy Team within the Global Internal Audit function.

McDonald’s is pursuing major IT and digital initiatives that include new brand engagement, e-commerce, service delivery, cybersecurity, privacy, and digital content capabilities and we are seeking passionate team members who want to thrive in this dynamic environment.

Based out of our headquarters in the West Loop of Chicago, the Senior Penetration Tester will be conducting technology-focused reviews in areas such as cybersecurity, digital solutions, and privacy, participating in regular risk discussions with leadership, and overseeing compliance audits. Technology risk assessments and compliance activities are conducted for third party partners and internal clients at our headquarters and at locations around the world.

Responsibilities

• Perform technology assessments including penetration testing, red teaming, and technical assessments related to data privacy, cloud infrastructure, data protection, network security, secure coding, mobile and web applications, and Internet of Things (IoT).
• You will work with IT leadership on topics including technology and digital strategies, privacy and related regulations, customer loyalty program, and cybersecurity. Partner with management to improve effective identify risks and improve the control environment.
• Demonstrate knowledge of current and emerging technology topics including cybersecurity, DevOps, privacy compliance, and data governance.
• You will have the opportunity to participate in risk assessments to identify and measure key risks throughout the organization.
• Guide and assist the Technology & Digital Audit team in conducting multiple concurrent technology audits and leading the delivery of Sarbanes-Oxley (SOX) IT controls testing by our off-shore team.
• Participate in risk-based audits effectively, developing risk and control matrices and effectively executing audits that are completed on-time and on-budget.
• Partner with and assist in data analytics ideation, design, and development for Global Internal Audit projects.
• Communicate progress of projects to IT Audit Director/Manager on a timely basis. Lead audit team resources through appropriate planning activities and utilization of departmental tools.
• Contribute towards the professional development of IT Audit staff by sharing knowledge, providing training, guidance, coaching, and support.

Qualifications:

Must be fully vaccinated (i.e., at least 2 weeks after last dose) for COVID-19 and, if hired, present proof of vaccination by start date. 

• Bachelor's degree in Engineering, Computer Science, Information Technology, or Business preferred
• 2+ years of experience performing penetration testing, red teaming, or purple teaming and testing vulnerabilities against desktops, servers, applications, varying operating systems, and physical security mechanisms.
• Knowledge of penetration testing tools and techniques (Nmap, Burp Suite, Wireshark, Impacket Suite, LOLBAS, etc.).
• Understands Windows/Active Directory/Linux systems administration and vulnerabilities.
• Understands networking and web fundamentals (I.E., TCP/UDP, SSL/TLS, ACLs, Wi-Fi protocols, routing, HTTP, HTTPS, REST/SOAP APIs, etc.).
• Experience with programming (Python, Powershell, Go, C, C++, C#, Javascript, etc.), scripting, data analytics, and other technical solution design and development preferred.
• Experience in delivering penetration testing activities, red teaming, mobile and web application assessments, technical assessments, information technology audits, financial compliance (Sarbanes-Oxley) audits, program and system implementation reviews, and advisory projects.
• Familiarity with information technology, business processes and financial reporting audits and familiarity with control frameworks such as NIST, MITRE ATT&CK, COBIT, ITIL, PCI, ISO, SOX, and global data privacy laws (e.g. GDPR, CCPA).
• General understanding of AWS, Azure, and Google Cloud services and security best practices relevant to those services.
• Strong knowledge across a breadth of IT processes, including but not limited to: security operations, program management, security administration, system operations, change management, modern development (e.g., DevOps, Agile), data governance, privacy, and incident/problem management.
• Available to travel (domestic and international) up to 15%.
• Professional credentials preferred (CISSP, CISSP Associate, CEH, CIPT, CDPSE, CISA, OSCP, OSCE, OSEP, OSWE, GWAPT, GPEN, CRTO, PNPT or comparable).

Additional Information:

McDonald’s is committed to providing qualified individuals with disabilities reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact recruiting.supportteam@us.mcd.com

McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Nothing in this job posting or description should be construed as an offer or guarantee of employment.