Senior Analyst, Cyber Defense - Threat Operations

Department Overview The Senior Analyst, Cyber Defense – Threat Operations position at McDonald’s offers an outstanding chance for those eager to advance cyber defense through tactical threat intelligence and innovative initiatives. You will perform insider threat investigations and proactively identify insider risks across our global enterprise. You will lead efforts to protect our digital assets by conducting investigative threat hunts based on well-informed hypotheses. You will gather OSINT from surface, deep, and dark web sources to enhance visibility and improve response to external threats. Moreover, you will promote automation, develop detection content, and refine processes to support the Global SOC and IR teams. Responsibilities Triage alerts and events from intelligence partners while maintaining awareness of trending attacks, vectors, and emerging threats. Lead insider threat investigations and partner with other functions (HR, Legal, SOC, DataSec) to reduce internal exposure. Support the SOC with Tier III analysis and correlate telemetry across endpoint, identity, network, and cloud environments. Conduct proactive threat hunts grounded in clear assumptions aligned with MITRE ATT&CK. Publish reusable hunt notebooks and detection improvements using SPL, KQL, and Sigma. Willingness to train others, and act as a technical lead to help upskill the team. Conduct OSINT and deep web intelligence operations to identify digital threats (e.g. exposed credentials, infostealers) and reduce external exposure. Align controls with MITRE D3FEND, author technical advisories, drive runbooks/playbooks, improve workflows, and train/upskill team members as a technical lead. Qualifications Candidates must have practical experience in threat hunting, tactical CTI, insider threat, and daily use of security tools and telemetry. They should be skilled in analytical methods, the intelligence cycle, and detection based on frameworks like MITRE ATT&CK and D3FEND. They need to clearly present information to both technical and non‑technical groups. Familiarity with models such as ATT&CK, Cyber Kill Chain, Diamond Model, Pyramid of Pain, D3FEND, and the NIST Cybersecurity Framework is required. Knowledge of malware techniques, threat actor TTPs, and common threat terminology is critical. Experience working with intelligence‑sharing groups and collaborating with SOC and IR teams is important. Candidates must show deep technical understanding of the cyber threat landscape and countermeasures. It is important they can analyze, condense, and effectively share large amounts of information with leadership and dynamic audiences. Bachelor’s degree or equivalent proven experience, complemented by relevant certifications like GIAC (GCTI/GOSI/GCIA/GCED), CompTIA Security+, or EC‑Council C|TIA (or similar training). 4–6+ years in cybersecurity roles such as SOC, IR, CTI, and hunting. Regularly work with SIEM, EDR, DLP, identity, and cloud telemetry. Include 2–4 years performing internal and external threat reconnaissance. 3+ years passionate about intelligence and threat hunting, operationalizing IOCs and TTPs at a global enterprise scale. Experience working alongside global enterprise organizations and collaborating across distributed teams. Direct experience running Threat Intelligence Platforms (MISP, ThreatConnect, Anomali) and STIX/TAXII 2.1 data ingestion and export. Required Skills Familiar with network security architecture concepts, including topology, protocols, components, and defense‑in‑depth principles. Ability to work effectively with minimal oversight in a fast‑paced, fluid environment while prioritizing tasks efficiently. Strong team‑player mentality with willingness to collaborate across a distributed team and multiple departments. Proficient in MITRE ATT&CK (Enterprise), investigative hunt methods, and writing threat hunting queries across platforms to build detections and playbooks. Hands‑on experience with SIEM, XDR, EDR, integrating threat intelligence feeds, and proficiency in DLP, UEBA, UAM for detecting internal risks while collaborating with HR, Legal, and IR. Experienced in OSINT and dark‑web investigations, emphasizing OPSEC and evidence preservation, along with scripting/automation (Python, PowerShell) for enrichment and content management. Strong analytical skills, multi‑functional security knowledge, and ability to present publicly as a leader with a clear security viewpoint. High integrity, dependability, autonomy, and outstanding interpersonal communication, negotiation, and presentation skills. Desired Qualifications Master’s degree or comparable professional experience. Prior Military/US Government all‑source or cyber intelligence background. Familiarity with SOAR workflows and case management. Strong understanding of data analytics and data visualization guidelines. Experience using Artificial Intelligence (AI) to streamline security operations. Compensation Bonus Eligible: YES Long - Term Incentive: YES Benefits Eligible: YES Salary Range The expected salary range for this role is $127,332.00 - $159,165.00 per year The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience, and other job‑related factors. Additional Information (The position offers health and welfare benefits, including but not limited to comprehensive health insurance, which includes medical, prescription drug, mental health, dental and vision coverage, and life insurance.) Benefits eligible: This position offers health and welfare benefits, a 401(k) plan, adoption assistance program, educational assistance program, flexible ways of working, and time off policies (including sick leave, parental leave, and vacation/PTO). Eligibility requirements apply to some benefits and may depend on job classification and length of employment. Equal Employment Opportunity Statement McDonald’s is an equal opportunity employer committed to the diversity of our workforce. We promote an inclusive work environment that creates feel‑good moments for everyone. McDonald’s provides reasonable accommodations to qualified individuals with disabilities as part of the application or hiring process or to perform the essential functions of their job. If you need assistance accessing or reading this job posting or otherwise feel you need an accommodation during the application or hiring process, please contact View email address on click.appcast.io. Reasonable accommodations will be determined on a case‑by‑case basis. McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Nothing in this job posting or description should be construed as an offer or guarantee of employment. #J-18808-Ljbffr McDonald's Corporation