Director, Threat Operations & Penetration Testing

Job Description: Company Description McDonald’s is proud to be one of the most recognized brands in the world, with restaurants in over 100 countries that serve 70 million customers daily. We continue to operate from a position of strength. Our updated growth strategy is focused on staying ahead of what our customers want and realizing further growth potential. Our relentless ambition is why McDonald’s remains one of the world’s leading corporations after almost 70 years. Joining McDonald’s means thinking big and preparing for a career that can have influence around the world. At McDonald’s, we see every day as a chance to create positive impact. We lead through our values centered on inclusivity, service, integrity, community and family. From support of Ronald McDonald House to our Youth Opportunity project and sustainability initiatives, our values keep us dedicated to using our scale for good: good for our customers, people, industry and planet. We also offer a broad range of outstanding benefits including a sabbatical program, tuition assistance and flexible work arrangements. Department Overview The Director, Threat Operations & Offensive Security is responsible for defining, leading, and scaling a global cybersecurity program spanning two critical pillars: Threat Operations—Insider Risk, Threat Hunting, and Cyber Threat Exposure Management (CTEM), and Offensive Security—Red Teaming, Penetration Testing, and Adversary Simulation. Threat Operations — Insider Risk, Threat Hunting, and Cyber Threat Exposure Management (CTEM) Offensive Security — Red Teaming, Penetration Testing, and Adversary Simulation This role leads a geographically distributed team across the United States and United Kingdom, sets strategic direction, and ensures all activities translate into measurable risk reduction and enhanced detection/response capabilities for the enterprise. You will partner closely with Incident Response, Detection Engineering, Security Operations (GSOC), Engineering, and Technology Risk stakeholders to drive cross-functional outcomes. This role balances strategic program leadership, deep technical expertise, and executive communication—reporting to the Sr. Director, Cyber Defense within Global Cyber Security (GCS). Duties Strategy & Program Leadership Define and execute the global strategy and multi-year roadmap for Threat Operations and Offensive Security programs Establish measurable goals, KPIs, and OKRs aligned to enterprise cyber risk reduction Drive integration between CTEM, threat hunting, insider risk, detection engineering, and offensive testing to create a unified threat-informed defense model Provide executive-level reporting on program outcomes, risk posture, and operational metrics to GCS and Global Technology leadership Threat Operations Insider Risk — Lead the insider threat program to detect, investigate, and mitigate internal threats through behavioral analytics, policy enforcement, and cross‑functional partnerships (HR, Legal, Compliance) Threat Hunting — Mature proactive threat hunting capabilities to identify advanced persistent threats, anomalous activity, and gaps in detection coverage across the global enterprise Cyber Threat Exposure Management (CTEM) — Own the CTEM lifecycle including attack surface visibility, exposure prioritization, vulnerability validation, and remediation tracking in partnership with GRC/TPRM and engineering teams Develop playbooks, automation, and operational processes to scale threat operations capabilities Offensive Security Lead penetration testing programs across application, cloud, network, infrastructure, mobile, and SaaS environments Plan and execute Red Team and Purple Team operations, breach & attack simulations (BAS), and adversary emulation exercises informed by real‑world threat intelligence Oversee the Vulnerability Disclosure Program (VDP) and External Attack Surface Management (EASM) validation activities Translate offensive findings into prioritized, risk‑ranked remediation actions and validate effectiveness of security controls and detection capabilities Lead targeted risk assessments and custom exercises (e.g., tabletop simulations, physical security testing, social engineering campaigns) Leadership & Team Development Lead, mentor, and scale a high‑performing global team of managers, senior analysts, and technical leads across the US and UK Foster a culture of innovation, accountability, continuous improvement, and technical excellence Manage capacity planning, headcount budgeting, and resource allocation across multiple towers and regions Drive continuous improvement through automation, process maturity, and threat-informed testing Qualifications 10+ years of progressive cybersecurity experience across offensive and defensive domains 5+ years of direct leadership experience managing cybersecurity teams, including people managers Deep expertise in penetration testing, red teaming, threat hunting, insider risk, and/or CTEM Expert-level understanding of adversarial tactics, techniques, and procedures (TTPs), the cyber kill chain, and MITRE ATT&CK framework Extensive experience leading teams that emulate threat activities and understanding the stages of a cyber‑attack (reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks) Experience leading global, geographically distributed teams and managing large‑scale security programs in complex multinational environments Strong executive communication and stakeholder management skills with the ability to translate technical risk into business impact for senior leadership and CIO‑level audiences Proven ability to operate with minimal oversight, make quick and effective decisions, and navigate ambiguity in fast‑paced, deadline‑driven environments Desired Skills Professional certifications such as OSCP, GXPN, GCDA, GCPN, GCTI, GCIH, CEH, CISM, or equivalent Expert understanding of cloud security architectures (Azure, AWS, GCP) and modern application security Experience with SIEM/SOAR platforms, detection engineering, and security operations workflows Hands‑on experience with offensive security tooling and frameworks (e.g., Cobalt Strike, Burp Suite, BloodHound, Metasploit, custom tooling) Experience managing vulnerability disclosure programs, bug bounty programs, or coordinated disclosure processes Familiarity with insider threat platforms, behavioral analytics, and UEBA solutions Strong understanding of exposure management platforms, EASM, and attack surface monitoring tools Outstanding technical writing skills and the capability to communicate findings and program outcomes to a wide range of technical and non‑technical audiences Experience with budgeting, headcount governance, and cross‑regional workforce planning Compensation Bonus Eligible: YES Long - Term Incentive: YES Benefits Eligible: YES Salary Range The expected salary range for this role is $195,371.00 - $244,214.00 per year. The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience, and other job‑related factors. Additional Information Benefits eligible: This position offers health and welfare benefits, including but not limited to comprehensive health insurance, which includes medical, prescription drug, mental health, dental and vision coverage, as well as, life insurance. McDonald’s is an equal opportunity employer committed to the diversity of our workforce. We promote an inclusive work environment that creates feel‑good moments for everyone. McDonald’s provides reasonable accommodations to qualified individuals with disabilities as part of the application or hiring process or to perform the essential functions of their job. If you need assistance accessing or reading this job posting or otherwise feel you need an accommodation during the application or hiring process, please contact View email address on click.appcast.io. Reasonable accommodations will be determined on a case‑by‑case basis. McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training. Nothing in this job posting or description should be construed as an offer or guarantee of employment. #J-18808-Ljbffr McDonald's Corporation