Cloud Engineer III

McDonald's Corporation•Chicago, IL

30d

About The Position

This opportunity is part of the Global Technology Infrastructure & Operations team (GTIO), where our mission is to deliver modern and relevant technology that supports the way McDonald’s works. We provide best-in-class foundational technology products and services including Global Networking, Cloud, End User Computing, and IT Service Management. It’s our goal to always provide an engaging, important, and straightforward experience for our customers. The Cloud Security Engineer III role is part of the Cloud Ecosystem team in Global Technology Infrastructure & Operations. This role reports to the Senior Manager of Cloud Security Platform Engineering and is responsible for delivering enterprise cloud security platform outcomes. The position focuses on building and enhancing security capabilities, automating security remediations, and enabling secure-by-design cloud adoption. The role partners closely with DevOps teams and engineers consuming cloud resources to ensure security is implemented in a practical, scalable, and meaningful way, while also collaborating with cybersecurity and risk management teams to continuously strengthen the organization’s cloud security posture. This is an exciting opportunity for an experienced technology leader to help shape the transformation of infrastructure and operations products and services to the entire McDonalds environment.

Requirements

Must be fully vaccinated (i.e., at least 2 weeks after last dose) for COVID-19 and, if hired, present proof of vaccination by start date.
Willingness and ability to live the McDonald’s values every day: Serve, Inclusion, Integrity, Community, and Family.
Ability to effectively communicate with other senior leaders of IT on program strategies and plans and negotiate quality solutions.
Must be attentive to details, organized, self-motivated, and driven.
Ability to create system and process flow diagrams, data flow diagrams, sequence diagrams, UML diagrams, and document inter‑ and intra‑system dependencies.
Strong understanding of industry trends and emerging technologies, with the ability to apply them to architectural needs.
Excellent written and oral communication skills with the ability to communicate effectively with technical and non-technical stakeholders.
Defines and promotes best practices; cultivates a culture of innovation and learning, including willingness to instruct and coach in a cloud training program as needed.
Demonstrated strong analytical and problem‑solving skills.
Expert technical knowledge in three or more and strong technical knowledge in 6 or more of the following domains: Cryptography, encryption, and key management; Data protection and security; Governance and risk management; Identity access management; Infrastructure security; Logging and monitoring; Security event and incident response; Threat and vulnerability management; Application and interface security; DevOps pipeline governance and security
Professional-level cloud certifications (GCP, AWS, Azure)

Nice To Haves

Infrastructure as Code (IaC) experience architecting and maintaining scalable, modular Terraform deployments, integrated with CI/CD pipelines (e.g., GitHub Actions) for automated build, test, and deployment workflows.
Extensive experience architecting, building, and operating Kubernetes environments.
Demonstrated experience securing Windows and Linux server environments at scale, with the ability to enable and support DevOps workflows in IaaS and PaaS platforms.
Experience with multiple programming and scripting languages, including Python, C#, Java, JavaScript, Go, Bash, and PowerShell.
CCSK, CCSP, or equivalent cloud security certification, such as AWS Certified Security, Azure Security Engineer Associate, or Google Professional Cloud Security Engineer.

Responsibilities

Automate the provisioning of cloud monitors, automated remediation, security baselines and templates, etc. through the concept of pipeline engineering.
Implement core cloud security capabilities such as identity & access, data protection, security controls and compliance, vulnerability management, threat detection and response, and logging/monitoring.
Performing penetration testing, red/blue teaming, and gap analysis with audit and cybersecurity partners.
Support operations and incident response during cloud events and incidents.
Design and deploy programs, dashboards, tests, scripts, and automation to enhance cloud security posture, detection, and response.
Build prototypes and perform proof of concepts to demonstrate security value
Remain up-to-date on emerging technologies and architecture and propose ways to use them in current and upcoming projects.
Educate and guide team members on cloud standards, procedures, and guidelines/best practices.
Act as a SME for all Cloud technical hands-on questions cloud security related.
Lead and facilitate the creation of compliance automation and policy-as-code to streamline cloud governance in partnership with the Technical Product Analyst(s) and Manager(s).
Strive to provide internal and external customers with excellent customer service and world-class service and focus on improvement and benefits to the cloud consumer’s outcomes.
Influence and support more junior cloud security engineers and help develop their skill sets and understanding of cloud security.