Sr Analyst, Penetration Testing

About The Position

Requirements

• Bachelor's degree or equivalent technical experience in offensive and defensive cybersecurity positions.
• 3-5 years of experience in technical offensive cybersecurity positions (e.g., ethical hacking, penetration testing, etc.)
• Understanding the purpose and utilization of frameworks, such as MITRE ATT&CK and the Cyber Kill Chain.
• Excellent written and verbal communication/presentation skills to effectively describe assessment details and technical analysis.
• Advanced ability to manage multiple concurrent workstreams and competing priorities.
• Work within a global/multinational enterprise with flexible schedule accommodations for meetings, engagements, and operations.
• Extended experience with technical writing and demonstrating various creative communication mechanisms to diverse audiences.
• Working knowledge of networking and web protocols (e.g., TCP/UDP, SSL/TLS, Wi-Fi protocols, routing, HTTP/S, REST/SOAP APIs, etc.).
• Understanding of Windows/Active Directory/Linux systems administration and attack surface.
• Ability to read and write basic scripts (Python, PowerShell, Go, C, C++, C#, JavaScript, etc.).

Nice To Haves

• Master’s degree or comparable technical experience in offensive and defensive cybersecurity roles.
• 1-2 years of extra experience in related technical cybersecurity positions (e.g., incident response, security operations, detection engineering, etc.).
• Professional credentials, such as OSCP, OSCE, OSEP, OSWE, GWAPT, GPEN, GXPN, GRTP, CRTO, PNPT, or comparable.
• Experience delivering and leading penetration testing activities, red teaming, mobile, and web application assessments, etc., to various customers concurrently.
• Proficiency in working with and using commercial and open-source offensive security tools, including C2, Breach and Attack Simulations (BAS), External Attack Surface Management (EASM), and similar services.
• Exposure to managing/using enterprise defensive security services such as EDR, SIEM, Email Gateway, and SOAR.

Responsibilities

• Lead evaluations of network, application, cloud, and mobile applications.
• Identify vulnerabilities and exposure within enterprise networks, systems, and applications by leading offensive security engagements.
• Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas.
• Build technical documents, reports, findings from the analysis, summaries, and other situational awareness information for relevant collaborators.
• Work alongside various departments within McDonald’s to strengthen threat response and minimize attack surface across people, processes, and technology.
• Analyze industry threat trends and regularly remain updated with ongoing adversarial activity to identify tactics, techniques, and procedures for emulation.
• Exploit embedded systems, web and mobile apps, cloud platforms, office, and restaurant digital networks.
• Produce basic scripts for proof-of-concepts and automations.
• Perform code review for supporting application assessments.
• Regularly update management and collaborators on the progress of projects, ensuring timely and effective communication.
• Train others and act as a technical lead to help upskill the team.

Benefits

• health and welfare benefits
• a 401(k) plan
• adoption assistance program
• educational assistance program
• flexible ways of working
• time off policies (including sick leave, parental leave, and vacation/PTO)