Information Security Engineer
Job Description
Are you passionate about improving McDonald’s restaurant technology security for a household brand?
We at McDonald's Corporation are actively looking for a qualified Senior Information Security Engineer on the Enterprise Services / US Technology Foundations team.
Our rapidly growing Information Security department is responsible for planning, crafting, building, and scaling McDonald’s technology infrastructure for the US Restaurants in a dynamic work environment to support the US digital strategy and BBV2020.
Responsibilities
In this role, we will work with business leaders and security partners to advise and implement on a variety of technology security topics. These include, but are not limited to, reviewing new project initiatives for proper security controls; implementing new security controls; reviewing and updating control processes; conducting risk assessments, evaluating risk, and communicating risks; and monitoring current control processes. This role will help to craft, define, design and implement security controls and processes that control the integrity of the restaurant environment. We focus on protecting both our owners as well as our customers!
Responsibilities
- You will operate as SPOC to conduct and evaluate security risks assessments associated with restaurant technologies, documenting with appropriate teams and informing leadership as necessary.
- Participate in activities associated with the scope and management of restaurant penetration testing.
- Provide subject matter support to the business and liaise with third-party security service as it pertains to centralized ePO solution that monitors McAfee enabled endpoint (BOS, WST) devices in restaurants.
- Evaluate McAfee upgrade paths/functionality and make recommendations to leadership based on applicability to our brand and appropriately layered security
- Evaluate security vulnerabilities and patches; advising and recommending to leaders on applicability of patches to restaurant technologies.
- Level 3 support for security alerts received from MSSP / SOC.
- Participate in PCI compliance activities and evidence gathering process
- Perform enterprise vulnerability assessments using Nessus in a global environment
- Lead PCI external vulnerability scans using PCI Assessor organization
- Onboarding of new PCI level 2 locations into PCI management process
- Various PCI administrative and reporting functions
- Develop security documentation as required for compliance and risk assessment
- Perform role of Market Incident Manager – functioning as the SPOC for US security incidents, documenting; collaborating with Global Technology Resource Management and escalating as needed.
Minimum Requirements
Minimum Requirements
Required Skills and Experience:
- 5 - 10 years IT Security
- Bachelor's degree - Business or IT with related experience
- Security certification: CISSP, GSEC, CEH, or Security +
- Excellent verbal and written communication skills
- Experience with Payment Card Industry (PCI) Report on Compliance (ROC) process
- Experience with McAfee ePO administration (ENS, ATP, TIE)
- Knowledge of security scanning products (Nessus, Qualys)
- Administrator level knowledge – Windows and Linux environments
- Familiarity with firewall administration concepts
- Proficiency with Microsoft Office Suite
Desired Skills and Experience:
- Security Operations Center (SOC) analyst
- IDS/IPS, NetGen Firewall administration
- Endpoint security administration
- An analytical mindset and innate ability to focus on details
- Technical writing and creating Visio diagrams
- Positive attitude and willingness to learn