The Senior Analyst, Cyber Defence will support the cybersecurity response program by consistently delivering timely, actionable, and relevant threat intelligence to enable the improvement of McDonald’s security posture. The Senior Analyst, Cyber Defence is responsible for collecting, analysing, and disseminating cyber threat intelligence. These capabilities will include the timely collection of advanced warnings of impeding IT vulnerabilities or threats, a thorough correlation, analysis, and storage of threat intelligence information, and tactical support of the incident response process. They will also support the definition, delivery, and sustainment of the cybersecurity response strategy.
Responsibilities:
1. Support the Security Operations Centre (SOC) in effectively detecting, analysing, and containing cyber attacks. Provides direct operational and tactical support to security operations and incident response processes. Provide Tier III analytical support for escalated security incidents.
2. Triage intelligence alerts/events from intelligence partners.
3. Authoring cyber threat intelligence reports supporting the needs of internal and external stakeholders at the tactical, operational, and strategic levels.
4. Maintain awareness of geopolitical issues and their influence on the global or relevant regional threat landscape.
5. Detailed information correlation, analysis, and subject matter expertise of cyber threats as it applies to the Retail and Hospitality Sector.
6. Daily review and triage of intelligence alerts and reporting.
7. Indicator of Compromise (IOC) / Observable extraction, enrichment, and correlation.
8. In the absence of direct leadership, oversee the threat intelligence program, including supporting personnel, developing requirements, policy enforcement, emergency planning, security awareness, and other resources.
9. Aid in developing policies and plans and/or advocating for changes that support threat intelligence initiatives or required changes/enhancements.
10. Maintain an understanding of attacks, vectors, and emerging threats.
What type of background is required?
11. Experience working in the intelligence field with a strong understanding of analytical methods, the intelligence cycle, collection management, and information source evaluation techniques.
12. Must be familiar with industry-standard threat analysis models such as the MITRE ATT&CK Framework, The Cyber Kill Chain, The Diamond Model, the Pyramid of Pain, DeTT&CT, and the NIST Cybersecurity Framework.
13. Familiarity with standard techniques used by malware and threat actors, and utilize an industry-standard lexicon for discussing such threats.
14. Experience with the use of a Threat Intelligence Platform or All-Source Intelligence Analysis tool
15. Familiarity with intelligence-sharing communities and experience in cross-collaboration with Security Operation and Incident Response teams.
16. Demonstrate a deep technical knowledge of the cyber threat landscape, including threat actors, tactics, tools and procedures, and effective countermeasures
17. Ability to analyse, summarise, and communicate large volumes of information clearly and concisely to leadership and both technical/non-technical audiences.
Required Skills
18. Familiar with network security architecture concepts, including topology, protocols, components, and principles (e.g., application of defense-in-depth).
19. Experience working with Information Sharing Organizations and Analysis Centers. Additionally, candidates with experience developing enterprise-level intelligence/information-sharing policies and standards are preferred.
20. Experienced in cybersecurity principles and organizational requirements, including threat detection, incident response, and security operations methodologies.
21. Experience in investigating threats, utilizing open source intelligence (OSINT), intelligence from trusted third parties, and other information sources to uncover threat actors and their tactics, techniques, and procedures (TTPs) while providing context to threats and reaching conclusions from incomplete or missing data.
22. Capability to work effectively and efficiently with minimal oversight in a fast-paced and fluid operating environment.
23. A robust team-player mentality and a willingness to work with a disparate global team.
24. Strong familiarity working with Threat Intelligence Platforms such as Analyst1, i2 Analyst Notebook, Anomali Threatstream, etc.
25. Strong Understanding of Intelligence and Security Solutions such as ProofPoint, Digital Shadows, Cyjax, and Q-Radar.
26. Exceptional communication and presentation skills.
27. Demonstrated capability to deliver well-written, timely, actionable, and relevant threat intelligence products at the tactical, operational, and strategic levels (must provide examples or complete a writing prompt).
Qualifications:
28. Bachelor's degree or equivalent OTJ experience.
29. Military or Government All-Source Intelligence or Cyber Intelligence background
30. GIAC Security Essentials, CompTIA Security+, EC-Council C|TIA, or equivalent training.
31. Experience in a role that required daily interaction with Cyber Security personnel, tools, and processes.
32. Experience working in a focused Intelligence role.
33. Internal and external threat reconnaissance.
Desirable Qualifications:
34. Capability to interpret and comprehend scripts and various programming languages. Highly desired skills in Python, R, or similar scripting languages (must provide examples).
35. Fundamental understanding of Security Automation and Orchestration (SOAR).
36. Strong understanding of data analytics and data visualization best practices.
37. OKR Certified or Foundational understanding of methodologies behind driving Objectives and Key Results.
38. Effectively prioritize in high-pressure situations
39. Demonstrated track record of success in delivering in a security environment
40. Ability to present publicly as a thought leader in security
41. Strong analytical skills and cross-functional knowledge across multiple security disciplines
42. Must possess a high degree of integrity, be trustworthy, and have the ability to work with autonomy
43. Strong interpersonal communication, negotiation, and presentation skills
Additional Information:
At McDonald’s we are People from all Walks of Life...
People are at the heart of everything we do, and they make the McDonald’s experience. We embrace diversity and are committed to creating an inclusive culture that means people can be their best authentic self in our restaurants and offices, which helps us to better serve our customers. We have a strong heritage of diversity and representation within our communities, which we are proud of. The diversity of our people, customers, Franchisees and suppliers gives us strength.
We do not tolerate inequality, injustice or discrimination of any kind. These are hugely important issues and a brand with our reach and relevance means we have a very meaningful role to play.
We also recognise our responsibility as a large employer to continue being active in our communities, helping to develop skills and drive aspirations that will help people to be more aware of the world of work and more successful within it, whether with McDonald’s or elsewhere."