Senior Analyst, Cyber Defense - Threat Operations

Department Overview

The Senior Analyst, Cyber Defense – Threat Operations position at McDonald’s offers an outstanding chance for those eager to advance cyber defense through tactical threat intelligence and innovative initiatives. You will perform insider threat investigations and proactively identify insider risks across our global enterprise. You will lead efforts to protect our digital assets by conducting investigative threat hunts based on well-informed hypotheses.

You will gather OSINT from surface, deep, and dark web sources to enhance visibility and improve response to external threats. Moreover, you will promote automation, develop detection content, and refine processes to support the Global SOC and IR teams.

• Triage alerts and events from intelligence partners while maintaining awareness of trending attacks, vectors, and emerging threats.
• Lead insider threat investigations and partner with other functions (HR, Legal, SOC, Data Sec) to reduce internal exposure.
• Support the SOC with Tier III analysis and correlate telemetry across endpoint, identity, network, and cloud environments.
• Conduct proactive threat hunts grounded in clear assumptions aligned with MITRE ATT&CK.
• Publish reusable hunt notebooks and detection improvements using SPL, KQL, and Sigma.
• Willingness to train others, and act as a technical lead to help upskill the team.
• Conduct OSINT and deep web intelligence operations to identify digital threats (e.g. exposed credentials, infostealers) and reduce external exposure.
• Align controls with MITRE D3
  
  FEND, author technical advisories, drive runbooks/playbooks, improve workflows, and train/upskill team members as a technical lead.

Candidates must have practical experience in threat hunting, tactical CTI, insider threat, and daily use of security tools and telemetry. They should be skilled in analytical methods, the intelligence cycle, and detection based on frameworks like MITRE ATT&CK and D3

FEND. They need to clearly present information to both technical and non‑technical groups. Familiarity with models such as ATT&CK, Cyber Kill Chain, Diamond Model, Pyramid of Pain, D3

FEND, and the NIST Cybersecurity Framework is required. Knowledge of malware techniques, threat actor TTPs, and common threat terminology is critical. Experience working with intelligence‑sharing groups and collaborating with SOC and IR teams is important. Candidates must show deep technical understanding of the cyber threat landscape and countermeasures. It is important they can analyze, condense, and effectively share large amounts of information with leadership and dynamic audiences.

• Bachelor’s degree or equivalent proven experience, complemented by relevant certifications like GIAC (GCTI/GOSI/GCIA/GCED), CompTIA Security+, or EC‑Council C|TIA (or similar training).
• 4–6+ years in cybersecurity roles such as SOC, IR, CTI, and hunting. Regularly work with SIEM, EDR, DLP, identity, and cloud telemetry. Include 2–4 years performing internal and external threat reconnaissance.
• 3+ years passionate about intelligence and threat hunting, operationalizing IOCs and TTPs at a global enterprise scale.
• Experience working alongside global enterprise organizations and collaborating across distributed teams.
• Direct experience running Threat Intelligence Platforms (MISP, Threat Connect, Anomali) and STIX/TAXII 2.1 data ingestion and export.

• Familiar with network security architecture concepts, including topology, protocols, components, and defense‑in‑depth principles.
• Ability to work effectively with minimal oversight in a fast‑paced, fluid environment while prioritizing tasks efficiently.
• Strong team‑player mentality with willingness to collaborate across a distributed team and multiple departments.
• Proficient in MITRE ATT&CK (Enterprise), investigative hunt methods, and writing threat hunting queries across platforms to build detections and playbooks.
• Hands‑on experience with SIEM, XDR, EDR, integrating threat intelligence feeds, and proficiency in DLP, UEBA, UAM for detecting internal risks while collaborating with HR, Legal, and IR.
• Experienced in OSINT and dark‑web investigations,…