Sr Manager, Offensive Security

Job Description:

Company Description:

McDonald's growth strategy, Accelerating the Arches, encompasses all aspects of our business as the leading global omni-channel restaurant brand. As the consumer landscape shifts we are using our competitive advantages to further strengthen our brand. One of our core growth strategies is to Double Down on the 3Ds (Delivery, Digital and Drive Thru). McDonald's will accelerate technology innovation so 65M+ customers a day will experience a fast, easy experience, whether at one of our 25,000 and growing Drive thrus, through McDelivery, dine-in or takeaway.

McDonald's Global Technology is here to power tomorrow's feel-good moments.

That's why you'll find us at the forefront of transformative technology, exploring new and innovative ways to serve our millions of customers and spread happiness one delicious Hot Fudge Sundae-dipped fry at a time. Using AI, robotics and emerging tech, we're digitizing the Golden Arches. Combine that with our unparalleled global scale, and we're reshaping all areas of the business, industry and every community that is home to a McDonald's restaurant. We face complex tech challenges every day. But that's where our diverse and talented teams come in. They're made up of the best and brightest from all over the globe, and they thrive in the space where feel-good meets fast-paced.

Check out the McDonald's  Global Technology Technical Blog to learn how technology and our global team are directly enabling the Accelerating the Arches strategy.

Department Overview

As Senior Manager, Offensive Security, you will lead a global team of penetration testers and red team operators responsible for proactively identifying, validating, and communicating real-world security risks across McDonalds enterprise. Reporting directly to the Director, Threat Operations & Offensive Security, you are the primary people leader on the offensive security side of the organization - managing all individual contributors across the United States and United Kingdom.

This role is both strategic and deeply technical. You will own the day-to-day operations of offensive security services while simultaneously bridging the gap between highly technical hackers and senior executive leadership. You will be responsible for assessment planning and scheduling, stakeholder and customer relationship management, operational delivery, and communicating risk-based outcomes to audiences ranging from engineering teams to the CIO and CISO.

You will partner closely with Incident Response, Detection Engineering, Security Operations (GSOC), Threat Operations, and Technology Risk partners to execute Purple Team exercises and cross-domain engagements that continuously strengthen McDonalds detection and response capabilities. This role sits within Global Cyber Security (GCS), the organization responsible for securing McDonalds information assets at a global level and ensuring our leadership makes informed, risk-based decisions.

Responsibilities

Operational Leadership & Service Delivery

• Own day-to-day operations of McDonalds Offensive Security program, including intake management, assessment scheduling, scoping, rules of engagement, execution oversight, and reporting
• Manage complex, concurrent testing engagements across cloud, network, infrastructure, hardware, application, mobile, and SaaS environments
• Serve as the primary customer-facing point of contact for internal stakeholders

Red Team & Adversary Emulation

• Plan and execute Red Team operations, adversary simulations, and adversary emulation exercises informed by real-world threat intelligence and the MITRE ATT&CK framework
• Design and lead custom Cyber Defense Exercises (CDX), tabletop simulations, social engineering campaigns, and physical security assessments

Executive Communication & Metrics

• Translate complex technical findings into actionable, risk-ranked business impact assessments for executive leadership, including CIO and CISO audiences
• Develop, measure, and track metrics and KPIs to assess the performance, effectiveness, and business value of offensive security operations
• Produce high-quality technical reports, executive summaries, findings documentation, and remediation recommendations

People Leadership & Team Development

• Serve as the people leader for all offensive security individual contributors (penetration testers, red team operators, offensive security analysts) across the US and UK
• Provide hands-on technical guidance and mentorship - able to work side-by-side with the team on complex assessments while coaching junior and senior analysts alike

Strategy & Program Development

• Support the Director in defining and executing the offensive security strategy, roadmap, and program objectives aligned to enterprise risk priorities
• Collaborate cross-functionally with diferent teams to ensure offensive findings feed into unified remediation pipelines

Qualifications

• 8+ years of experience in offensive security, penetration testing, red teaming, or ethical hacking
• 4+ years of direct people leadership experience managing technical cybersecurity teams
• 3+ years of experience managing complex, global projects and initiatives across multiple regions
• Expert-level understanding of adversarial tactics, techniques, and procedures (TTPs), the cyber kill chain, and MITRE ATT&CK framework
• Extensive hands-on experience across multiple testing disciplines: application, cloud, network, infrastructure, hardware, and mobile penetration testing
• Demonstrated ability to lead teams through all stages of a cyber-attack lifecycle (reconnaissance, scanning, enumeration, gaining access, privilege escalation, maintaining access, network exploitation, and covering tracks)
• Qualified to mentor analysts in examining system and application security threats and vulnerabilities (e.g., buffer overflow, cross-site scripting, SQL injection, race conditions, return-oriented attacks, malicious code)
• Proven ability to operate with minimal oversight, make quick and effective decisions, and navigate ambiguity in fast-paced, deadline-driven environments
• Mastery of commercial and open-source offensive security tools and frameworks

Desired Skills

• Professional certifications such as OSCP, OSCE3, GXPN, GCPN, GCDA, GPEN, GWAPT, CRTO, CEH, or equivalent
• Expert understanding of cloud security architectures (Azure, AWS, GCP) and modern application/API security testing
• Experience with C2 frameworks (e.g., Cobalt Strike, Mythic, Sliver), BAS platforms (e.g., SafeBreach), and EASM tools
• Experience managing vulnerability disclosure programs (VDP), bug bounty programs, or coordinated disclosure processes
• Strong understanding of SIEM/SOAR platforms, detection engineering workflows, and how offensive findings integrate with defensive operations
• Experience managing MSSP relationships, vendor SOWs, and hybrid delivery models for offensive security services

Compensation

Bonus Eligible: YES

Long - Term Incentive: YES

Benefits Eligible: YES

Salary Range

The expected salary range for this role is $167,366.00 - $209,207.00 per year

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience, and other job-related factors.

Additional Information:

Benefits eligible: This position offers health and welfare benefits, including but not limited to comprehensive health insurance, which includes medical, prescription drug, mental health, dental and vision coverage, as well as, life insurance.

Bonus eligible: This position is eligible for a bonus, calculated based on individual and company performance.

Long term Incentive eligible: This position is eligible for stock or other equity grants pursuant to McDonald's long-term incentive plan.

McDonald's is an equal opportunity employer committed to the diversity of our workforce. We promote an inclusive work environment that creates feel-good moments for everyone. McDonald's provides reasonable accommodations to qualified individuals with disabilities as part of the application or hiring process or to perform the essential functions of their job. If you need assistance accessing or reading this job posting or otherwise feel you need an accommodation during the application or hiring process, please contact mcdhrbenefits@us.mcd.com. Reasonable accommodations will be determined on a case-by-case basis.

McDonald's provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.

Nothing in this job posting or description should be construed as an offer or guarantee of employment.