Analyst, Application Security [T500-23514]

About McDonald’s:

One of the world’s largest employers with locations in more than 100 countries, McDonald’s Corporation has corporate opportunities in Hyderabad. Our global offices serve as dynamic innovation and operations hubs, designed to expand McDonald's global talent base and in-house expertise. Our new office in Hyderabad will bring together knowledge across business, technology, analytics, and AI, accelerating our ability to deliver impactful solutions for the business and our customers across the globe.

Analyst, External Application & API Security – E-WAAP

• Global Grade: G3
• Office Location: India
• Part Time / Full-Time: Full Time

Company Description:

McDonald’s new growth strategy, Accelerating the Arches, is built on our ambition to Double Down on the 3Ds: Delivery, Digital, and Drive-Thru. Technology is at the center of this strategy, enabling 65M+ customers each day to enjoy fast, easy, and secure experiences across web, mobile, and restaurant channels.

The Global Technology organization designs, builds, and operates the platforms behind our global omni-channel experience. Within Global Technology, Global Cybersecurity Services (GCS) protects McDonald’s customers, crew, and brand by securing our digital ecosystem end-to-end.

The External Web Application and API Protection (E-WAAP) team is responsible for securing McDonald’s external web and API surfaces across web, mobile, and partner integrations using Akamai’s edge security platform (WAF, bot management, DDoS, CDN, and API security).

Job Description:

The Analyst, Application & API Security role is an entry-to-early-career position on the E-WAAP team. As an Analyst, you focus on monitoring, initial triage, staging validation, and operational support for Akamai security configurations, working closely with Engineers and Senior Engineers.

This role is a strong starting point for a career in application security, platform engineering, or cloud security.

Responsibilities & Accountabilities:

Monitoring & first-line triage:

• Monitor Akamai dashboards (Grafana), alerts, and logs for unusual traffic, errors, or performance issues impacting web or API properties.
• Perform first-line triage on alerts and tickets, gather context (affected application, timeframe, changes), and escalate to Engineers with clear summaries.
• Track incidents, changes, and requests in ServiceNow / Jira and ensure work items are correctly categorized and updated.

Staging & Validation:

• Support staging configuration reviews by validating that URLs, headers, origins, and basic WAF / route behavior match expectations.
• Execute standard validation playbooks (e.g., test paths, error scenarios, status codes) and document results for Engineers.
• Assist with post-change and post-deployment validations in production to confirm no negative user impact.

Data Analysis & Reporting:

• Collect and organize metrics related to WAF activity, attack trends, false positives, performance, and coverage; help prepare recurring reports.
• Perform basic log analysis using dashboards, queries, and filters to highlight spikes, notable patterns, or anomalies.

Documentation & Process:

• Maintain and update Confluence pages, runbooks, and SOPs for common tasks (validation steps, intake requirements, escalation paths).
• Help improve onboarding and intake templates used by application teams when requesting E-WAAP services.
• Participate in Agile ceremonies to stay aligned on priorities and upcoming work, capturing action items and updating tickets.

Qualifications:

Basic Qualifications:

• Bachelor’s degree in computer science, Information Technology, Engineering, or equivalent practical experience.
• 2-5 years of relevant experience in IT operations, support, security, or a related internship / apprenticeship.
• Basic understanding of Linux or cloud environments and basic scripting (Python, Bash, PowerShell, or similar).
• Basic Understanding of HTTP, TLS, DNS, CDN, SDK concepts, and basic web development (HTML, JavaScript, APIs).
• Basic understanding of web technologies (HTTP, browsers, simple web application behavior) and an interest in security.
• Comfort working with dashboards, logs, and ticketing tools (e.g., ServiceNow, Jira).
• Strong attention to detail, curiosity to learn, and willingness to follow structured processes and documentation.

Preferred Qualifications:

• Exposure to any WAF / CDN platform (Akamai, Cloudflare, F5, etc.) through coursework, labs, internships, or self-learning.
• Experience using collaboration tools (Confluence, Jira, Teams) in a team environment.

Additional Information:

McDonald’s is committed to providing qualified individuals with reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact recruiting.supportteam@us.mcd.com

McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.

Nothing in this job posting or description should be construed as an offer or guarantee of employment.