Analyst – Penetration Testing
| Company | McDonald’s |
|---|---|
| Location | Chicago, IL, USA |
| Salary | $98140 – $125130 |
| Type | Full-Time |
| Degrees | |
| Experience Level | Entry Level/New Grad, Junior |
Requirements
- Exposure to penetration testing tools and techniques (e.g., nmap, Burp Suite, Impacket Suite, Bloodhound, situational awareness, etc.)
- Excellent written and verbal communication/presentation skills to describe assessment details and technical analysis.
- Proficiency in leading multiple concurrent workstreams and competing priorities.
- Work within a global/multinational enterprise with flexible schedule accommodations for meetings, engagements, and operations.
- Experience with technical writing and demonstrating various creative communication mechanisms to diverse audiences.
- Understand the purpose and utilization of frameworks such as MITRE ATT&CK and the Cyber Kill Chain.
Responsibilities
- Assist in the identification of vulnerabilities and exposures within enterprise networks, systems, and applications through guided offensive security engagements.
- Contribute to preparing technical documents, reports, and summaries from analyses to provide situational awareness to partners.
- Support the exploitation of embedded systems, web and mobile apps, cloud platforms, and office and restaurant networks.
- Regularly update management and partners on the progress of projects, ensuring timely and effective communication.
Preferred Qualifications
- Bachelor’s degree or equivalent experience in offensive/defensive cybersecurity roles.
- Professional credentials such as OSCP, OSCE, OSEP, OSWE, GWAPT, GPEN, GXPN, GRTP, CRTO, PNPT, or comparable credentials.
- Knowledge of networking and web protocols (e.g., TCP/UDP, SSL/TLS, Wi-Fi protocols, routing, HTTP/S, REST/SOAP APIs, etc.).
- Knowledge of Windows/Active Directory/Linux systems administration and attack surface.
- Proficiency with programming and scripting. (Python, Powershell, Go, C, C++, C#, Javascript, etc.).
- Ability to lead multiple concurrent workstreams and competing priorities.
- Exposure to global/multinational enterprises with flexible schedule accommodations for meetings, engagements, and operations.
- Proficient in applying commercial and open-source offensive security tools like C2, BAS, and EASM.
- Exposure to leading/using enterprise defensive security services such as EDR, SIEM, Email Gateway, and SOAR.