Director, Cyber Defense (Incident Response)

McDonald's

  • London
  • Permanent
  • Full-time
  • 3 hours ago
Company DescriptionMcDonald's evolving Accelerating the Arches growth strategy puts our customers and people first and leverages our competitive advantages to strengthen our brand. We are recognized on lists like Fortune's Most Admired Companies and Fast Company's Most Innovative Companies.Doubling Down on the 4Ds (Delivery, Digital, Drive Thru, and Development)Our growth pillars emphasize the important role technology plays as the leading, global omni-channel restaurant brand. Technology enables the organization through digital technology, and improving the customer, crew, and employee experience each and every day.Global Technology forging the wayLeading the digitization of our business is the Technology organization made up of intrapreneurs who build industry defining tech using the latest innovations and platforms, like AI and edge computing to deliver on the next set of cutting-edge opportunities for the business. At McDonald's you get to solve technology innovation challenges at an incredible scale, and work across global teams who are always hungry for a challenge. This provides access to exciting career paths for technologists. It's bonus points when you get to see your family and friends use the tech you build at their favourite McD restaurant.Job DescriptionThe Director of Incident Response is the senior technical authority for McDonald's global cybersecurity incidents. This role leads response to the most critical events while shaping the enterprise's long-term incident response strategy.You will design and evolve scalable frameworks that combine detection engineering, forensics, threat intelligence, and automation to strengthen resilience. Beyond containment and recovery, you'll translate emerging threats into proactive defense strategies and advise executives during crises.Collaboration is key, working with Threat Operations, Penetration Testing, Detection Engineering, and business collaborators to improve enterprise-wide readiness. You'll also mentor security analysts, sharing technical expertise and building the next generation of responders.This role necessitates exhibited expertise in intricate investigations, good judgment in fast-paced circumstances, and the capability to impact across a global, matrixed environment. It is a pinnacle technical position within the Detection & Response program, offering broad impact without direct people management responsibilities.Responsibilities & Accountabilities
  • Serve as the lead responder and technical authority for global crisis-level cybersecurity incidents, coordinating across executive, legal, and operational teams.
  • Architect and optimize detection and containment strategies that align to business operations and risk tolerance.
  • Develop detection logic, automation workflows, and forensic capabilities to accelerate MTTD and MTTR across distributed environments.
  • Author and present high-impact executive-level incident reports and technical debriefs.
  • Lead efforts to harden enterprise resilience by embedding lessons learned from incidents into architecture, policies, and controls.
  • Champion training, mentoring, and upskilling of existing team members by building structured career pathways, facilitating cross-team knowledge sharing, and guiding analysts toward advanced technical and leadership roles.
The ideal candidate for this role is a recognised subject matter authority in incident response with a demonstrated ability to lead complex, enterprise-wide security investigations. You bring deep technical expertise, critical thinking, and operational excellence to the table. You are fluent in modern adversary tradecraft, and your insights directly influence global cyber defense strategy.Experience required:
  • Proven expertise in conducting and directing advanced investigations involving APTs, insider threats, malware outbreaks, and zero-day exploitation across hybrid environments (on-premise/cloud).
  • Proficiency in core security fields such as digital forensics (host and memory), malware reverse engineering, adversary simulation, and advanced threat detection.
  • Outstanding communication and storytelling skills-capable of distilling intricate technical situations for senior, legal, and business management.
  • Experience leading cross-functional incident post mortems, driving remediation roadmaps, and advancing organizational readiness through simulations, playbooks, and table top exercises.
  • Ability to drive continuous improvement by evaluating emerging technologies, evolving adversary tactics, and integrating new intelligence into response playbooks.
Desired Skills:
  • Advanced security certifications such as CISSP, OSCE, GCFA, GNFA, GREM, or GCTI.
  • Experience architecting scalable IR capabilities or transforming incident response programs across large, globally distributed enterprises.
  • Strong understanding of legal and regulatory requirements surrounding data breach handling, eDiscovery, and evidence preservation (e.g., GDPR, PCI-DSS, CCPA).
  • Fluency in threat intelligence integration and proactive threat hunting workflows across multiple telemetry sources.
  • Experience supporting executive-level briefings during high-profile or media-sensitive incidents.
  • Prior involvement in red/blue/purple team partnership or adversary emulation planning.
  • Experience building, mentoring, and scaling high-performing security teams, with a focus on knowledge transfer and professional development.
  • Familiarity with cloud-native security architectures (AWS, Azure, GCP) and incident response in containerized or serverless environments.
Qualifications
  • Bachelor's degree in Computer Science, Cybersecurity, Information Technology, or a related discipline-or equivalent hands-on experience in critical environments.
  • Significant experience in cybersecurity in senior-level incident response roles, including crisis-level incident handling and enterprise forensics.
Additional InformationAt McDonald's we are People from all Walks of Life...People are at the heart of everything we do, and they make the McDonald's experience. We embrace diversity and are committed to creating an inclusive culture that means people can be their best authentic self in our restaurants and offices, which helps us to better serve our customers. We have a strong heritage of diversity and representation within our communities, which we are proud of. The diversity of our people, customers, Franchisees and suppliers gives us strength.We do not tolerate inequality, injustice or discrimination of any kind. These are hugely important issues and a brand with our reach and relevance means we have a very meaningful role to play.We also recognise our responsibility as a large employer to continue being active in our communities, helping to develop skills and drive aspirations that will help people to be more aware of the world of work and more successful within it, whether with McDonald's or elsewhere.”

McDonald's