Engineer II Application Security

McDonalds is seeking an Engineer II Application Security to join our cybersecurity team and take ownership of building and optimizing application security solutions. This role is deeply technical and focuses on building configuring and optimizing security tools and frameworks automating security testing and designing secure data flows across applications and services. This position emphasizes hands-on development automation and integration of security into the software development lifecycle.

McDonalds is investing heavily in technology to drive our growth. Were looking at how to use technology to improve customer experience and build new customer experiences. Were also exploring technologies that can help us reduce or eliminate repetitive tasks and make employees jobs ultimately exciting. With all the new projects and initiatives it is a dynamic era in our cybersecurity growth helping to make a safer and Better McDonalds!

The Engineer II Application Security will play a hands-on role in implementing and optimizing application security controls across the organization. This position will focus on integrating security into the software development lifecycle. The role requires close collaboration with developers architects and DevOps teams to integrate security controls into CI/CD pipelines develop automation scripts and verify security measures at scale.

Responsibilities & Accountabilities:

• Application Security Program Development:
  - Design implement and maintain application security processes aligned with organizational standards and industry best practices.
• Secure Development Lifecycle (SDLC):
  Integrate security controls and testing into the SDLC ensuring security is embedded from design through deployment.
• SAST/DAST Tooling:
  Manage and optimize Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST) tools. Continuously improve security workflows reduce false positives and enhance developer experience.
• Collaboration:
  Partner with DevOps engineers developers architects and product teams to provide guidance on Implementing security gates and automated checks within CI/CD pipelines.
• Continuous Improvement:
  Stay current with emerging threats tools and techniques; recommend enhancements to security processes and technologies.

Qualifications :

• Education:
  • Bachelors degree in computer science Cybersecurity or related field (or equivalent experience).
• Experience:
  • 3 years in application security or related cybersecurity roles.
  • Hands-on experience with application penetration testing methodologies and tools.
  • Proficiency with SAST and DAST tools.
  • Experience integrating security tools into CI/CD pipelines
  • Strong understanding of secure coding practices and common vulnerabilities (OWASP Top 10).
• Skills:
  • Familiarity with CI/CD pipelines and integrating security tools.
  • Excellent problem-solving and communication skills.
  • Ability to work collaboratively across technical and business teams.
• Preferred Qualifications
  • Experience with container security and cloud-native application security.
  • Certifications such as OSCP CEH Security.

#LI-Hybrid 

Additional Information :

McDonalds is committed to providing qualified individuals with reasonable accommodations to perform the essential functions of their jobs. Additionally if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process please contact  

McDonalds provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex sex stereotyping pregnancy (including pregnancy childbirth and medical conditions related to pregnancy childbirth or breastfeeding) race color religion ancestry or national origin age disability status medical condition marital status sexual orientation gender gender identity gender expression transgender status protected military or veteran status citizenship status genetic information or any other characteristic protected by federal state or local laws. This policy applies to all terms and conditions of employment including recruiting hiring placement promotion termination layoff recall transfer leaves of absence compensation and training. 

Nothing in this job posting or description should be construed as an offer or guarantee of employment. 

Remote Work :

No

Employment Type :

Full-time