About McDonald’s: One of the world’s largest employers with locations in more than 100 countries, McDonald’s Corporation has corporate opportunities in Hyderabad. Our global offices serve as dynamic innovation and operations hubs, designed to expand McDonald's global talent base and in-house expertise. Our new office in Hyderabad will bring together knowledge across business, technology, analytics, and AI, accelerating our ability to deliver impactful solutions for the business and our customers across the globe.Engineer, External Application & API Security – E-WAAP Global Grade: G3 Office Location: India Part Time / Full-Time: Full TimeCompany Description: McDonald’s new growth strategy, Accelerating the Arches, is built on our ambition to Double Down on the 3Ds: Delivery, Digital, and Drive-Thru. Technology is at the center of this strategy, enabling 65M+ customers each day to enjoy fast, easy, and secure experiences across web, mobile, and restaurant channels. The Global Technology organization designs, builds, and operates the platforms behind our global omni-channel experience. Within Global Technology, Global Cybersecurity Services (GCS) protects McDonald’s customers, crew, and brand by securing our digital ecosystem end-to-end. The External Web Application and API Protection (E-WAAP) team is responsible for securing McDonald’s external web and API surfaces across web, mobile, and partner integrations using Akamai’s edge security platform (WAF, bot management, DDoS, CDN, and API security).Job Description: The Engineer, Application & API Security is a hands-on member of the E-WAAP team responsible for implementing and operating Akamai security configurations for McDonald’s web and API workloads. You will work closely with senior engineers, developers, and product teams to: Onboard new applications and APIs to Akamai. Configure and validate WAF / CDN / bot policies in staging and production. Support incident investigations, tuning, and change management. This role is ideal for someone who enjoys hands-on engineering at the edge, wants to grow towards technical leadership, and thrives in a global, highly collaborative environment.Responsibilities & Accountabilities: Implementation & Operations: Execute onboarding of new web and API services onto Akamai, following E-WAAP intake, design, and implementation standards. Implement and maintain WAF, caching, origin, routing, and bot rules in Akamai based on designs from Senior Engineers and architects. Perform staging and production validations, including functional checks, logging verification, performance assessment, and rollback readiness. Support DDoS and high-traffic event preparations (e.g., promotions, product launches) by validating rules, load behavior, and monitoring dashboards.Security monitoring & tuning: Monitor Akamai, WAF, and API security dashboards for anomalies, attacks, or performance regressions; escalate and investigate as needed. Analyze WAF logs to identify blocked attacks, false positives, and potential misconfigurations; propose tuning changes to Senior Engineers. Apply approved changes to security rulesets, rate limits, bot categories, and exceptions in a controlled manner with proper documentation.Dev & Automation: Use scripts and automation (e.g., Python, shell, Akamai CLI / API) to perform bulk changes, configuration comparisons, and standardization tasks. Contribute to internal tooling to simplify configuration deployments, environment promotions, and validation. Support integration of Akamai checks and validations into CI/CD pipelines in partnership with development and platform teams.Collaboration, Documentation & Process: Work directly with application and product teams to understand requirements, explain security behaviors, and troubleshoot issues. Maintain detailed runbooks, implementation guides, and operational SOPs in Confluence; keep Jira / ServiceNow records accurate and up to date. Participate in Agile ceremonies (stand-ups, sprint planning, retrospectives) as part of the E-WAAP product team.Qualifications: Basic Qualifications: Bachelor’s degree in computer science, Engineering, Information Technology, or equivalent experience. 2–5 years of relevant experience in security engineering, network engineering, SRE, or application support. Practical experience of 4-5 years with at least one WAF / CDN platform (Akamai preferred, or equivalent like Cloudflare, F5, etc.). Understanding of HTTP, TLS, DNS, CDN, SDK concepts, and basic web development (HTML, JavaScript, APIs). Knowledge of Agile software development process including application of Agile techniques and delivery practices. Familiarity with SIEM / SOAR tools and log analysis for WAF and CDN events. Industry certifications in security or cloud (e.g., CISSP, CCSP, GIAC, cloud provider security certifications).Additional Information: McDonald’s is committed to providing qualified individuals with reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contact recruiting.supportteam@ McDonald’s provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training. Nothing in this job posting or description should be construed as an offer or guarantee of employment.
Job Title
Cyber Security II [T500-23512]