Cybersecurity Engineer III

McDonald's View all jobs

  • Hyderabad, Telangana
  • Permanent
  • Full-time
  • 1 day ago
  • Apply easily
About McDonalds in IndiaOne of the world’s largest employers with locations in more than 100 countries McDonald’s Corporation has corporate opportunities in Hyderabad. Our global offices serve as dynamic innovation and operations hubs, designed to expand McDonald's global talent base and in-house expertise. Our new office in Hyderabad will bring together knowledge across business, technology, analytics, and AI, accelerating our ability to deliver impactful solutions for the business and our customers across the globe.Job DescriptionSenior Engineer, External Application & API Security E-WAAP
  • Global Grade: G4
  • Office Location: India
  • Part Time / Full-Time: Full Time
Company Description:McDonalds new growth strategy, Accelerating the Arches, is built on our ambition to Double Down on the 3Ds: Delivery, Digital, and Drive-Thru. Technology is at the center of this strategy, enabling 65M+ customers each day to enjoy fast, easy, and secure experiences across web, mobile, and restaurant channels.The Global Technology organization designs, builds, and operates the platforms behind our global omni-channel experience. Within Global Technology, Global Cybersecurity Services (GCS) protects McDonalds customers, crew, and brand by securing our digital ecosystem end-to-end.The External Web Application and API Protection (E-WAAP) team is responsible for securing McDonalds external web and API surfaces across web, mobile, and partner integrations using Akamais edge security platform (WAF, bot management, DDoS, CDN, and API security).Job Description:The Senior Engineer, Application & API Security is a key member of the E-WAAP team and serves as a technical lead for our Akamai-based web and API security platform. You will:
  • Lead onboarding of new applications and APIs onto Akamai (WAF, CDN, bot, and API security capabilities).
  • Design and tune security policies to protect against OWASP Top 10, API abuse, bots, and DDoS while preserving performance and user experience.
  • Partner with product teams, developers, and cloud teams to embed E-WAAP into CI/CD and DevSecOps workflows.
This role reports into the G5 Manager, Application & API Security (E-WAAP) and will provide coaching and technical direction to G3 Engineers and G2 / G3 Analysts as we in-source capabilities from our managed services provider.Responsibilities & Accountabilities:Platform engineering & design:
  • Lead the onboarding of new web and API workloads to Akamai, from discovery and architecture review to staging, validation, and production cutover.
  • Design and implement WAF, bot management, DDoS, and rate-limiting policies tailored to application risk profiles and business requirements.
  • Build reusable configuration patterns, templates, and reference architectures for common McDonalds application types (e.g., marketing sites, e-commerce, APIs, partner integrations).
  • Use Akamai APIs, automation frameworks, and infrastructure-as-code (e.g., Terraform, Python, CI/CD pipelines) to manage configurations at scale.
Security operations & tuning:
  • Lead incident triage and investigations for WAF, API, and bot-related events; coordinate containment, tuning, and long-term fixes.
  • Analyze WAF and CDN logs to identify attacks, false positives, and evasion attempts; refine policies, exception sets, and custom rules.
  • Collaborate with Security Operations, Threat Intelligence, and product security teams to map emerging threats into new or updated rulesets.
  • Drive continuous improvement in detection quality, block rates, and false-positive reduction while maintaining performance SLAs.
Dev & automation focus:
  • Partner with developers to integrate Akamai security checks into CI/CD (e.g., automated policy promotions, pre-prod validation jobs, automated regression checks).
  • Develop internal tools and scripts (Python, Bash, TypeScript, etc.) to streamline common workflows (policy cloning, bulk updates, configuration linting).
  • Provide technical requirements and guidance into product roadmaps for observability, logging, and security analytics.
Governance, metrics, and leadership:
  • Own platform health and risk metrics (coverage, rule adoption, false positives, incident volume, MTTR) and present them regularly to leadership and stakeholders.
  • Lead operational governance forums with product teams to review posture, tuning backlog, and upcoming changes.
  • Mentor and coach G3 Engineers and Analysts; provide guidance on investigations, change reviews, and documentation.
  • Contribute to and lead updates of SOPs, intake processes, runbooks, and standards for Akamai and E-WAAP.
Qualifications:Basic Qualifications:
  • Bachelors degree in computer science, Engineering, Information Technology, or equivalent experience.
  • Knowledge of Agile software development process including application of Agile techniques and delivery practices and promoting adoption of Agile methodologies to secure outcome-driven mindset in product teams.
  • Experience working with large-scale, global, high-availability platforms (CDN, edge, or cloud) where performance and latency are critical.
  • Prior experience with Akamai APIs, NoName, WallArm, Terraform, or other infrastructure-as-code tools for managing Akamai configurations at scale.
  • Familiarity with SIEM / SOAR tools and log analysis for WAF and CDN events.
  • Industry certifications in security or cloud (e.g., CISSP, CCSP, GIAC, cloud provider security certifications, Akamai Certification / training).
Additional Information:McDonalds is committed to providing qualified individuals with reasonable accommodations to perform the essential functions of their jobs. Additionally, if you (or another applicant of whom you are aware) require assistance accessing or reading this job posting or otherwise seek assistance in the application process, please contactMcDonalds provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to sex, sex stereotyping, pregnancy (including pregnancy, childbirth, and medical conditions related to pregnancy, childbirth, or breastfeeding), race, color, religion, ancestry or national origin, age, disability status, medical condition, marital status, sexual orientation, gender, gender identity, gender expression, transgender status, protected military or veteran status, citizenship status, genetic information, or any other characteristic protected by federal, state or local laws. This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation, and training.Nothing in this job posting or description should be construed as an offer or guarantee of employment.

McDonald's

Similar Jobs

  • Security Engineer

    Costco

    • Hyderabad, Telangana
    Job Description About Costco Wholesale: Costco Wholesale is a multi-billion-dollar global retailer with warehouse club operations in eleven countries. They provide a wide selec…
    • 10 days ago
    • Apply easily

  • Sr Engineer, Cybersecurity

    TMUS Global Solutions

    • Hyderabad, Telangana
    About TMUS Global Solutions T-Mobile is America’s supercharged Un-carrier, challenging conventions and setting new standards in wireless. With the nation’s largest and fastest 5G…
    • 18 days ago
    • Apply easily

  • Lead Cybersecurity Engineer

    Providence India

    • Hyderabad, Telangana
    Cybersecurity at Providence is responsible for appropriately protecting information related to caregivers and affiliates, as well as safeguarding confidential business and patient …
    • 3 days ago