Senior Cybersecurity Engineer, External Application & API Security

About The Company

McDonald's Corporation, one of the world's largest employers with operations in over 100 countries, has a significant global office in Hyderabad, India. This office serves as a dynamic hub for innovation, expanding McDonald's global talent base and enhancing in-house expertise. Professionals across business, technology, analytics, and artificial intelligence collaborate here to deliver impactful solutions globally. McDonald's commitment to excellence, innovation, and sustainability drives a diverse and inclusive work environment, fostering talent growth to serve quality food and memorable experiences.

About The Role

We are actively seeking a highly skilled and motivated Senior Cybersecurity Engineer, External Application & API Security to join our Global Technology team in India. In this critical role, you will act as a technical leader, responsible for fortifying McDonald's external web and API surfaces, encompassing web, mobile, and partner integrations. Your primary focus will involve managing and enhancing our Akamai-based security platform, which includes Web Application Firewall (WAF), bot management, DDoS mitigation, CDN, and API security. You will collaborate extensively with product teams, developers, and cloud infrastructure teams to integrate robust security measures into CI/CD pipelines and DevSecOps workflows. This position offers an exceptional opportunity to contribute to the security posture of a global brand while working with cutting-edge technologies in a dynamic environment.

Qualifications

The ideal candidate will demonstrate a strong educational foundation and pertinent industry experience, including:

• A bachelor's degree in computer science, engineering, information technology, or an equivalent field.
• Hands-on experience with large-scale, high-availability platforms like CDN, edge computing, or cloud environments, emphasizing performance and latency optimization.
• Proficiency in Akamai APIs, infrastructure-as-code tools such as Terraform, and automation frameworks including Python or Bash scripting.
• Comprehensive knowledge of security standards and practices, including OWASP Top 10, API security, bot mitigation, and DDoS protection.
• Experience with SIEM/SOAR tools and log analysis for security event monitoring and incident response.
• Industry certifications such as CISSP, CCSP, GIAC, or Akamai certifications are highly desirable.
• Familiarity with Agile methodologies and practical experience integrating security into DevSecOps practices.

Responsibilities

The Senior Cybersecurity Engineer, External Application & API Security will undertake a broad spectrum of technical and leadership responsibilities, such as:

• Leading the onboarding of new web and API workloads onto the Akamai platform, from initial discovery and architecture review to staging, validation, and production deployment.
• Designing and tuning security policies to defend against threats like OWASP Top 10 vulnerabilities, API abuse, malicious bots, and DDoS attacks, ensuring optimal performance and user experience.
• Developing reusable configuration patterns, templates, and reference architectures for diverse application types, including marketing sites, e-commerce platforms, APIs, and partner integrations.
• Efficiently managing configurations at scale using Akamai APIs, automation tools, and infrastructure-as-code practices.
• Leading incident response for security events related to WAF, API, and bot activity, including containment, policy tuning, and long-term solution implementation.
• Analyzing logs and attack patterns to identify threats, false positives, and evasion techniques, continually refining security policies.
• Collaborating with security operations, threat intelligence, and product teams to integrate emerging threats into security policies and rulesets.
• Partnering with development teams to embed security checks within CI/CD pipelines, automating policy promotion and validation.
• Creating internal tools and scripts to streamline workflows such as bulk configuration updates, policy cloning, and compliance checks.
• Monitoring platform health, security metrics, and incident metrics, presenting findings to leadership, and driving continuous improvement.
• Mentoring junior engineers and analysts, offering guidance on investigations, change management, and documentation standards.
• Leading operational governance forums to review security posture, tuning backlog, and upcoming enhancements, ensuring adherence to best practices.

Benefits

McDonald's provides a comprehensive benefits package focused on employee health, well-being, and professional growth. Employees receive competitive salaries, health insurance, and wellness programs. Opportunities for continuous learning, training, certifications, and career advancement are also provided. The inclusive work environment promotes diversity and equal opportunity. Additional benefits include flexible work arrangements, employee assistance programs, and recognition initiatives. McDonald's is dedicated to fostering a positive and engaging workplace where employees can thrive and make a meaningful impact.

Key skills/competency

• Akamai Security Platform
• Web Application Firewall WAF
• API Security
• Bot Management
• DDoS Mitigation
• DevSecOps
• OWASP Top 10
• Infrastructure-as-Code Terraform
• Python Scripting
• Incident Response