Department Overview McDonald’s is seeking a Sr Analyst – Application Security to lead secure coding practices efforts and ensure secure applications are being developed across the enterprise. This role expands beyond standard analyst responsibilities by providing leadership in prioritization, advanced testing, and reporting, while mentoring junior analysts and coordinating remediation activities. The Sr Analyst will also engage with internal customers to provide strategic guidance on security findings and ensure timely resolution. This position emphasizes comprehensive reporting, oversight of code reviews for security issues, and execution of advanced testing activities to validate application security posture. Duties Application Security Program Development - Design, implement, and maintain application security processes aligned with organizational standards and industry best practices. Lead Vulnerability Management - Oversee monitoring, tracking, and management of application security vulnerabilities across multiple platforms; evaluate risk and prioritize remediation efforts based on severity, business impact, and compliance requirements; work closely with developers, product teams, and cybersecurity stakeholders to communicate findings and drive remediation; support and mentor junior analysts in vulnerability management and testing best practices. Advanced Scan & Test - Execute and validate SAST/DAST scans, perform manual penetration testing, and oversee complex testing scenarios; guide and participate in code reviews to identify security vulnerabilities and enforce secure coding standards. Customer Engagement - Act as a primary point of contact for internal teams, providing strategic guidance and actionable recommendations; recommend process enhancements and automation opportunities to improve vulnerability management and testing efficiency. Qualifications Education: Bachelor’s degree in computer science, Cybersecurity, or related field (or equivalent experience). Experience: 4+ years in application security, vulnerability management, or related cybersecurity roles; hands‑on experience with application penetration testing methodologies and tools; proficiency with SAST and DAST tools; strong understanding of secure coding practices and common vulnerabilities (OWASP Top 10). Skills: Familiarity with CI/CD pipelines and operating security tools; excellent problem‑solving, strong analytical and communication skills; ability to work collaboratively across technical and business teams. Preferred Qualifications: Experience with container security and cloud‑native application security; certifications such as OSCP, CEH, Security+. #J-18808-Ljbffr