Director, Threat Operations & Penetration Testing

Chicago, ILPosted 1 weeks ago

Department Overview

The Director, Threat Operations & Offensive Security is responsible for defining, leading, and scaling a global cybersecurity program spanning two critical pillars:

Threat Operations — Insider Risk, Threat Hunting, and Cyber Threat Exposure Management (CTEM)

Offensive Security — Red Teaming, Penetration Testing, and Adversary Simulation

This role leads a geographically distributed team across the United States and United Kingdom, sets strategic direction, and ensures all activities translate into measurable risk reduction and enhanced detection/response capabilities for the enterprise. You will partner closely with Incident Response, Detection Engineering, Security Operations (GSOC), Engineering, and Technology Risk stakeholders to drive cross-functional outcomes.

This role balances strategic program leadership, deep technical expertise, and executive communication — reporting to the Sr. Director, Cyber Defense within Global Cyber Security (GCS).

Duties

Strategy & Program Leadership

Define and execute the global strategy and multi-year roadmap for Threat Operations and Offensive Security programs
Establish measurable goals, KPIs, and OKRs aligned to enterprise cyber risk reduction
Drive integration between CTEM, threat hunting, insider risk, detection engineering, and offensive testing to create a unified threat-informed defense model
Provide executive-level reporting on program outcomes, risk posture, and operational metrics to GCS and Global Technology leadership

Threat Operations

Insider Risk — Lead the insider threat program to detect, investigate, and mitigate internal threats through behavioral analytics, policy enforcement, and cross-functional partnerships (HR, Legal, Compliance)
Threat Hunting — Mature proactive threat hunting capabilities to identify advanced persistent threats, anomalous activity, and gaps in detection coverage across the global enterprise
Cyber Threat Exposure Management (CTEM) — Own the CTEM lifecycle including attack surface visibility, exposure prioritization, vulnerability validation, and remediation tracking in partnership with GRC/TPRM and engineering teams
Develop playbooks, automation, and operational processes to scale threat operations capabilities

Offensive Security

Lead penetration testing programs across application, cloud, network, infrastructure, mobile, and SaaS environments
Plan and execute Red Team and Purple Team operations, breach & attack simulations (BAS), and adversary emulation exercises informed by real-world threat intelligence
Oversee the Vulnerability Disclosure Program (VDP) and External Attack Surface Management (EASM) validation activities
Translate offensive findings into prioritized, risk-ranked remediation actions and validate effectiveness of security controls and detection capabilities
Lead targeted risk assessments and custom exercises (e.g., tabletop simulations, physical security testing, social engineering campaigns)

Leadership & Team Development

Lead, mentor, and scale a high-performing global team of managers, senior analysts, and technical leads across the US and UK
Foster a culture of innovation, accountability, continuous improvement, and technical excellence
Manage capacity planning, headcount budgeting, and resource allocation across multiple towers and regions
Drive continuous improvement through automation, process maturity, and threat-informed testing

Qualifications

10+ years of progressive cybersecurity experience across offensive and defensive domains
5+ years of direct leadership experience managing cybersecurity teams, including people managers
Deep expertise in penetration testing, red teaming, threat hunting, insider risk, and/or CTEM
Expert-level understanding of adversarial tactics, techniques, and procedures (TTPs), the cyber kill chain, and MITRE ATT&CK framework
Extensive experience leading teams that emulate threat activities and understanding the stages of a cyber-attack (reconnaissance, scanning, enumeration, gaining access, escalation of privileges, maintaining access, network exploitation, covering tracks)
Experience leading global, geographically distributed teams and managing large-scale security programs in complex multinational environments
Strong executive communication and stakeholder management skills with the ability to translate technical risk into business impact for senior leadership and CIO-level audiences
Proven ability to operate with minimal oversight, make quick and effective decisions, and navigate ambiguity in fast-paced, deadline-driven environments

Desired Skills

Professional certifications such as OSCP, GXPN, GCDA, GCPN, GCTI, GCIH, CEH, CISM, or equivalent
Expert understanding of cloud security architectures (Azure, AWS, GCP) and modern application security
Experience with SIEM/SOAR platforms, detection engineering, and security operations workflows
Hands-on experience with offensive security tooling and frameworks (e.g., Cobalt Strike, Burp Suite, BloodHound, Metasploit, custom tooling)
Experience managing vulnerability disclosure programs, bug bounty programs, or coordinated disclosure processes
Familiarity with insider threat platforms, behavioral analytics, and UEBA solutions
Strong understanding of exposure management platforms, EASM, and attack surface monitoring tools
Outstanding technical writing skills and the capability to communicate findings and program outcomes to a wide range of technical and non-technical audiences
Experience with budgeting, headcount governance, and cross-regional workforce planning

Compensation

Bonus Eligible: YES

Long - Term Incentive: YES

Benefits Eligible: YES

Salary Range

The expected salary range for this role is $195,371.00 - $244,214.00 per year

The above represents the expected salary range for this job requisition. Ultimately, in determining your pay, we may also consider your experience, and other job-related factors.

See Your Match Score

About McDonald's

10001+ employees

Chicago, Illinois, US

Website