Sr Manager Application Security

The Sr Manager – Application Security will lead the global application security program, combining strategic leadership with technical depth. This role oversees engineering and analyst teams to design, build, and optimize security solutions, manage vulnerabilities, and embed security into the software development lifecycle. The Sr Manager will champion DevSecOps adoption, oversee secure architecture design, and drive automation while providing leadership in prioritization, reporting, and remediation coordination.

McDonald’s is investing heavily in technology to drive our growth. We’re looking at how to use technology to improve customer experience and build new customer experiences. We’re also exploring technologies that can help us reduce or eliminate repetitive tasks and make employees’ jobs ultimately exciting. With all the new projects and initiatives, it is a dynamic era in our cybersecurity growth, helping to make a safer and Better McDonald's!

The Sr Manager – Application Security will play a strategic role in implementing and optimizing application security controls across the organization. This position requires strong technical expertise, leadership skills, and the ability to influence across development, product, and cybersecurity teams globally.

Responsibilities & Accountabilities:

• Program Leadership: Define and execute the global application security strategy, aligning with organizational goals and industry best practices.
• Engineering Oversight: Direct the build, configuration, and optimization of security tools (SAST, DAST, IAST, RASP, SCA), CI/CD integration, and automation frameworks.
• Architecture & Data Flows: Establish secure architecture patterns and data flow models for applications and APIs.
• Vulnerability Management: Oversee vulnerability identification, prioritization, and remediation across platforms.
• Testing & Validation: Ensure execution of advanced penetration testing, code reviews, and automated security checks.
• Reporting & Metrics: Deliver executive-level dashboards and reports on application security posture and risk trends.
• Collaboration: Partner with global technology teams, product owners, and business stakeholders to embed security into development processes.
• Team Leadership: Manage and mentor engineers and analysts, fostering a culture of continuous improvement and technical excellence.
• Continuous Improvement: Identify opportunities for process automation, tool enhancement, and emerging security practices.