Lead Consultant – Cyber SOC Operations

Job Title: Lead Consultant – Cyber SOC Operations

GCL: E

Introduction to role:

Are you ready to lead a high-impact Security Operations Center and defend the expertise behind life-changing medicines? As Lead Consultant – Cyber SOC Operations, you will guide incident response across a sophisticated digital world, safeguarding critical research, manufacturing, and patient-facing systems. Your decisions will reduce risk, maintain continuity, and keep our mission moving at speed.

You will join a collaborative team that blends deep security expertise with data, automation, and AI to outpace evolving threats. From day one, you will turn signals into crucial action, scale playbooks that improve, and mentor analysts to achieve steady, measurable outcomes. You see yourself transforming sophisticated telemetry into clear, business-saving decisions?

Accountabilities:

Incident Investigation: Lead investigations through analysis of logs, endpoint data, and network communication to resolve scope, impact, and next steps, accelerating time to containment and recovery.

Rapid Containment: Orchestrate containment actions such as suspending account access, isolating compromised devices, and blocking IPs to stop attacker movement and protect high-value assets.

Severity-based Issue: Apply risk-based judgment to raise incidents in line with impact, severity, and SLAs, ensuring focus and response from the right collaborators at the right time.

IOC and Threat Pattern Analysis: Analyze indicators of compromise and charge patterns to identify root behaviors, drive detection improvements, and close gaps.

Root Cause and Timeline Reconstruction: Conduct RCA, build accurate timelines, and foster insights back into controls, architecture, and training to prevent recurrence.

Cross-Tool Correlation: Link events from SIEM, EDR, network, and identity platforms to build a unified view of the charge chain and reduce noise.

SOAR Response Execution: Implement response actions through SOAR playbooks to deliver consistent, rapid, and auditable remediation.

Playbook Optimization: Assist in tuning playbooks and automation to improve fidelity, reduce false positives, and increase analyst efficiency.

Incident Documentation: Document incidents with clear evidence, actions, and decisions, creating a reusable institutional memory and enabling executive-level communication.

Runbook and SOP Maintenance: Keep runbooks, SOPs, and incident response documentation up to date so the team operates predictably and scales effectively.

Essential Skills/Experience:

• Investigate security incidents using logs, endpoint telemetry, and network traffic

• Contain incidents (account isolation, endpoint quarantine, IP blocking, etc.)

• Raise incidents based on severity, impact, and SLAs

• Analyze indicators of compromise (IOCs) and charge patterns

• Perform root cause analysis (RCA) and timeline reconstruction

• Correlate events across multiple tools and data sources

• Implement response actions using SOAR playbooks

• Assist in playbook tuning and automation improvement

• Document incidents clearly with evidence and actions taken

• Maintain runbooks, SOPs, and incident response documentation

• Hands-on experience with enterprise SIEM and EDR platforms (e.g., Splunk, Microsoft Sentinel, CrowdStrike, Defender for Endpoint)

• Proficiency with SOAR platforms and workflow design (e.g., Cortex XSOAR, Splunk SOAR), plus scripting in Python or PowerShell

• Solid understanding of cloud security (Azure, AWS, GCP), identity security, and modern network security architectures

• Familiarity with MITRE ATT&CK, NIST CSF, ISO 27035, and threat hunting techniques

• Exposure to digital forensics, malware triage, and memory/network analysis

• Experience defining SOC metrics, SLAs, and KPIs to measure and improve performance

• Good communication skills for executive briefings and multi-functional coordination during fast paced events

• Leadership experience in a 24x7 SOC environment, including mentoring analysts and coordinating major incidents

• Relevant certifications such as CISSP, GIAC (GCIH, GCIA, GMON), or equivalent experience

• Experience operating in highly supervised environments and aligning response with compliance expectations

When we put unexpected teams in the same room, we unleash aggressive thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

Why AstraZeneca:

At AstraZeneca, our work has a direct impact on patients by transforming our ability to develop life-changing medicines. We empower the business to perform at its peak by combining modern science with leading digital technology platforms. With a passion for impacting lives through data, analytics, AI, machine learning, and more, we are committed to driving cross-company change to disrupt the entire industry. Join us at a crucial stage of our journey in becoming a digital and data-led enterprise

Here, the work of cybersecurity directly protects the science and systems that bring new medicines to patients. You will partner with diverse specialists who bring unexpected perspectives together to spark bold ideas, backed by investment in leading data, automation, and AI. We encourage experimentation and ownership, value kindness alongside ambition, and give you the platform to design resilient defenses that scale across a global enterprise. Your expertise will help unlock innovation at pace while keeping our mission safe.

Call to Action:

Lead the defense that powers breakthroughs—step into this role to shape resilient operations and safeguard the science that saves lives.

Date Posted

Closing Date

AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.