Senior Engineer - CyberSecurity

Job Title: Senior Engineer - CyberSecurity

GCL: D3

Introduction to role:

Are you ready to turn sophisticated detection engineering and threat hunting into real protection for groundbreaking innovations in science and the patients it serves?rves? Do you want your decisions in the heat of an incident to safeguard labs, manufacturing lines, and global teams working at speed to deliver life-changing medicines?

You will join a fast paced technology community that is scaling modern systems and information to transform how we discover, develop, and deliver. Your mission is simple and high stakes: keep critical research and operations resilient by finding and stopping threats earlier, responding decisively, and continuously raising our defensive bar.

Accountabilities:

Threat Detection Engineering: Build, tune, and ethically validate high-fidelity detections in platforms such as Splunk, Microsoft Sentinel, and EDR. This lowers false positives while growing true positive coverage on priority attack pathways.

Lead targeted threat hunts aligned with MITRE ATT&CK. Use TTP-centric methods to detect credential abuse, lateral movement, and stealthy persistence in Windows, DNS, and web telemetry.

Incident Response Leadership: Orchestrate end-to-end incident response using the NIST framework, from triage and containment to eradication and recovery, reducing mean time to detect and respond across global environments.

Root Cause Analysis and Forensics: Conduct investigations and timeline reconstructions that are detailed to understand initial access, propagation, and impact; translate findings into durable control improvements and updated playbooks.

Purple Teaming and Control Assurance: Design and run adversary simulations to validate detections and hardening without redefining critical operations, closing identified gaps with measurable outcomes.

Platform Ownership and Automation: Partner with engineering to evolve SIEM/EDR/SOAR pipelines, enrichments, and playbooks; drive stability, resiliency, and automation that scale signal-to-noise improvements.

Cross-Tool Investigation: Leverage a broad toolset such as Tanium, Qualys, Mimecast, Zscaler, and various threat intelligence sources to assemble evidence quickly and make confident containment decisions.

Collaborator Communication: Provide clear, calm crisis communications to technical and non-technical audiences; brief leaders on risk, business impact, and recommended actions during fast paced events.

Metrics and Continuous Improvement: Track detection coverage, false positive rates, response SLAs, and post-incident actions; use data to prioritize the next most substantial improvements.

Impact on the Mission: In your first 90 days, baseline detection coverage for priority TTPs and retire high-noise rules; over time, shape our threat-led strategy that strengthens the protection of sensitive research and ensures continuity for teams delivering for patients.

Essential Skills/Experience:

• Hands-on expertise with Splunk and Microsoft Defender
• Develop and tune detection rules to reduce false positives (stability) and ensure tool outputs are ethically validated (integrity).
• Clear knowledge and work experience in NIST incident response Framework
• Perform detailed cause investigation and timeline reconstruction of Cyber incidents
• Conduct investigative hunts using MITRE ATT&CK (e.g., supervising TTPs like credential dumping or lateral movement).
• Anomaly-based analysis of logs (Windows Event IDs, DNS/HTTP flows) to uncover stealthy threats.
• Purple Teaming: Simulate adversary behaviors to test detection efficacy and refine controls without redefining operations.
• Incident Response & Threat Hunting: Shown, hands-on experience leading Cyber Incident Response workflows and conducting proactive hunts.
• Technical Stack: Proficiency with SIEM/SOAR (e.g., Splunk, Microsoft Sentinel) and EDR (e.g., Microsoft Defender, CrowdStrike).
• Investigation with multiple security toolings: Ability to demonstrate multiple tools across the incident lifecycle (e.g., Tanium, Qualys, Mimecast, Zscaler, Google Threat Intelligence, etc).
• Core Traits: Steadfast integrity, stability-focused approach, and clear crisis interpersonal skills.

Desirable Skills/Experience:

• Leadership: Experience mentoring junior analysts or acting as a shift lead (without requiring formal people management).
• Vulnerability Management: Familiarity with Qualys or similar VM platforms to support impact assessment and prioritization.
• Threat Intelligence: Experience operationalizing CTI (e.g., Google Threat Intelligence) to advise hunt hypotheses and IR decision-making.
• Network/Cloud Security: Hands-on security experience in AWS, Azure, and/or GCP.
• Additional Plus: Exposure to SOAR playbook development, malware triage, or purple-team exercises.

Why AstraZeneca:

Here, security enables science at scale. You will work where brand new platforms and data meet a bold transformation agenda, with investment to move quickly and the autonomy to experiment. Expect unexpected teams in the same room unleashing aggressive thinking—engineers, scientists, and analysts solving problems that matter, from protecting clinical data to keeping manufacturing running. We value patience alongside ambition, pair high standards with real support, and encourage curiosity through hands-on learning and events that fuel new ideas. Your craft will directly help colleagues push the boundaries of medicine while you sharpen skills on modern stacks and shape practices that influence the entire enterprise.

Call to Action:

If you’re ready to lead decisive defense that protects breakthrough science and elevate your craft on modern platforms, step forward and help us raise the bar now!

Date Posted

Closing Date

AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.