Cyber Security Engineer
Cyber Security Engineer
AstraZeneca are a global, science-led biopharmaceutical business whose innovative medicines are used by hundreds of millions of patients worldwide. Our IT 2025 strategy is focused on Smarter, Faster, Leaner and Better and we’re looking for a Cyber Security Engineer to play an active part in helping make this strategy a reality.
AstraZeneca’s IT capability is world-class. As an IT capability, we:
Believe in Lifelong Learning
Endeavour to be a great place to work
Actively encourage a “Speak Up” culture
Lead the way in Sustainable IT & Social Impact
Are actively working towards becoming a digital organization
The focus on Digital, AI & ML, Data & Data Science along with joint ventures and collaboration with third parties are creating new opportunities within the Cyber Security team. Cyber Security will need to be the cornerstone of our IT strategy as we move towards our future objectives.
We’re looking for IT security professionals that can help us on the journey through this challenging and ever-changing technology landscape. Individuals who:
Understand that security is a journey and not a destination. Cyber Security is not something that can be “fixed”, and we instead need to focus on innovation to maintain sustainable risk position against the evolving threat landscape.
Understand that we can’t just buy our way out of a Cyber Security problem. Technology may win the battle, but it won’t win the war.
Understand that Cyber Security is not just dealing with over-enthusiastic teenagers. We are potentially working against state-sponsored attacks and multi-billion dollar organized crime syndicates.
Understand attackers, their motivations and their ways of working to be able to get ahead and keep ahead of them.
In the role of Cyber Security Engineer, you’ll operate within AstraZeneca’s Enterprise Technology Services (ETS) division to deliver quality services and solutions that meet both business and IT needs. You’ll need to collaborate with Business, Solution Delivery, Engineering, and Quality and Compliance functions across a global organisation spanning US, UK, Sweden, China, Japan, Poland, Mexico, India and beyond.
The core accountabilities for the role include:
Engineer, build, configure, test and implement Cyber Security solutions for the organisation spanning Cloud, on-premise and third-party collaboration environments with the predominant focus on Cloud and DevOps enablement.
Define and contribute to strategy, principles, policies, standards and governance covering Cloud, DevOps, Corporate network connectivity, tooling, ways of working, application security standards, static and dynamic code review, penetration testing (both automated and manual / exploratory), monitoring (including Security Information and Event Management [SIEM]), mapping governance and compliance frameworks and controls to technical implementation, shifting hardening processes as far left as possible, network traffic inspection (including IDS / IPS)
Help define the future state of Cyber Security within the organisation, conduct review and gap analysis between current state and future state including existing measures and controls, and then work to uplift to align to the future state vision.
Anticipate threats, identify weaknesses, and respond promptly and effectively to possible breaches or areas of concern with a focus on Cloud and DevOps.
Continuous testing, continuous validation, continuous monitoring suitable and applicable to more modern and flexible ways of working
Anticipate the moves, tactics and motivations that hackers will use to try and gain unauthorized access to AstraZeneca’s technology assets. Keeping on top of latest techniques but also maintaining a view of historical approaches as many of these are cyclical and get reused.
Education, Qualifications, and Experience
Must have large enterprise IT experience, ideally with significant Cloud and DevOps exposure
Able to influence at engineering, architecture, strategic and leadership levels
Have or are working towards a recognised Cyber Security certification (e.g. GIAC Certs, CCSP, AWS/Azure/GCP Certs, etc.)
Membership of a professional body (e.g. BCS, IET, ISC2)
Experience and familiarity with a range of automated build and deployment tools
Experience planning, researching and developing security policies, standards and procedures
Development and Systems Administration experience – ideally with process automation and/or configuration management
Good understanding of Agile methodologies
Excellent written and oral communication skills
Experience with SIEM, anti-virus software, intrusion detection, firewalls and content filtering
Security administration and auditing across internal and external network and systems including IDS deployment and monitoring and system vulnerability auditing.
Familiarity with Security technologies including Intrusion Detection and Prevention, Vulnerability scanning, firewalling/packet inspection, system integrity monitoring, etc
Familiarity with common attack techniques and their remediation/defence including DoS, DDoS, Social engineering, Virus, Malware, Vulnerability exploitation, Phishing & Spear Phishing, Worms, Trojans, Rootkits, Ransomware, XSS, SQL Injection, Remote Command Execution, Session Hijacking, etc.
Solid understanding of security protocols, cryptography, authentication, authorisation and network security implementations
Implement and configure tools to improve our reactive and proactive security posture
Collaborate with other teams to develop automation strategies
Documenting requirements and capabilities to ensure maximum return on investment through existing technology choices is achieved
Must have knowledge and applied experience of various cybersecurity frameworks, to include at a minimum; MITRE ATT&CK, Cyber Kill Chain, NIST CSF, NIST SP.800-53, and NIST SP.800-61.
High school diploma
Experience designing secure networks, systems and application architectures
Security, compliance and regulatory experience in a public cloud environment
Knowledge of disaster recovery, computer forensic tools, technologies and methods
Knowledge of risk assessment tools, technologies and methods
Ability to conduct post mortem on security incidents and/or take post mortem data to drive uplift in policies, procedures, standards
Experience in a system administration role supporting multiple platforms and applications
Cloud and/or DevOps certifications
Experience working closely with compliance and audit functions
Experience in supporting and working to deliver a Business Continuity Plan
Must have an understanding of OWASP, documentation and artefacts.
Skills & Capabilities
Ability to build, configure, test and implement Cyber Security solutions
Ability to define principles, policies, standards and governance
Ability to map governance and compliance frameworks and controls to technical implementation
Strong Cloud architecture and engineering capabilities
Familiarity working in and with DevOps teams
The ability to embed process, governance and security into workflow and technology
Ability to prioritise and validate the threats that really matter
Logging strategy and implementation, Log analysis, Post mortem, Forensics
Shifting hardening processes as far left as possible
Security roadmap and strategy development
Manage and lead projects delivering prioritised intiaitives to challenging timescales
Strong technical skills with EndPoint protection, SIEM, Cloud Security Posture Management, SOAR, and Automation (i.e. Python, Terraform, CloudFormation, Ansible, etc)
So, what’s next?
Are you already imagining yourself joining our team? Good, because we can’t wait to hear from you!
Where can I find out more?
Our Social Media, Follow AstraZeneca on LinkedIn https://www.linkedin.com/company/1603/
Follow AstraZeneca on Facebook https://www.facebook.com/astrazenecacareers/
Follow AstraZeneca on Instagram https://www.instagram.com/astrazeneca_careers/?hl=enr
AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorisation and employment eligibility verification requirements.