Cybersecurity Trust by Design Senior Engineer

Leverage technology to impact patients and ultimately save lives!

Do you have expertise in, and passion for, cyber security? Would you like to apply your expertise to impact product security in a company that follows the science and turns ideas into life-changing medicines? If so, AstraZeneca might be the one for you!

Accountabilities:

At AstraZeneca, we are dedicated to building secure, resilient, and credible products for our customers. Our cybersecurity team is a crucial part of this mission, ensuring our systems and solutions are designed with security at their core. We are seeking a Trust by Design Cybersecurity Senior Engineer to join our team and drive the integration of trust and security into every stage of our product development lifecycle.

As a Trust by Design Cybersecurity Senior Engineer, you will apply your expertise in system development, software security, and enterprise architecture to build and maintain security frameworks that enhance the trustworthiness of our products and services. You will collaborate with multi-functional teams to embed security throughout the development lifecycle and ensure that the best standard methodologies, security architecture, and threat modeling are applied consistently.

What you'll do:

- System Development Lifecycle (SDLC) Integration: Work with product development teams to integrate security into each phase of the SDLC, ensuring security is a primary consideration from design to deployment.

- Threat Modeling & Risk Analysis: Identify and assess potential security risks and vulnerabilities within the system architecture, product design, and enterprise systems. Lead threat modeling exercises to proactively detect risks early in the development lifecycle.

- Security Architecture & Design Patterns: Develop and enforce security-focused architecture and design patterns to improve system resilience and security across products and services. Build reusable, scalable security controls that are adaptable to various development teams.

- Attack Patterns & TTPs: Use a deep understanding of attack patterns, techniques, tactics, and procedures (TTPs) to identify security gaps and build compensating and mitigating controls that bolster trust and resilience across enterprise systems and applications.

- OWASP Recommended Patterns: Hands-on experience in implementing OWASP’s recommended secure coding patterns, ensuring that security standard methodologies are embedded into the software development process and aligned with industry standards.

- Security Automation & Resilience: Collaborate with engineering teams to implement automated security testing and monitoring solutions that promote early detection of threats and improve system resilience.

- Multi-functional Collaboration: Work closely with engineering, DevOps, and other collaborators to promote security standard processes and drive a security-first culture across the organization. Provide mentorship and support to other teams on secure coding practices, vulnerability management, and compliance requirements.

- Incident Response & Remediation: Assist in security incident investigations and give to developing remediation strategies that prevent similar incidents in the future.

- Continuous Improvement: Stay up-to-date with industry trends and emerging security technologies. Share knowledge and contribute to continuous improvements in security processes, tools, and frameworks.

Essential Skills/Experience

- Bachelor's Degree
- Minimum 6+ years of relevant experience
- Proven experience in the system development lifecycle (SDLC), software/product development, or software security.
- Deep understanding of security principles, threat modeling, and risk management.
- Expertise in security frameworks, security tooling, and secure coding practices.
- Strong experience in building and maintaining security architectures and reusable security design patterns.
- Hands-on experience with tools and technologies for vulnerability scanning, penetration testing, and security automation.
- Excellent problem-solving skills and the ability to think critically about security threats and mitigation strategies.
- Strong communication skills, with the ability to successfully communicate with technical and non-technical collaborators.

Desirable Skills/Experience

- Bachelor's degree in Computer Science, Cybersecurity, Engineering, or related field (or equivalent experience).
- Deep understanding of attack patterns, techniques, tactics, and procedures (TTPs) and experience developing compensating and mitigating controls to enhance trust and resilience in products and enterprise systems.
- Extensive hands-on experience with OWASP recommended security patterns and standard processes.
- Experience with cloud environments (AWS, Azure, GCP) and containerization technologies (Docker, Kubernetes).
- Certifications such as CISSP, CISM, CEH, or similar.
- Familiarity with regulatory frameworks (GDPR, HIPAA, PCI DSS) and industry standard processes.
- Experience working in agile or DevOps environments.

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

The annual base pay (or hourly rate of compensation) for this position ranges from $126,906 to $190,360. Hourly and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime hours. Base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. In addition, our positions offer a short-term incentive bonus opportunity; eligibility to participate in our equity-based long-term incentive program (salaried roles), to receive a retirement contribution (hourly roles), and commission payment eligibility (sales roles). Benefits offered included a qualified retirement program [401(k) plan]; paid vacation and holidays; paid leaves; and, health benefits including medical, prescription drug, dental, and vision coverage in accordance with the terms and conditions of the applicable plans. Additional details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired, employee will be in an “at-will position” and the Company reserves the right to modify base pay (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors.

AstraZeneca is a place where technology meets science to create life-changing medicines. We empower our teams to innovate using innovative technology platforms combined with data analytics, AI, machine learning, and more. Our collaborative environment fosters growth through hackathons, continuous learning opportunities, and cross-functional teamwork. With significant investment backing us, we are driving industry-wide change at an unprecedented scale.

Ready to make a difference? Apply now!

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.