AstraZeneca is a global, science-led biopharmaceutical business whose innovative medicines are used by hundreds of millions of patients worldwide. Our IT 2025 strategy is focused on Smarter, Faster, Leaner and Better and we are looking for a Cybersecurity Engineer to play an active part in helping make this strategy a reality.

At AstraZeneca we:

· Believe in lifelong learning.

· Endeavor to be a great place to work.

· Encourage a “speak up” culture.

· Lead the way in sustainable IT & social impact.

· Actively work towards becoming a digital organization.

Cybersecurity is key to our IT strategy as we move towards our future objectives. We are looking for IT security professionals that can help us on the journey through this challenging and ever-changing technology landscape.

We are looking for Individuals who:

· Understand that security is a journey and not a destination.

· Understand that we cannot just buy our way in cybersecurity.

· Focus on innovation to maintain a sustainable risk position against the evolving threat landscape.

· Understand that we could be working against organized crime syndicates or state-sponsored attackers.

· Understand attackers’ motivations and their ways of working.

· Understand the criticality of data security in a customer-focused global enterprise.

Accountabilities

In this role you will operate within AstraZeneca’s global cybersecurity organization to deliver quality services and solutions that meet both business and IT needs. You will need to collaborate and influence multiple functions across a global organisation spanning Mexico, US, UK, Sweden, China, India and beyond.

The core accountabilities for the role include:

· Engineer cybersecurity solutions spanning cloud, on-premises, and third-party collaboration environments, with a predominant focus on cloud and data.

· Collaborate with other teams in performing, assessing, and evolving IT processes that intersect any of our cybersecurity priorities.

· Map governance and compliance frameworks and their controls to technical implementation, shifting hardening processes as far left as possible.

· Leverage understanding of threats, weaknesses, and vulnerabilities around cloud and data to assist other areas in responding promptly and effectively to contain breaches or to address areas of concern.

· Contribute to defining the future state of cybersecurity within the organisation by conducting gap analysis between our current state and the desired state for tools and services around cloud and data.

· Actively collaborate with multiple teams in AstraZeneca to implement and maintain periodic access audits to assess how systems and human identities interact with data.

· Review existing data security protocols and plan for required improvements.

· Leverage data access analytics to design processes and software to provide increased data security.

· Define the roadmap of our data security technologies.

· Champion a culture of least-privilege access to data.

Qualifications and Experience

· Must have large enterprise IT experience, ideally with significant cloud and data exposure.

· Must have experience designing, deploying, and operating secure networks, systems, application, and security architectures at scale.

· Should have experience working in a software development and systems administration organization – ideally implementing DevSecOps and process automation.

· Must have experience researching, designing, and implementing data security policies, standards, and procedures, including those in GDPR, CCPA and other privacy regulations, as well as implementing data security reference architectures.

· Familiarity with common attack techniques and their remediation or defence including social engineering, phishing, worms, trojans, rootkits, ransomware, XSS, SQL injection, remote command execution, session hijacking, DDoS, etc.

· Must have solid experience configuring and managing cloud security services in an AWS organization, including service control, backup and tagging policies, firewalling, threat detection and data classification.

· Must have strong experience identifying, deploying, and managing cloud security services complementary to cloud provider native services, in a multi-cloud environment spanning AWS, GCP and Azure.

· Solid understanding of identity management and access control protocols.

· Knowledge of business continuity, risk assessment, disaster recovery, and computer forensics.

· Ability to conduct post-mortem on security incidents and take post-mortem data to drive uplift in policies, procedures, standards.

· Experience with SIEM, CSPM, DSPM, IDS, XDR, SOAR technologies.

· Experience managing OLAP and OLTP data stores.

· Solid understanding of applied cryptography as applicable to varied data sets.

· Experience implementing data masking, anonymization, and tokenization.

· Experience working with technologies that power data analytics such as Hive, Spark, Kafka or similar.

Skills & Capabilities

· Manage and lead projects delivering prioritised initiatives at challenging deadlines.

· Ability to positively exert influence in a matrixed organization to drive technology evolution.

· Ability to embed process, governance and security into workflow and technology.

· Design and implement software tools and services using modern programming languages .

· Strong drive to push for process and technology improvement at scale.

Date Posted

Closing Date

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.