Job Title: Senior Engineer - Cyber security Penetration Testing

Career Level - D1

Introduction to role:
Are you ready to take on a challenge that will disrupt an industry and change lives? We’re seeking IT security professionals who understand that security is a journey, not a destination. We need innovative thinkers who can stay ahead of the evolving threat landscape, recognizing that we can't simply buy our way out of a Cyber Security problem. If you're ready to take on state-sponsored attacks and multi-billion dollar organized crime syndicates, this role is for you!

Accountabilities:
As a Penetration Tester, you’ll operate within AstraZeneca’s Cyber Security division, ensuring all Application & Systems owned by AstraZeneca are secure. You’ll collaborate with Business, Solution Delivery, Engineering, and Quality and Compliance functions across a global organisation. You will be responsible for performing Penetration Testing of AstraZeneca’s Applications and Systems, both on-premise and in the cloud. You'll also provide metrics and progress on the remediation of vulnerabilities identified through the programme and communicate closely with the application / system owner to define steps and timelines for remediation.

Essential Skills/Experience:
- Must have a thorough understanding of OWASP, SANS 25, common application security vulnerabilities and security flaws due to business logic flaws.
- Ability to conduct manual penetration testing against web, Mobile & API.
- Proficient with application security tools like Burp Suite, Kali Linux, NMAP etc.
- Good understanding of application architectures like Multi-tier, Micro services, and MVC architecture.
- Development experience – ideally with process automation and/or configuration management.
- Excellent written and oral communication skills.
- Experience firewalls, content filtering, vulnerability management tools and platforms (Qualys, Tanium, etc.)
- Solid understanding of security protocols, cryptography, SSO authentication, and network security implementations
- 2 – 5 Years of experience in the field of information security with sound knowledge on application security.

Desirable Skills/Experience:
- Experience designing secure networks, systems, and application architectures.
- Knowledge of disaster recovery
- Knowledge of multiple programming languages
- Ability to conduct post-mortem on security incidents and/or take post-mortem data to drive uplift in policies, procedures, standards.
- Cloud and/or DevOps certifications
- Good understanding of agile and DevOps methodologies.

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That’s why we work, on average, a minimum of three days per week from the office. But that doesn't mean we’re not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

Why AstraZeneca?
At AstraZeneca, our work has a direct impact on patients. We're transforming our ability to develop life-changing medicines by combining cutting-edge science with leading digital technology platforms and data. We're investing in a bold digital strategy to become a truly data-led enterprise that disrupts the entire industry. Here you'll join hackathons, work with large data and challenge yourself to push new boundaries. It's a dynamic and challenging environment to work in, but that's why we like it. There are countless opportunities to learn and grow. Shape your own path, with support all the way. Diverse minds that work cross-functionally and inclusively together.

Ready to take the leap? Apply now and be part of a team that has the backing to innovate, disrupt an industry and change lives.

Date Posted

Closing Date

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.