Перейти к основному меню
Поиск

Cyber Security Architect

Местоположение Royston, Англия, Великобритания Macclesfield, Англия, Великобритания Идентификатор вакансии R-124462 Дата публикации 11/25/2021

ETS – Cyber Security Strategist – Melbourn Science Park or Macclesfield

ABOUT THE ENTERPRISE TECHNOLOGY SERVICES TEAM

The Enterprise Technology Services (ETS) team is accountable for all Infrastructure, Security, IT Operations and all End User Services and technologies. This group will ensure that our IT Services are seamless and secure, and that technology is delivered in an efficient, effective, and agile way, with a strong focus on experience.

It’s a dynamic and challenging environment to work in – but that’s why we like it. There are countless opportunities to learn and grow, whether that’s exploring new technologies in hackathons, or transforming the roles and work of colleagues, forever. This is your chance to be part of a team that has the backing to innovate, disrupt an industry and change lives.

THIS IS WHAT YOU’LL DO

AstraZeneca are a global, science-led biopharmaceutical business whose innovative medicines are used by millions of patients worldwide. We are increasing our focus on growth through innovation - being more patient-centric, doing more with technology, digital and data, and advancing more cutting-edge science. Our key principals include:

  • Accelerate innovative science – Advancing high-potential late-stage pipeline projects, pursuing the next wave of disruptive biology and accelerating efforts in ML & AI, Data Science and Digital Technology
  • Deliver growth and therapy area leadership – Driving growth, impacting and improving the whole patient journey and collaborating with the funders of healthcare and third parties.

The focus on Digital, AI & ML, Data & Data Science along with joint ventures and collaboration with third parties are creating new opportunities within the IT security team. Cyber security will need to be the cornerstone of our IT strategy as we move towards our future objectives.  

We’re looking for IT security professionals that can help us on the journey through this challenging and ever-changing technology landscape. Individuals who:

  • Understand that security is a journey and not a destination. Cyber security is not something that can be “fixed”, and we instead need to focus on innovation to maintain sustainable risk position against the evolving threat landscape.
  • Understand that we can’t just buy our way out of a cyber security problem. Technology may win the battle, but it won’t win the war.
  • Understand that cyber security is not just dealing with over-enthusiastic teenagers. We are potentially working against state-sponsored attacks and multi-billion dollar organized crime syndicates.
  • Understand attackers, their motivations and their ways of working to be able to get ahead and keep ahead of them.

Accountabilities:

In this role of Cyber Security Strategist, you’ll operate within AstraZeneca’s Cyber Security division to design quality solutions and work with vendors on COTS applications to strengthen our security stance across the enterprise. You’ll need to collaborate with Business, Solution Delivery, Engineering, and Quality and Compliance functions across a global organisation spanning US, UK, Sweden, China, Japan, Poland, Mexico, India and beyond.

The core accountabilities for the role include:

  • Defining strategic actions for cyber security solutions for the organisation spanning Cloud, Hybrid and on-premise as well as third-party collaboration environments.
  • Define principles, policies, standards and governance covering Cloud, DevOps, Corporate network connectivity, tooling, ways of working, application security standards, static and dynamic code review, penetration testing (both automated and manual / exploratory), monitoring (including Security Information and Event Management [SIEM]), mapping governance and compliance frameworks and controls to technical implementation, shifting hardening processes as far left as possible, network traffic inspection (including IDS / IPS)
  • Help define the future state of cyber security within the organisation, conduct review and gap analysis between current state and future state including existing measures and controls, and then work to uplift to align to the future state vision.
  • Define security strategies, self-service standards and ways of working for users working across the cloud
  • Work with existing security teams to implement and enforce strategies and policies across the enterprise
  • Define and create a portfolio of secure design principles to support bespoke architectures that doesn’t fit existing patterns.
  • Collaborate with other architecture functions resulting in effective security. Supporting other functions towards a shared goal of delivering secure cloud solutions.
  • Ensure lastest trends and technology are considered as part of solutioning.  For example, consider the security implications of IoT being integrated into our existing landscape.
  • Define Cloud Security patterns and design principles
  • Work with Solution Architects, Solution Engineering and Support functions to ensure that cloud solutions are secure and align with AZ Security policies and guidelines.
  • You will also perform security reviews of cloud solutions, looking at compliance , but also how solutions can be improved for security in the way they are designed, used, built and maintained.
  • Advise technical leaders on cloud security when making strategic decisions
  • Designing or reviewing whether security controls for a computer system are suitable; this is based on an understanding of both use and context, and how the system will likely be attacked
  • Provide technical support and expertise to cloud users, and conduct architectural reviews throughout project and solutions design lifecycle

Knowledge, experience, and understanding of

Essential:

  • Must have an understanding of the OWASP methodology, process and artefacts
  • Must have experience of Solution Architect for at least 5 years covering entererprise and consultancy
  • Able to influence and position strategies at multiple levels to both IT and business functions
  • Have an excellent understanding and proven capability in Cloud, Hybrid and On-Premise architecture
  • Able to work across multiple teams spanning many geographic regions
  • Security, compliance and regulatory experience in a public cloud environment
  • Ability to carry out evaluations, gap analysis and vendor assessments for security technologies and applications
  • Excellent written and oral communication skills
  • Experience planning, researching and developing security policies, standards and procedures
  • Familiarity with common attack techniques and their remediation/defence including DoS, DDoS, Social engineering, Virus, Malware, Vulnerability exploitation, Phishing & Spear Phishing, Worms, Trojans, Rootkits, Ransomware, XSS, SQL Injection, Remote Command Execution, Session Hijacking, etc.
  • Solid understanding of security protocols, cryptography, authentication, authorisation and network security implementations

Desirable:

  • Experience designing secure networks, systems and application architectures
  • Knowledge of disaster recovery, computer forensic tools, technologies and methods
  • Knowledge of risk assessment tools, technologies and methods
  • Ability to conduct post mortem on security incidents and/or take post mortem data to drive uplift in policies, procedures, standards
  • Experience in a system administration role supporting multiple platforms and applications
  • Security, Cloud and/or DevOps certifications
  • Experience working work closely with compliance and audit functions

Candidate Knowledge, Skills & Experience

Essential:

  • Ability to design, build, test and implement cyber security solutions 
  • Ability to define principles, policies, standards and governance
  • Ability to map governance and compliance frameworks and controls to technical implementation
  • Strong Cloud architecture and multiple domain experience
  • Familiarity working in and across large geo-disperesed teams
  • The ability to idetinfy and document security processes, techniques and governance into solutions
  • Ability to prioritise and validate the threats that really matter
  • Shifting security processes as far left as possible.  Build standards that are a part of the solution – not an after thought.
  • Security roadmap and strategy development

Desirable:

  • Development of application security standards,
  • Ability to implement and conduct static and dynamic code review process
  • Ability to implement and conduct penetration testing processes (both automated and manual / exploratory)
  • Security incident and event monitoring implementation (SIEM)
  • Understanding of authentication technologies and approaches.

WHY JOIN US

We’re a network of entrepreneurial self-starters who contribute to something far bigger. There’s a diversity of expertise in our Technology group that’s unique to AstraZeneca – it allows us to dive deep into

exploring new leading-edge technology.

A place to be open and transparent – we speak up, think creatively and share ideas. Our diverse contributions help us to make better decisions. But we have a constant drive to innovate, and an appreciation for high standards. It takes challenging the status quo to add value in our ever-evolving environment. We love it here because put simply, we make a meaningful impact. Technology at AstraZeneca is a home for purposeful disruptors!

ABOUT ASTRAZENECA

AstraZeneca is a global, innovation-driven BioPharmaceutical business that focuses on the discovery, development and commercialisation of prescription medicines for some of the world’s most serious disease. But we’re more than one of the world’s leading pharmaceutical companies.

At AstraZeneca we’re dedicated to being a Great Place to Work. Where you are empowered to push the boundaries of science and unleash your entrepreneurial spirit. There’s no better place to make a difference to medicine, patients and society. An inclusive culture that champions diversity and collaboration. Always committed to lifelong learning, growth and development.

SO, WHAT NEXT?

If you’re interested in applying, we encourage you to apply using your completed Workday profile where possible.

Open Date: 25/11/2021
Close Date: 16 / 12 / 2021



AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorisation and employment eligibility verification requirements.

Glassdoor logo Rated four stars on Glassdoor

Отличная корпоративная культура, отличные рабочие условия, поддерживающий менеджмент. Возможность ротации внутри компании. Они ценят инклюзивность и разнообразие.