Cybersecurity Senior Engineer

About AstraZeneca

At AstraZeneca, we are a global, science-led, patient-focused biopharmaceutical company dedicated to discovering, developing, and commercializing prescription medicines for some of the world's most serious diseases. But we are more than one of the world's leading pharmaceutical companies—we are a place where innovation thrives and bold thinking is embraced to drive transformative medicines.

About Our Team

Our environment is dynamic and encourages collaboration among diverse teams. We believe that when unexpected teams come together, we unleash bold thinking with the power to inspire life-changing medicines. You'll have countless opportunities to learn and grow, whether it's exploring new technologies or redefining the way we work. Shape your own path, with support every step of the way.

About the Role

We are dedicated to building secure, resilient, and trustworthy products for our customers. Our cybersecurity team is crucial to this mission, ensuring our systems and solutions are designed with security at their core. We are seeking aTrust by Design Cybersecurity Senior Engineerto join our team and drive the integration of trust and security into every stage of our product development lifecycle.

As a Trust by Design Cybersecurity Senior Engineer, you will apply your expertise in system development, software security, and enterprise architecture to build and maintain security frameworks that enhance the trustworthiness of our products and services. Work with teams from various functions to integrate security into every stage of the development process, ensuring consistent implementation of standard security architecture and threat modeling.

Key Responsibilities

• System Development Lifecycle (SDLC) Integration: Integrate security into each phase of the SDLC, ensuring it's a primary consideration from design to deployment.
• Threat Modeling & Risk Analysis: Identify and assess potential security risks and vulnerabilities within system architecture and product design. Lead threat modeling exercises to proactively detect risks early in the development lifecycle.
• Security Architecture & Design Patterns: Develop and enforce security-focused architecture and design patterns to improve system resilience across products and services. Build reusable, scalable security controls adaptable to various development teams.
• Attack Patterns & Tactics, Techniques, and Procedures (TTPs): Apply a deep understanding of attack patterns to identify security gaps and build controls that bolster trust and resilience across enterprise systems.
• OWASP Recommended Patterns: Integrate OWASP’s advised secure coding patterns, embedding security standard methodologies into the software development process aligned with industry standards.
• Security Automation & Resilience: Collaborate with engineering teams to implement automated security testing and monitoring solutions that promote early detection of threats and enhance system resilience.
• Collaboration: Collaborate with engineering, DevOps, and other teams to encourage and implement standard methodologies for security, promoting a culture of prioritizing security. Provide guidance on secure coding practices, vulnerability management, and compliance requirements.
• Incident Response & Remediation: Assist in security incident investigations and contribute to developing remediation strategies to prevent future incidents.
• Continuous Improvement: Stay up-to-date with industry trends and emerging security technologies. Share knowledge and contribute to continuous improvements in security processes, tools, and frameworks.

Essential Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, Engineering, or related field (or equivalent experience).
• Proven experience in the system development lifecycle (SDLC), software/product development, or software security.
• Deep understanding of security principles, threat modeling, and risk management.
• Expertise in security frameworks, security tooling, and secure coding practices.
• Strong experience in building and maintaining security architectures and reusable security design patterns.
• Hands-on experience with tools and technologies for vulnerability scanning, penetration testing, and security automation.
• Excellent problem-solving skills with the ability to think critically about security threats and mitigation strategies.
• Strong communication skills, effectively engaging with both technical and non-technical collaborators.

Desirable Qualifications

• Deep understanding of attack patterns, TTPs, and experience developing compensating and mitigating controls to enhance trust and resilience.
• Extensive hands-on experience with OWASP recommended security patterns and standard methodologies.
• Experience with cloud environments (AWS, Azure, GCP) and containerization technologies (Docker, Kubernetes).
• Certifications such as CISSP, CISM, CEH, or similar.
• Familiarity with regulatory frameworks (GDPR, HIPAA, PCI DSS) and industry standard methodologies.
• Experience working in Agile or DevOps environments.

Why Join Us?

At AstraZeneca, you'll be part of a team committed to making products that customers trust. You'll have the opportunity to work on innovative and impactful security challenges and play a key role in shaping the security culture of our organization. We offer competitive compensation, benefits, and a collaborative work environment where your expertise will make a direct impact.

When we bring unexpected teams together, we unleash bold thinking that can inspire life-changing medicines.In-person working provides the platform we need to connect, work at pace, and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office.However, we also value flexibility and balance the expectation of being in the office with individual needs. Join us in our unique and ambitious world.

Ready to Make an Impact?

Apply now and join us in pushing the boundaries of science to deliver life-changing medicines.

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorisation and employment eligibility verification requirements.