Job Title: Senior Specialist
Location TRIL GTC
Job Description / Capsule
The IT Security Organization is responsible for establishing and maintaining corporate wide information Security to ensure that AstraZeneca’s information assets are adequately protected in relation to confidentiality, integrity and availability
The Security of information and systems presents one of the biggest risks and opportunities for all large organizations today. Internal and external charges are becoming more complex whilst the balance of enabling business objectives in an efficient manner must be met
The role will work in a team to undertake IT Security Engineering activities across the global estate.
Communicate clearly and efficiently with AstraZeneca’s global customers and suppliers
- Be part of various Red team activity within the company
- To coordinate and execute penetration test, mainly on internal applications/systems
- To coordinate and execute penetration test, with 3rd party on internal/external applications/systems
- Review current implemented Security controls; to assure that they are living up to expectation from a Security and business point of view within IT services to match the agreed needs, requirements and timescales of the business
- Validate baseline security configurations for operating systems, applications and network.
- Considerable knowledge of security, forensics and analysis
- Be responsible for coordinating /conducting and collecting/investigate for Compliance, Legal, HR or Security investigations
- Deliver a consistent set of Security advice that is aligned with the internal Security standards and aligned with the business risk appetite
- Identify and report IT risks (internal/external) and identifying mitigating activities and handle the risk profile
- Develop strong knowledge and expertise in the Security area
Education, Qualifications and Experience:
- Bachelor’s degree or recognized equivalent or achievement of recognized professional level
- Passion to learn latest trends
- Master’s degree
- CEH, CISSP
Skills and Capabilities
- Experience in running penetration testing of applications/systems, including reporting and presentation of findings.
- The position requires a high level of technical knowledge and experience in network architecture, design, configuration, and implementation.
- Candidate should have a deep understanding of various security technologies and controls
- Utilizing creative problem-solving abilities and a consistent consultancy mindset while working on, as well researching problems and/or issues and developing and/or offering effective solutions for, clients' initiatives and needs related to
- Experienced with IP networking and demonstrable ability to perform IT forensics.
- Working experience delivering forensic technology, eDiscovery services, and establishing relationships with clients.
- Solid skills in Linux and Windows
- Demonstrated hands-on experience analyzing logs, network data, and other charge artifacts in support of incident investigations.
- Experience with malware analysis concepts and methods
- Ability to respond to and interpret security incidents, and to provide root cause analysis.
- Demonstrable ability to perform system and log level forensics, while preserving evidence.
- Excellent problem solving and troubleshooting skills.
- A “self-starter” capable of autonomous working, direction and goal setting.
- Written and verbal communication skills along with the demonstrable ability to communicate complex, technical information to both technical and non-technical audiences
- Be valued and respected for collaboration, integrity and enablement.
- Strong networking skills with experience of business enabling risk management
- Experience of developing and leading innovative solutions and “thinking outside of the box”.
- Ability to analyze complex situations, assessing risks and balancing strategic and tactical Security requirements with business pragmatism, risk appetite and innovation.
- To be able to work both independently and with others, documenting and sharing solutions
- Technical Competence – Requirement to have a relevant technical degree, competence or equivalent (CISSP, CISM, CCSP)and also competence to lead various Security initiatives
- 7 years+ experience working in Security, in a complex, multinational, corporate environment
- Experience of working in other IT disciplines and across a range of industries and sectors
- Good knowledge of Security standards such as ISO27001.
- In addition, candidates will be expected to demonstrate:
- Strong oral and written communication skills in English, particularly in communicating overviews of complex technical topics to business customers
- Solid Team Player
Key Relationships to reach solutions
Internal (to AZ or team)
- CSDO Team
- Release Management
- SOC Tools team
- Infrasrtucture Team
- Application Support
External (to AZ)
- Third party suppliers
- External networks
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorisation and employment eligibility verification requirements.