Cybersecurity Senior Engineer

**About AstraZeneca**:At AstraZeneca, we are a global, science-led, patient-focused biopharmaceutical company dedicated to discovering, developing, and commercializing prescription medicines for some of the world's most serious diseases.But we are more than one of the world's leading pharmaceutical companies—we are a place where innovation thrives and bold thinking is embraced to drive transformative medicines.**About Our Team**:Our environment is dynamic and encourages collaboration among diverse teams.We believe that when unexpected teams come together, we unleash bold thinking with the power to inspire life-changing medicines.You'll have countless opportunities to learn and grow, whether it's exploring new technologies or redefining the way we work.Shape your own path, with support every step of the way.**About the Role**:We are dedicated to building secure, resilient, and trustworthy products for our customers.Our cybersecurity team is crucial to this mission, ensuring our systems and solutions are designed with security at their core.We are seeking a **Trust by Design Cybersecurity Senior Engineer** to join our team and drive the integration of trust and security into every stage of our product development lifecycle.**Key Responsibilities**:- ** System Development Lifecycle (SDLC) Integration**: Integrate security into each phase of the SDLC, ensuring it's a primary consideration from design to deployment.- ** Threat Modeling & Risk Analysis**: Identify and assess potential security risks and vulnerabilities within system architecture and product design.Lead threat modeling exercises to proactively detect risks early in the development lifecycle.- ** Security Architecture & Design Patterns**: Develop and enforce security-focused architecture and design patterns to improve system resilience across products and services.Build reusable, scalable security controls adaptable to various development teams.- ** OWASP Recommended Patterns**:Integrate OWASP's advised secure coding patterns, embedding security standard methodologies into the software development process aligned with industry standards.- ** Security Automation & Resilience**: Collaborate with engineering teams to implement automated security testing and monitoring solutions that promote early detection of threats and enhance system resilience.- ** Collaboration**:Collaborate with engineering, DevOps, and other teams to encourage and implement standard methodologies for security, promoting a culture of prioritizing security.Provide guidance on secure coding practices, vulnerability management, and compliance requirements.- ** Incident Response & Remediation**: Assist in security incident investigations and contribute to developing remediation strategies to prevent future incidents.- ** Continuous Improvement**: Stay up-to-date with industry trends and emerging security technologies.Share knowledge and contribute to continuous improvements in security processes, tools, and frameworks.**Essential Qualifications**:- Bachelor's degree in Computer Science, Cybersecurity, Engineering, or related field (or equivalent experience).- Proven experience in the system development lifecycle (SDLC), software/product development, or software security.- Deep understanding of security principles, threat modeling, and risk management.- Expertise in security frameworks, security tooling, and secure coding practices.- Strong experience in building and maintaining security architectures and reusable security design patterns.- Hands-on experience with tools and technologies for vulnerability scanning, penetration testing, and security automation.- Excellent problem-solving skills with the ability to think critically about security threats and mitigation strategies.- Strong communication skills, effectively engaging with both technical and non-technical collaborators.**Desirable Qualifications**:- Deep understanding of attack patterns, TTPs, and experience developing compensating and mitigating controls to enhance trust and resilience.- Extensive hands-on experience with OWASP recommended security patterns and standard methodologies.- Experience with cloud environments (AWS, Azure, GCP) and containerization technologies (Docker, Kubernetes).- Certifications such as CISSP, CISM, CEH, or similar.- Familiarity with regulatory frameworks (GDPR, HIPAA, PCI DSS) and industry standard methodologies.- Experience working in Agile or DevOps environments.**Why Join Us?**:At AstraZeneca, you'll be part of a team committed to making products that customers trust.You'll have the opportunity to work on innovative and impactful security challenges and play a key role in shaping the security culture of our organization.We offer competitive compensation, benefits, and a collaborative work environment where your expertise will make a direct impact.When we bring unexpected teams together, we unleash bold thinking that can inspire life-ch