Cyber Security Manager Penetration Testing

**Cyber Security Manager Penetration Testing****Chennai, (India) Guadalajara (Mexico)****BS. V6****ABOUT THE ENTERPRISE TECHNOLOGY SERVICES TEAM**The Enterprise Technology Services (ETS) team is accountable for all Infrastructure, Security, IT Operations and all End User Services and technologies. This group will ensure that our IT Services are seamless and secure, and that technology is delivered in an efficient, effective, and agile way, with a strong focus on experience. It’s a dynamic and challenging environment to work in - but that’s why we like it. There are countless opportunities to learn and grow, whether that’s exploring new technologies in hackathons, or transforming the roles and work of colleagues, forever. This is your chance to be part of a team that has the backing to innovate, disrupt an industry and change lives.**JOB ROLE**The focus on Digital, AI & ML, Data & Data Science along with joint ventures and collaboration with third parties are creating new opportunities within the Cyber Security team. Cyber Security will need to be the cornerstone of our IT strategy as we move towards our future objectives. This person will be involved in the below.- Understand that security is a journey and not a destination. Cyber Security is not something that can be “fixed”, and we instead need to focus on innovation to maintain sustainable risk position against the evolving threat landscape.- Understand that we can’t just buy our way out of a Cyber Security problem. Technology may win the battle, but it won’t win the war.- Understand that Cyber Security is not just dealing with individual hackers. We are potentially working against state-sponsored attacks and multi-billion dollar organized crime syndicates.- Understand attackers, their motivations and their ways of working to be able to get ahead and keep ahead of them.**KEY RESPONSIBILITIES**- You’ll need to collaborate with Business, Solution Delivery, Engineering, and Quality and Compliance functions across a global organisation spanning US, UK, Sweden, China, Japan, Poland, Mexico, India and beyond.The core accountabilities for the role include:- Leading a team of technical specialists who partner with AstraZeneca’s Technology Delivery Teams in identifying vulnerabilities and providing remediation plans including timelines.- Drive the development and implementation of standard security review processes that result in effective methods for reducing security risks before product releases- Demonstrate experience handling the demand/supply of project and program resources and tracking resource and task allocation- Demonstrate an ability to influence all project and portfolio partners; communicate relevant security information to both executive leaders and individual contributors in an effective manner.- Bring a deep background and broad experience in Application Security, Development, Testing and Configuration that would support AstraZeneca business areas.- Demonstrate the ability to effectively collaborate with Directors, Managers and Team Members in the pursuit of measurable outcomes and results.- Lead project budgets and scope and conduct resource planning for risks that are proactively identified.- Work across the Cyber Security Architecture and Strategy teams to identify and close gaps in tooling focused on Penetration Testing- Ability to produce effective metrics which report the state of vulnerabilities identified through Penetration Testing- Establish and communicate departmental objectives, ensuring alignment with function and company strategic direction.- Utilize a broad internal and external network of professional contacts and resources to explore new approaches for solving problems and enhancing the department’s capabilities.- Familiarity with Penetration testing, tools, techniques and approaches used by threat actors looking at exploit vulnerabilities**ESSENTIAL EXPERIENCE**- Must have an understanding of OWASP, documentation and artefacts, business logic flaws. Ability to explain vulnerabilities and weaknesses and discuss effective defensive techniques- Must have large enterprise IT experience, ideally with significant Cloud and DevOps exposure- Able to influence at engineering, architecture, strategic and leadership levels- Development experience - ideally with process automation and/or configuration management- Good understanding of agile and DevOps methodologies- Security, compliance and regulatory experience in a public cloud environment- Experience and familiarity with a range of automated deployment tools- Excellent written and oral communication skills- Experience firewalls, content filtering, vulnerability management tools and platforms (Qualys, Tanium, etc.)- Experience planning, researching and developing security policies, standards and procedures- Security administration and auditing across internal and external network and systems including monitoring and syste