Lead Consultant-Threat Detection Engineer

Introduction to role

The Enterprise Technology Services (ETS) team is responsible for all Security, IT Operations, Infrastructure, and End User Services and Technologies. This group ensures that our IT Services are seamless and secure, delivering technology in an efficient, effective, and agile manner with a strong focus on experience. It’s a dynamic and challenging environment to work in – but that’s why we like it. There are countless opportunities to learn and grow, whether that’s exploring new technologies in hackathons or transforming the roles and work of colleagues forever. This is your chance to be part of a team that has the backing to innovate, redefine an industry, and change lives.

In today's digital world, the role of threat detection is essential for maintaining the security and integrity of an organization's information systems. As a threat detection engineer, you will be at the forefront of identifying, analyzing, and mitigating potential security threats that could compromise sensitive data or change business operations. This role requires a keen eye for detail, a thorough understanding of cybersecurity principles, and the ability to stay ahead of evolving threats. By employing advanced tools and techniques, you will play a pivotal role in safeguarding the organization's assets and ensuring a secure digital environment.

• Design and implement threat detection mechanisms across cloud, on-premises, and third-party collaboration platforms to identify suspicious activities and potential threats.
• Develop, test, and deploy high fidelity signature and anomaly-based detections.
• Partner with engineering teams to build and maintain pipelines for collecting and processing relevant security telemetry.
• Research emerging threat vectors and align detection and response capabilities with the evolving threat landscape.
• Continuously refine detection rules and address systemic issues by collaborating with engineering teams.
• Automate detection and response workflows, including playbooks and processes.
• Facilitate log data onboarding into the SIEM.
• Correlate and analyze data from diverse sources to uncover threats.
• Enhance detection workflows with automation and enriched alerts.
• Use expertise across multiple security domains, with a focus on two or more areas such as detection engineering, digital forensics, incident response, threat hunting, threat intelligence, or malware analysis.
• Prepare reports and metrics related to threat detection efficacy and coverage.

• 3+ years in Security Incident Response and Detection Engineering.
• Degree in Computer Science, Information Security, Cybersecurity, or equivalent experience.
• Eager to learn new technologies and methodologies to counter evolving threats.
• Strong English communication and interpersonal skills to collaborate with multi-functional teams and explain technical concepts to non-technical individuals.
• Experience creating detection rules using SPL, KQL, or Tanium signals, including tuning and correlation.
• Strong knowledge of MITRE ATT&CK and adversary tactics, techniques, and procedures.
• Hands-on experience with EDR tools such as Microsoft Defender for Endpoint, Tanium, and Trend Micro.
• Ability to assess diverse data sources to develop relevant and impactful detections.
• Strong understanding of false positive vs. true positive alerts.
• In-depth knowledge of anti-malware, EDR, firewalls, proxies, IDS/IPS, Windows/Linux OS, Active Directory, and cloud environments.

• Experience with SIEM and SOAR platforms (e.g., Splunk).
• Proficiency in programming and scripting languages, including expertise in using Regular Expressions (REGEX).
• Previous experience working with the Cyber Threat Intelligence (CTI) team to develop threat detections through collaboration.

AstraZeneca offers an environment where your work has a direct impact on patients by transforming our ability to develop life-changing medicines. We empower the business to perform at its peak by combining cutting-edge science with leading digital technology platforms. With a passion for data, analytics, AI, machine learning, and more, we drive cross-company change to redefine the entire industry. Here you can innovate, take ownership, explore new solutions, and tackle challenges in a modern technology environment.

Join us at this crucial stage of our journey in becoming a digital and data-led enterprise. Apply now!

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

At AstraZeneca, our work has a direct impact on patients by transforming our ability to develop life-changing medicines. We empower the business to perform at its peak by combining cutting-edge science with leading digital technology platforms and data. Join us at a crucial stage of our journey in becoming a digital and data-led enterprise. Here you can innovate, take ownership, and run with it. Our dynamic environment offers countless opportunities to learn and grow while making a meaningful impact.

WHY JOIN US?

At AstraZeneca when we see an opportunity for change, we seize it and make it happen, because any opportunity no matter how small, can be the start of something big. Protecting the people, processes, and technologies required to develop and deliver life-changing medicines is about being entrepreneurial - finding those moments and recognizing their potential. Join us on our journey of building a new kind of organization to reset expectations of what cybersecurity can look like. This means we’re opening new ways to work, pioneering cutting edgemethods, and bringing unexpected teams together.

Interested? Come and join our journey.

Date Posted

Closing Date

AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.