Lead Consultant – Cyber SOC Operations

Job Title: Lead Consultant - Cyber SOC Operations

Career Level: E

Introduction to role:

Are you ready to lead a high-performing SOC that safeguards the science behind life-changing medicines Can you turn complex signals into decisive actions that protect our global operations and keep colleagues productive

In this role you will set the pace for enterprise-scale threat detection and response guiding a team that hunts investigates and contains advanced attacks while continuously tuning automation to drive faster more reliable outcomes. Your decisions will ripple across the business: reducing dwell time minimizing disruption to critical research and strengthening trust with patients and partners.

Accountabilities:

• Threat Detection and Investigation: Lead investigations using logs endpoint telemetry and network traffic to rapidly distinguish signal from noise and surface high-impact threats.

• Rapid Containment and Eradication: Orchestrate decisive containment actionsaccount isolation endpoint quarantine IP blockingto stop attacker progression and protect business-critical workloads.

• Severity-Based Critical issue: Apply structured triage to intensify incidents by severity impact and SLAs ensuring the right experts engage at the right time.

• IOC and Attack Pattern Analysis: Analyze indicators of compromise and adversary behaviors to anticipate next moves and harden controls against repeat attacks.

• Root Cause and Timeline Reconstruction: Drive root cause analysis and detailed timelines that reveal attack paths control gaps and remediation priorities.

• Cross-Tool Correlation: Correlate events across SIEM EDR NDR and other sources to build a unified picture that accelerates decision-making.

• Automated Response via SOAR: Implement response using SOAR playbooks to scale consistent actions and cut time-to-containment.

• Playbook Optimization: Continuously tune playbooks and automation to reduce manual toil improve precision and increase coverage of repeatable scenarios.

• Clear Incident Documentation: Document incidents with evidence actions taken and outcomes to strengthen learning loops and audit readiness.

• Operational Field and Knowledge Management: Maintain runbooks SOPs and response documentation so the team can operate at pace with confidence and clarity.

Essential Skills/Experience:

• Investigate security incidents using logs endpoint telemetry and network traffic

• Contain incidents (account isolation endpoint quarantine IP blocking etc.)

• Call out incidents based on severity impact and SLAs

• Analyze indicators of compromise (IOCs) and attack patterns

• Perform root cause analysis (RCA) and timeline reconstruction

• Correlate events across multiple tools and data sources

• Implement response actions using SOAR playbooks

• Assist in playbook tuning and automation improvement

• Document incidents clearly with evidence and actions taken

• Maintain runbooks SOPs and incident response documentation

Desirable Skills/Experience:

• Leadership experience guiding SOC analysts setting incident priorities and improving team performance

• Hands-on expertise with major SIEM/SOAR and EDR platforms (e.g. Splunk Sentinel QRadar Cortex XSOAR CrowdStrike Microsoft Defender)

• Proficiency in automation and scripting (e.g. Python PowerShell) to extend playbooks and streamline workflows

• Cloud incident response experience across AWS Azure or GCP including identity controls and network segmentation

• Threat hunting purple teaming and application of frameworks such as MITRE ATT&CK and NIST SP 800-61

• Relevant certifications (e.g. CISSP GCIH GCIA GCFA CCSP AWS Security Specialty)

• Good communication under pressure translating technical risk into clear business impact and action

• Experience operating in a global enterprise environment with follow-the-sun coverage and on-call leadership

When we put unexpected teams in the same room we unleash bold thinking with the power to inspire life-changing -person working gives us the platform we need to connect work at pace and challenge perceptions. Thats why we work on average a minimum of three days per week from the office. But that doesnt mean were not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

Why AstraZeneca:

Here your craft in cyber defense directly protects the digital backbone that fuels the discovery and delivery of new medicines. Youll collaborate with diverse experts across science and technology experiment with modern tooling and data-driven approaches and see tangible impact from your decisions at global scale. Backed by meaningful investment and a culture that values kindness alongside ambition we bring unconventional teams together to spark bold ideas then move at pace to make them realso you can grow shape the future of security and help safeguard outcomes that matter to patients.

Call to Action:

Step forward to lead a SOC built for speed and impact and create the resilient defenses that keep breakthrough science moving!

Date Posted

Closing Date

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds with as wide a range of perspectives as possible and harnessing industry-leading skills. We believe that the more inclusive we are the better our work will be. We welcome and consider applications to join our team from all qualified candidates regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment) as well as work authorization and employment eligibility verification requirements.