Technical Remediation Specialist

Do you excel at turning complex security findings into scalable fixes that measurably reduce risk Are you ready to orchestrate multi-team remediation that protects critical platforms and accelerates the delivery of life-changing medicines to patients

In this role you will be the connective tissue between penetration testing outputs domain experts and governance decision-makers. You will dissect vulnerabilities to uncover true root causes translate them into practical remediation plans and drive them to closure. Your work will directly strengthen the resilience of the technology our scientists and colleagues rely on every day enabling the business to move faster without compromising safety.

You will thrive at the intersection of analysis execution and communicationworking across networks cloud applications infrastructure and SaaS to land security-by-default outcomes. This is a hands-on outcomes-focused role where progress is visible in dashboards reduced risk curves and fewer repeat findings.

Accountabilities:

• Findings Analysis and Root Cause: Review penetration test and assessment findings break down vulnerabilities to underlying control and process gaps and identify the most effective remediation steps for each issue
• Cross-Domain SME Collaboration: Partner with experts across network development infrastructure applications cloud SaaS and security to co-design and implement remediation solutions that land and scale.
• Remediation Solutioning and Deployment: Translate analysis into practical changes across configurations code and controls; align with organizational security requirements and best practices; drive remediation to closure.
• Governance Alignment and Exceptions: Map remediation plans to enterprise frameworks and guardrails; prepare decision records and exception rationales; support review boards to achieve secure-by-default outcomes
• Risk-Based Decisions and Communication: Recommend pragmatic remediations that balance security usability performance and effort; quantify risk reduction and residual risk; tailor strategies and status updates for technical and non-technical audiences including senior leaders.
• Reporting and Transparency: Produce dashboards and executive summaries showing progress blockers and shifts in risk posture; drive cross-functional visibility and timely decision-making.
• Scale and Continuous Improvement: Convert recurring patterns into standards playbooks and runbooks to accelerate future remediation and reduce repeat findings.

Essential Skills/Experience:

• Security gap analysis and remediation solutioning: Demonstrated technical depth to interpret complex findings identify root causes across controls and processes and translate them into welldesigned remediation solution i.e. defining priority actions guardrails and success criteria while prioritizing mitigations using qualitative and quantitative risk analysis.
• Identity network endpoint and infrastructure remediation: Strong command of crossdomain controls and common misconfigurations across IAM (authN/authZ federation conditional access PAM/workload identities) network/segmentation and secure remote access endpoint/server hardening and vulnerability management and core cloud/onprem infrastructureable to diagnose issues define corrective actions and drive closure at scale.
• Remediation playbook development: Experience converting findings into stepwise remediation plans standards updates and operational runbooks executable at scale.
• Crossdomain control familiarity: Working knowledge of common issues and fixes across cloud platforms Kubernetes/containers SaaS endpoints servers networks and OT/IoT to partner effectively with SMEs.
• Tooling for remediation: Familiarity with CNAPP/container security EDR/XDR SIEM/SOAR API gateways/WAF cloud posture management configuration baselining (e.g. CIS benchmarks) and enterprise SaaS administration to operationalize corrective actions.
• API and application issue mitigation: Understanding of OAuth2/OIDC mTLS token lifecycles rate limiting schema validation WAF/gateway policies and abuse detection to specify corrective steps.
• Program execution: Demonstrated orchestration of multiteam remediation efforts managing backlogs SLAs and dependencies to deliver outcomes amid competing priorities.
• Executive and technical communication: Ability to present options constraints and risks to senior leaders and SMEs; facilitate decisions and tailor messaging for executive product and engineering audiences.

Desirable Skills/Experience:

• Insight to GRC and regulatory frameworks: ISO 27001/27002 NIST CSF/800-53/800-207 SOC 2 HIPAA GDPR; control mapping shared responsibility in cloud and compliance/risk reporting.
• AI security and governance familiarity (LLMs/generative AI): data/model provenance prompt-injection defenses output validation privacy/PII safeguards usage guardrails.
• Identity Zero Trust and PAM: Enterprise strategies for identity/federation conditional access continuous verification privileged access session/credential management workload identities and segmentation
• Experience mapping attack chains (e.g. MITRE ATT&CK) and selecting controls that degrade adversary paths; ability to quantify risk reduction.
• Knowledge of legacy-to-modern migrations (hybrid identity network segmentation VDI/Citrix hardening) and deprecation strategies for insecure configurations.
• Exposure to DevSecOps and automation: Policy-as-code IaC/container scanning golden pipelines preventative guardrails drift detection and detections-as-code.
• Relevant certifications: CISSP CISM CCSP SABSA TOGAF AZ-500 AWS Security Specialty.

When we put unexpected teams in the same room we unleash bold thinking with the power to inspire life-changing -person working gives us the platform we need to connect work at pace and challenge perceptions. Thats why we work on average a minimum of three days per week from the office. But that doesnt mean were not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

Why AstraZeneca

Here technologists work shoulder-to-shoulder with scientists data experts and product leaders to unlock the potential of modern platforms AI and analytics in service of patients. You will have real ownership to experiment with cutting-edge tools simplify complex environments at scale and turn bold ideas into tangible outcomes that protect our enterprise and speed discovery. We invest in your growth with coaching learning and diverse projects valuing kindness alongside ambition so you can stretch yourself while making a visible impact across the business.

If you are ready to transform analysis into action and reduce risk at scale submit your application today to help safeguard our platforms and accelerate the delivery of life-changing medicines.

Date Posted

Closing Date