Senior Security Platform Engineer

Introduction to Role

Are you ready to engineer and run security platforms at global scale platforms that keep critical science safe and moving Join a high-impact team protecting the infrastructure that enables researchers engineers and clinicians to deliver life-changing medicines.

This is a hands-on high-autonomy role centred onMicrosoft SentinelandMicrosoft Defender operating across hybrid and cloud-native environments. Youll own the health performance and evolution of our SIEM and EDR platforms tuning configurations validating telemetry elevating alert quality and resolving operational issues so that signals are trustworthy and action is fast. Youll also support NAS Protect and related protection capabilities across endpoint network identity storage and cloud.

Were looking for someone who brings critical thinking automation instincts and a genuineAI-first mindset someone who sees repetitive toil and immediately thinkshow do I make a machine do this better than I canIf youve lived through a SIEM migration (particularly Splunk to Sentinel) you already know the kind of complexity and reward this role delivers.

This role is based inGuadalajara Mexicowith a hybrid model requiring aminimum of three days on-site per week.

Accountabilities

• Security tooling operations:Independently run enterprise security tools including SIEM (Microsoft Sentinel) EDR (Microsoft Defender) NAS Protect and related platforms to keep them stable secure and operationally effective.

• Platform administration and support:Maintain platform health through configuration agent and connector support telemetry onboarding troubleshooting tuning upgrades and performance optimization.

• Platform migration and modernization:Support or lead the transition integration and optimization of security platforms across vendor ecosystems including SIEM migrations EDR transformations and telemetry pipeline modernization ensuring continuity of detection and protection capabilities throughout.

• Monitoring and analytics enablement:Enable high-quality monitoring and analytics with effective data ingestion parsing normalization alerting logic dashboards telemetry validation and detection-enabling content. Apply AI-assisted triage enrichment and automation where appropriate to improve speed and reliability.

• Protection tooling support:Optimize protection coverage and policy effectiveness for EDR NAS Protect and other technologies; ensure agent health event quality and integration with broader security and IT services.

• Continuous improvement and automation:Lead or contribute to improvements in tool configuration service quality procedures automation documentation standards and support models actively leveraging AI and machine learning to reduce toil increase resilience and accelerate outcomes.

• Service management processes:Operate and improve incident problem change and release processes for security tooling to meet service expectations and business needs.

• Governance and compliance:Operate tools in line with policy access control retention and security data handling requirements ensuring audit readiness in a regulated enterprise environment.

• Risk and issue management:Identify and escalate operational risks control gaps integration weaknesses and performance concerns; contribute to assessment remediation and prioritization.

• Project and initiative delivery:Contribute to and when assigned lead small-to-medium tooling initiatives such as onboarding upgrades migrations telemetry expansion integration enhancements and modernization.

• Stakeholder collaboration:Partner with SOC Incident Response Threat Intelligence Infrastructure Cloud Network Identity Storage and GRC teams plus vendors to shape practical solutions that meet operational and business needs.

• Technical guidance and mentoring:Advise stakeholders on capabilities and constraints; mentor colleagues on platforms processes and controls.

Essential Skills/Experience

• Experience:Typically 5 years in cyber security technologies and processes with strong hands-on experience in security tooling engineering administration or operations in large enterprise environments.

• Microsoft Security platform expertise:Hands-on experience engineering administering or operatingMicrosoft Sentinel(or equivalent enterprise SIEM) andMicrosoft Defender(or equivalent enterprise EDR). Experience with KQL analytic rules workbooks data connectors and Defender policy management is expected.

• Tooling breadth:Practical experience operating and supporting additional security platforms which may include NAS Protect security analytics platforms endpoint security tooling storage protection tools logging pipelines cloud security tools identity-related security tooling network security technologies or related cyber security platforms.

• Operational capability:Experience in platform configuration troubleshooting telemetry onboarding connector or agent management policy tuning integration support upgrade coordination and performance optimization.

• Automation and scripting:Experience using scripting or automation (PowerShell Python KQL Logic Apps or similar) to improve operational efficiency service quality and platform supportability.

• AI and automation mindset:Demonstrated interest or experience in applying AI copilots or machine learning to security operations whether thats automated triage playbook generation enrichment workflows detection tuning or operational efficiency. You dont need to be a data scientist; you need to be someone who actively looks for ways to automate toil and isnt waiting for permission to experiment.

• Cyber security analysis:Practical understanding of security risk identification telemetry analysis log review operational issue investigation and platform-related response support.

• Governance and compliance awareness:Experience supporting tools in regulated and compliance-aware environments including security data governance access controls retention auditability policies standards and procedures.

• Cross-functional collaboration:Demonstrated ability to work effectively with technical teams business stakeholders suppliers and service partners across a complex and matrixed environment.

• Execution and prioritization:Proven ability to manage competing priorities define realistic plans solve problems effectively and deliver secure stable and supportable outcomes.

• Communication and influence:Strong communication active listening and collaboration skills with the ability to influence peers and stakeholders to achieve common goals.

• Adaptability:Ability to learn new tools quickly adapt to evolving hybrid cloud-native and vendor-based security ecosystems and flex across products as the tooling landscape evolves. Comfort working across multiple vendor platforms without rigid allegiance to any single stack.

• Education:Bachelors degree in information security computer science engineering or a related field or equivalent practical experience.

Desirable Skills/Experience

• SIEM migration experience particularly Splunk to Microsoft Sentinel or equivalent large-scale platform transformation telemetry modernization or EDR migration experience.

• Experience working in a global regulated organization with geographically dispersed and multicultural teams.

• Knowledge of recognized security and compliance frameworks such as NIST CSF ISO 27001 CIS Controls and regulated control environments such as SOX GxP or equivalent.

• Experience supporting vendor-managed tooling managed detection services audit activities control reviews service reviews or compliance assessments.

• Experience contributing to cost-effective sustainable and supportable technology operations including awareness of license usage support overhead operational efficiency and service value.

• Relevant security certifications applicable to the tooling or platform domain (e.g. SC-200 SC-100 AZ-500 or equivalent).

• Hands-on experience applying AI and machine learning concepts in cyber security operational use cases (e.g. Microsoft Security Copilot custom automation with LLMs ML-based anomaly detection).

Why AstraZeneca

Here innovation meets large-scale impact. Youll join a diverse group of inclusive self-starters who build from scratch as a collective sharing ideas challenging assumptions and taking accountability to make them real. We connect across the business and with external partners applying advanced techniques and modern tooling to protect the data and platforms that speed therapies to patients.

Youll work in a team thats actively transforming its tooling landscape migrating platforms embedding AI into daily operations and challenging the status quo of how security engineering gets done. Youll work alongside deep specialists leverage cutting-edge approaches in automation and machine learning and grow fast through complex varied work ambitious in our goals and kind in how we get there.

Ready to own the platforms that protect the science Apply now and bring your curiosity your automation instincts and your best migration war stories.

Date Posted

Closing Date

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds with as wide a range of perspectives as possible and harnessing industry-leading skills. We believe that the more inclusive we are the better our work will be. We welcome and consider applications to join our team from all qualified candidates regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment) as well as work authorization and employment eligibility verification requirements.