Cyber Operations Senior Detection Engineer

Leverage technology toimpactpatients andultimately savelives

Do you haveexpertisein and passionforinformation technology Would you like to apply yourexpertisetoimpactthe IT strategy in a company that followsthe scienceand turns ideas into life changing medicines If so AstraZeneca might be the one for you!

ABOUT ASTRAZENECA

AstraZeneca is a global science-led patient-focused biopharmaceutical company that focuses on the discoverydevelopmentandcommercializationof prescription medicines for some of the worlds most seriousdisease. Butweremore than one of the worlds leading pharmaceutical companies. At AstraZenecawerededicated to being a Great Place to Work.

ABOUT ROLE

The Senior Detection Engineer is a technical specialist within the Global Security Operations Centre (GSOC) based in Gaithersburg Maryland working with the Director Cyber Security Detection Engineering. The role is characterised by leadership of detection content development initiatives that protect enterprise assets across cloud on-premises and OT/ICS environments. Responsibility is held for the design implementation and optimisation of detection logic through which threats areidentified investigated and mitigated with precision and efficiency.

WHAT YOULL DO

• Detection engineering initiatives: oversee detection engineering effortsacross multiple projects spanning threat coverage detection logic development and efficacy validation; technical guidance is provided to ensure that detection capabilities address the most significant threats across all technology domains.

• Advanced detection frameworks and methodologies:implementdetection engineering frameworksto enhance the organisations defensive posture through improved threat coverage reduced false positives and accelerated threat identification; industry guidelines for detection engineering are adopted and tailored to organizational requirements.

• Enterprise-wide detection content library development andmanagement: design andoptimizedetectionlibrariesto ensure comprehensive coverage of adversary tactics techniques and procedures as defined by frameworks such as MITRE ATT&CK; detection logic is developed that balances sensitivity with operational efficiency.

• Detection development oversight: provide technical guidance of detection development operationsincluding coordination with external suppliers and platform vendors for comprehensive threat coverage; detection performance ismonitoredand issues are called out and resolved in collaboration with relevant collaborators.

• Proactive detectiondevelopment andcoverage management:proactively expand detection coveragethrough periodic assessments of threat landscape evolution detection gaps and emerging attack techniques; critical coverage deficiencies areidentifiedand resolution is driven through systematic detection development.

• Stakeholder management:maintainengagement with security leadershipto communicate emerging detection requirements driven by threat intelligence and incident findings; strategic action plans are proposed for addressing coverage gaps and enhancing detection capabilities.

• External partner relationshipmanagement:maintainanddeveloprelationshipswith external partners threat intelligence providers and industry peers toidentifyinnovative detection approaches and emerging techniques applicable to enterprise defence.

As a Specialist:

• Technical guidance andexpertise: support the definition of detection standards development methodologies and quality frameworks within the detection engineering domain; critical detection failures are addressed through deep technical knowledge and systematic analysis.

• Continuous improvement:find opportunities to improve andenhance the performance of detection logic reduce false positives and improve threat identification accuracy; opportunities for detection automation and orchestration are pursuedproactively.

• Implement innovative detection engineering solutions:identifyand manage new detection engineering solutions including adoption of newdetection techniques behavioural analytics and machine learning approaches; training and organizational change activities are led to ensure successful adoption.

• Technical guidance and mentorship:provideongoing technical guidance and mentoringto detection engineering team members and security analystsregardingdetection logic development threat hunting techniques and effective use of detection platforms.

• Maintain training and awareness materials: develop andmaintaintraining and awareness materialsregardingdetection engineering practices threat actor TTPs and effective investigation methodologies; knowledge is shared to enable security operations teams toleveragedetection capabilities effectively.

Knowledge Experience and Understanding of:

• Detection Engineering Fundamentals: Deepexpertisein detection logic design threat modelling and coverage mapping; extensive experience with detection development across diverse platforms and environments applied to enterprise-scale operations.

• Threat detection frameworks: Comprehensive familiarity with MITRE ATT&CK Cyber Kill Chain and detection engineering methodologies; understanding of how adversary techniques manifest across different technology domains and how detection logic must be adapted accordingly.

• Detection platforms and tooling: Substantial hands-on experience with enterprise detection platforms including SIEM EDR NDR and cloud-native security services; advancedproficiencyin platform-specific query languages rule formats and detection logic development.

• Working knowledge of how threat intelligence is consumed and turned into actionable detection logic. Understanding of indicator types threat actor TTPs and prioritization of detection based on intelligence.

• Scripting and automation: Advancedproficiencyin scripting languages such as Python PowerShell or similar for detection logic development and automation tasks; experience with detection-as-code practices and version control for detection content.

• Detection formats and standards: Extensive experience with standardised detection formats including Sigma rules YARA signatures and platform-specific query languages; ability to develop detection logic that is portable and maintainable across platforms.

• Performance optimization: Deep understanding of detection tuning false positive reduction and query optimisation techniques; proven ability to balance detection sensitivity with operational efficiency.

• OT/ICS detection considerations: Familiarity with operational technology environments and the unique constraints affecting detection in industrial settings; awareness of safety implications and availability requirements that influence detection approaches.

• Purple team collaboration: Experience working with offensive security teams tovalidatedetection efficacy andidentifycoverage gaps; understanding of how adversary emulation informs detection improvement.

Minimum Skills & Experience Required

• Education: Bachelors degree in information security computer science or related field (or equivalent experience).

• Technicalexpertise:At leastfive (5)years ofexperience in detection engineering preferably within security operations centres or detection engineering teams;demonstratedsuccess in leading detection initiatives and implementing innovative approaches at enterprise scale.

• Detection platformexpertise: Deep hands-on experience with at least one major detection platform including advanced detection logic development tuning and validation; recognised internally as an expert in detection capabilities and standards.

• Threat landscape knowledge: Working experience with threat intelligence adversary TTPs and attack techniques across cloud on-premises and OT environments; familiarity with how threats evolve and how detection strategies must adapt.

• Global collaboration: Experience working in a global organisation with geographically dispersed teams and partners including matrix working environments; ability to coordinate across time zones and cultural contexts.

• Collaborator engagement:At leastfive (5)years ofexperience collaborating with security operations teams incident responders and threat intelligence analysts toidentify document and address detection requirements; proven ability to manage relationships and communications with third-party suppliers and vendors.

• Project delivery: Experience delivering and managing large-scale detection engineering projects including planning execution and organizational change; ability to navigate dependencies across multiple teams and technical domains.

• Problem-solving and innovation: Recognised internally as an expert problem solver for complex detection challenges;track recordof designing shaping and implementing innovative detection solutions that address emerging threats.

• Ability to adapt communication style and interact confidently to influence diverse audiences based on their outstanding perspectives. Skilled in facilitating collaboration through open dialogue and information exchange.

• Mentoring and guidance: Proactive engagement with teams for coaching and mentoring from both technical and behavioural standpoints; commitment to enabling skill-building and fostering a healthy ecosystem of knowledge sharing across detection engineering and security operations teams.

When we put unexpected teams in the same room we unleash bold thinking with the power to encourage life-changing -person working gives us the platform we need to connect work at pace and challenge perceptions. Thats why we work on average a minimum of three days per week from the office. But that doesnt mean were not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

The annual base pay for this position ranges from $136044.00 - $204066.00 USD Annual. Hourly and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime hours. Base pay offered may vary depending on multiple individualized factors including market location job-related knowledge skills and addition our positions offer a short-term incentive bonus opportunity; eligibility to participate in our equity-based long-term incentive program (salaried roles) to receive a retirement contribution (hourly roles) and commission payment eligibility (sales roles). Benefits offered included a qualified retirement program 401(k) plan; paid vacation and holidays; paid leaves; and health benefits including medical prescription drug dental and vision coverage in accordance with the terms and conditions of the applicable plans. Additional details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired employee will be in an at-will position and the Company reserves the right to modify base pay (as well as any other discretionary payment or compensation program) at any time including for reasons related to individual performance Company or individual department/team performance and market factors.

Are you ready to bring new insights and fresh thinking to the tableFantastic! We have one seat available and we hope its yours. Apply today.

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds with as wide a range of perspectives as possible and harnessing industry-leading skills. We believe that the more inclusive we are the better our work will be. We welcome and consider applications to join our team from all qualified candidates regardless of their characteristics. We follow all applicable laws and regulations on non-discrimination in employment (and recruitment) as well as work authorization and employment eligibility verification requirements.

WHYJOINUS

Werea network of high-reaching self-starters who contribute to something far bigger. We enable AstraZeneca to perform at its peak by delivering premier technology and data solutions.