Director, Cyber Security Detection Engineering

Leverage technology toimpactpatients andultimately savelives

Do you haveexpertisein and passionforinformation technology Would you like to apply yourexpertisetoimpactthe IT strategy in a company that followsthescienceand turns ideas into life changing medicines If so AstraZeneca might be the one for you!

ABOUT ASTRAZENECA

AstraZeneca is a global science-led patient-focused biopharmaceutical company that focuses on the discoverydevelopmentandcommercializationof prescription medicines for some of the worlds most seriousdisease.

Butweremore than one of the worlds leading pharmaceutical companies. At AstraZeneca werededicated to being a Great Place to Work.

ABOUT ROLE:

The Director Cyber Security Detection Engineeringis a senior leader in the Cyber Operations function based in Gaithersburg Maryland working with the Head ofCyber Operations. The role encompasses command of enterprise detection capabilities across cloud on-premises and OT/ICS environments ownership of detection governance and validation and delivery of executive reporting coverage assessments and capability maturation in partnership withGSOC CTI Vulnerability Management Offensive Security IT Legal Risk and Compliance and business customers.

What Youll Do:

• Detection strategy and roadmap: Direct the development and execution of comprehensive detection engineering programmes aligned to interpersonal risk appetite and threat landscape;establishcapability roadmaps spanning data engineering detection development purple teaming and automation/AI.

• Data engineering oversight: Ensure robust data pipelines support detection activities through telemetry collection normalization and quality assurance across hybrid and OT environments; define data retention schema standards and platform configuration to enable effective threat detection.

• Detection content development: Oversee creation testing and deployment of detection logic across SIEM EDR and cloud-native tooling; enforce detection standards naming conventions and MITRE ATT&CK mapping; prioritise coverage based on threat intelligence and risk assessments.

• PurpleTeamExercising:Overseepurple team operations tovalidatedetection efficacy systematically; orchestrate adversary emulation exercises across technology domains; drive remediation of detection gapsidentifiedthrough testing and operational feedback.

• Automation and AI integration: Operationalise AI agents machine learning models and orchestration workflows to enhance detection accuracy reduce false positives and augment GSOC analyst capabilities; oversee development of automated enrichment triage and investigation playbooks.

• Metrics and reporting: Own detection engineering targets (e.g. MITRE ATT&CK coveragemean time to detect false positive rates purple team success metrics) and deliver executive-ready briefings dashboards and quarterly maturity assessments.

• Policy and governance: Develop and enforce detection engineering policies standards and quality frameworks;maintaindetection content libraries with version control and organizational change field; ensure regulatory compliance in data handling.

People Leadership:

• Strategy and planning: Develop andmaintaindetection engineering area plans aligned toCyber Operationsstrategy; set direction and goals with autonomy across data engineering detection development purple teaming and automation functions.

• Performance and tiers: Define and review reporting and team targets; alignobjectivesto detection outcomes coverage improvements and operational efficiency.

• Talent and capability: Lead inclusive recruitment; build career paths and targeted upskilling in detection development threat hunting cloud security OT/ICS detection and SOAR/AI through multi-functional regional and external partnerships.

Knowledge Experience and Understanding Of:

• Detection engineering lifecycle: Proven leadership across detection development testing deployment and tuning at enterprise scale; deep understanding of detection logic design coverage mapping and efficacy validation.

• Threat detection frameworks: Extensive knowledge of MITRE ATT&CK Cyber Kill Chain and detection engineering methodologies; experience mapping organisational coverage and prioritising development based on threat intelligence.

• Purple team operations: Experienced in designing and accomplishing adversary emulation exercises; skilled in translating purple team findings into actionable detection improvements and coverage enhancements.

• Automation and AI: Experience operationalizing modern detection platforms (SIEM XDR SOAR) including integration of artificial intelligence machine learning models and agentic features to enable detection at scale.

• Data engineering and platforms: Proficient with data pipeline architecture log aggregation normalisation and query optimisation; solid grasp of data quality requirements for effective detection.

• Cloud identity and endpoint detection: Deep understanding of detection approaches across multi-cloud environments identity systems endpoints and network infrastructure; familiar with cloud-native security services and integration patterns.

• Manufacturing Operational Technology/Industrial Control Systems: Coordinating detection engineering in industrial/OT environments with safety availability and production continuity considerations; knowledge of industrial protocols and OT-specific threats.

Minimum Skills & Experience Required

• Education: Bachelors degree in information security computer science or related field (or equivalent experience).

• Enterprise-scale detection leadership: Over 5 years managing detection engineering or security operations in enterprise-sized organisations commanding capabilities across hybrid cloud on-premises and OT environments.

• Global coordination with distributed teams: Experience integrating and working alongside global 247 geographically dispersed teams to deliver detection capabilities and support security operations missions.

• Communication and facilitation: Well-developed skills to explain complex technical concepts in clear business terms; produce concise written material (executive updates coverage reports); and lead briefings to diverse stakeholders.

• Analytical decision making: Ability to analyse complex threat landscapes assess detection gaps and balance strategic capability development with tactical operational requirements risk appetite and resource constraints.

• Customer orientation and cross-cultural working:Demonstratedability to collaborate across regions and functions (GSOC IT Legal GRC business units) with a strong service approach and commitment to enabling organisational resilience.

Preferred Skills & Experience:

• Certifications: Security certifications preferred (e.g. CISSP CISM GIAC such as GCIA/GCDA/GMON;cloud certifications; ITIL).

When we put unexpected teams in the same room we unleash bold thinking with the power to encourage life-changing -person working gives us the platform we need to connect work at pace and challenge perceptions. Thats why we work on average a minimum of three days per week from the office. But that doesnt mean were not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

The annual base pay for this position ranges from $169320.00 - $253980.00 USD Annual. Hourly and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime hours. Base pay offered may vary depending on multiple individualized factors including market location job-related knowledge skills and addition our positions offer a short-term incentive bonus opportunity; eligibility to participate in our equity-based long-term incentive program (salaried roles) to receive a retirement contribution (hourly roles) and commission payment eligibility (sales roles). Benefits offered included a qualified retirement program 401(k) plan; paid vacation and holidays; paid leaves; and health benefits including medical prescription drug dental and vision coverage in accordance with the terms and conditions of the applicable plans. Additional details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired employee will be in an at-will position and the Company reserves the right to modify base pay (as well as any other discretionary payment or compensation program) at any time including for reasons related to individual performance Company or individual department/team performance and market factors.

Are you ready to bring new insights and fresh thinking to the tableFantastic! We have one seat available and we hope its yours. Apply today.

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds with as wide a range of perspectives as possible and harnessing industry-leading skills. We believe that the more inclusive we are the better our work will be. We welcome and consider applications to join our team from all qualified candidates regardless of their characteristics. We follow all applicable laws and regulations on non-discrimination in employment (and recruitment) as well as work authorization and employment eligibility verification requirements.

WHYJOINUS

Werea network of high-reaching self-starters who contribute to something far bigger. We enable AstraZeneca to perform at its peak by delivering premier technology and data solutions.

Werenot afraid to take ownership and run with it. Empowered with unrivalled freedom. Put simplyitsbecause we make a significant impact. Everything we do matters.