Introduction to role

Cybersecurity sits at the heart of our IT strategy. As we move towards ambitious objectives, we are looking for individuals who focus on innovation to maintain a sustainable risk position against an evolving threat landscape, who recognise that adversaries may include organised crime syndicates or state-sponsored attackers, and who understand attackers' motivations and ways of working.

In this role, you will operate within AstraZeneca's global cybersecurity organisation, collaborating with and influencing multiple functions across China, India, Mexico, Sweden, the US and the UK. Ready to help defend a global enterprise where technology directly supports life-changing medicines?

Accountabilities

In this role, you will engineer cybersecurity solutions across cloud, on-premises and third-party collaboration environments, with a predominant focus on cloud and data. You will collaborate with other teams to perform, assess and evolve IT processes that intersect our cybersecurity priorities, ensuring security is embedded into how work gets done. You will map governance and compliance frameworks and their controls to technical implementation, shifting hardening processes as far left as possible in the lifecycle. You will leverage deep understanding of threats, weaknesses and vulnerabilities around cloud and data to help other areas respond promptly and effectively to contain breaches or address areas of concern. You will also contribute to continuous improvement by analysing incidents, refining standards and influencing architectural decisions that balance risk, performance and usability.

How will you use your expertise to raise the bar?

Essential Skills/Experience

• Minimum 10 years of experience
• Bachelor's Degree
• Must have broad enterprise IT experience with significant cloud and data exposure.
• Must have in-depth understanding of security and networking protocols, cryptography, and modern authentication and authorization protocols.
• Must have experience designing, deploying, and operating secure networks, systems, application and security architectures at scale.
• Must have experience configuring and managing cloud security services in an AWS, Azure and GCP at organisation at scale.
• Must have experience researching, designing, and implementing security policies, standards, and procedures, including those in cybersecurity frameworks such as MITRE ATT&CK, NIST CSF, NIST SP.800- 53, and NIST SP.800-61, as well as implementing cloud security reference architectures.
• Should have experience working in a software development and systems administration organisation, implementing DevSecOps and process automation.
• Should have the ability to conduct post-mortem on security incidents and take post-mortem data to drive uplift in policies, procedures, standards.
• Familiarity with CSPM, CNAPP, and Cloud EDR platforms
• Expertise with Microsoft Defender, Sentinel and Splunk

Desirable Skills/Experience

• Identify and articulate architectural trade-offs.
• Embed process, governance and security into workflow and technology.
• Design and implement software tools and services using modern programming languages.
• Manage and lead projects delivering prioritised initiatives at challenging deadlines.
• Exert positive influence in a matrixed organisation to drive technology evolution.
• Drive efforts to achieve process and technology improvement at scale.

The annual base pay for this position ranges from 136,044.00 - 204,066.00 USD Annual (80% - 120%). Hourly and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime hours. Base pay offered may vary depending on multiple individualised factors, including market location, job-related knowledge, skills, and experience. In addition, our positions offer a short-term incentive bonus opportunity; eligibility to participate in our equity-based long-term incentive programme (salaried roles), to receive a retirement contribution (hourly roles), and commission payment eligibility (sales roles).

Benefits offered included a qualified retirement programme [401(k) plan]; paid vacation and holidays; paid leaves; and, health benefits including medical, prescription drug, dental, and vision coverage in accordance with the terms and conditions of the applicable plans. Additional details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired, employee will be in an 'at-will position' and the Company reserves the right to modify base pay (as well as any other discretionary payment or compensation programme) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors.

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

AstraZeneca offers an environment where cybersecurity work has real-world impact on patients' lives, not just systems and data. Here, technology experts collaborate with scientists and business teams to unlock the potential of data, analytics, AI and machine learning, constantly experimenting with new approaches while keeping critical platforms secure. There is strong investment in digital capabilities, room to explore modern tools through initiatives like hackathons, and a culture that values curiosity, coaching and continuous learning so that every day brings opportunities to grow skills and shape both personal development and the future of healthcare technology.

If this role matches your skills and ambitions, apply now and help protect the digital foundations that enable life-changing medicines!

Date Posted 17-Apr-2026 Closing Date 03-May-2026

Our mission is to build an inclusive environment where equal employment opportunities are available to all applicants and employees. In furtherance of that mission, we welcome and consider applications from all qualified candidates, regardless of their protected characteristics. If you have a disability or special need that requires accommodation, please complete the corresponding section in the application form.

XML job scraping automation by YubHub

Key Responsibilities: Conduct red and purple team engagements simulating advanced threat actors across our cloud infrastructure, endpoints, and bare metal deployments. Penetration test specific, high-value deployments. Contribute to AI-assisted security testing tooling and workflows. Work cross-functionally with other security and engineering teams, particularly on AI-specific attack scenarios. Document and present findings to technical and executive audiences, translating attack narratives into actionable risk insights that inform security roadmaps.

Requirements: 5+ years of hands-on experience in red teaming and offensive security operations. Deep expertise in at least two of: macOS security, Linux Security, Cloud security (GCP/AWS/Azure), Kubernetes, CI/CD pipelines. Track record of discovering novel attack vectors and chaining vulnerabilities creatively. Experience conducting adversarial simulations against well-defended environments. Strong engineering skills (Python, Go, or similar). Ability to write clear findings that drive action, helping teams understand risk and prioritize fixes. Collaborative approach, working in close collaboration with the blue team.

Preferred Qualifications: Prior work at organizations with state actor threat models. Interest in AI safety and how security engineering contributes to responsible AI developments. Background testing AI/ML systems or agentic workflows. Familiarity with detection engineering and SIEM/EDR platforms from the defensive side. Experience with data center security or hardware-based attacks.

XML job scraping automation by YubHub

This role is heavily weighted toward detection engineering. You should think in terms of adversary behaviour and telemetry coverage, not just alert triage. You'll own detections end-to-end: from identifying gaps in coverage, through designing and testing detection logic, to tuning and validating in production.

Key Responsibilities:

• Design, build, test, and tune high-fidelity detection rules and analytic queries across endpoint, cloud, network, identity, and DLP telemetry sources

• Develop and maintain detection content using detection-as-code practices including version-controlled logic, automated testing, and CI/CD deployment

• Map detection coverage to MITRE ATT&CK, identify gaps, and prioritise new detection development based on threat intelligence and business risk

• Engineer correlation rules, behavioural analytics, and anomaly-based detections that minimise false positives while surfacing real adversary tradecraft

• Own the detection lifecycle from initial development through production tuning, performance monitoring, and retirement

• Build and operate pipelines to ingest, normalise, enrich, and manage security telemetry at scale across diverse data sources, using Terraform and infrastructure-as-code practices to deploy and maintain logging and detection infrastructure

• Design and maintain log collection, parsing, and enrichment configurations that ensure the right telemetry is available at the right fidelity for detection and investigation

• Evaluate and onboard new telemetry sources as Saronic's infrastructure and threat landscape evolve

• Monitor pipeline health, data quality, and ingestion reliability to ensure detections operate on complete and accurate data

• Develop and manage automated response playbooks in SOAR platforms to accelerate containment and reduce analyst toil

• Build automation that enriches alerts with contextual data, reducing investigation time and improving analyst decision-making

• Support incident response efforts and translate lessons learned into improved detections and playbooks

• Partner with SOC analysts, Cloud Security, Product Security, and IT teams to close visibility and detection gaps across environments

• Collaborate with threat intelligence to ensure detection engineering is informed by current adversary TTPs relevant to defence, maritime, and autonomous systems

Required Qualifications:

• 3+ years of hands-on experience in detection engineering, security operations, security automation, or a closely related security engineering role

• Demonstrated experience designing, testing, and tuning detection rules and analytic queries across production security telemetry (endpoint, cloud, network, identity, or DLP)

• Hands-on experience with SIEM platforms and proficiency with query languages such as SPL, KQL, or equivalent

• Experience building and operating security data pipelines, including log ingestion, normalisation, enrichment, and data quality management

• Understanding of data engineering concepts including ETL pipelines, data modelling, schema design, and indexing as applied to security telemetry

• Hands-on coding experience in Python, PowerShell, Go, or Rust for security automation, detection tooling, or pipeline development, and familiarity with Terraform for managing detection and logging infrastructure as code

• Understanding of MITRE ATT&CK framework and its application to detection coverage and gap analysis

• Ability to obtain and maintain a security clearance

Preferred Qualifications:

• Experience in defence, aerospace, robotics, autonomy, or other high-assurance environments

• Experience with EDR platforms including custom detection rule creation and telemetry analysis

• Experience with cloud-native detection in AWS and Microsoft 365/Azure

• Experience using Terraform to deploy and manage security monitoring infrastructure, log pipeline components, or cloud-native security service configurations

• Hands-on experience with incident response, threat hunting, or adversary emulation

• Exposure to embedded Linux, operational technology, or ICS telemetry and detection

• Familiarity with NIST SP 800-171, NIST SP 800-53, or CMMC and their logging and monitoring requirements

• Relevant certifications such as GCIH, GCIA, GCDA, GSOM, OSDA, or OSCP

Additional Information:

• Benefits: Medical Insurance, Dental and Vision Insurance, Time Off, Parental Leave, Competitive Salary, Retirement Plan, Stock Options, Life and Disability Insurance, Pet Insurance

• This role requires access to export-controlled information or items that require 'U.S. Person' status.

XML job scraping automation by YubHub

What we're all about

At Quantexa, we're a team of innovators and problem solvers who are passionate about creating real change for our clients and their industries. We're driven by a desire to do things better than the last time, and we're always looking for talented individuals to join our team.

The opportunity

We're seeking a highly skilled Cyber Security Engineer to join our Security Operations team. As a Cyber Security Engineer, you will play a key part in protecting Quantexa's systems and data from cyber threats. You will be responsible for the day-to-day operation, optimisation, and monitoring of core security platforms, with a particular focus on Zscaler, Cloud monitoring through Wiz, and Endpoint Detection and Response through CrowdStrike.

Responsibilities

Wiz (Cloud Security Posture Management)

• Monitor and triage Wiz findings daily, validating alerts and determining operational impact.
• Perform tuning and threat hunting within Wiz and other tooling.
• Identify misconfigurations, excessive permissions, and exposed assets, escalating where required.
• Track remediation progress with engineering owners and ensure closure of high-priority issues.

Zscaler (Web Security Tunnel 2.0)

• Review and triage Zscaler alerts and policy violations, following documented response procedures.
• Investigate suspicious traffic, access attempts, and user activity to determine legitimacy and risk.
• Support enforcement actions by validating policy alignment and working with IT and Cloud teams to remediate issues.
• Monitor coverage and configuration across users and locations, identifying gaps or misconfigurations.
• Support policy tuning by analysing false positives and recommending rule or policy adjustments.
• Contribute to playbook development, operational maturity, and ongoing service readiness.

CrowdStrike (Endpoint Detection and Response)

• Review and triage endpoint detections, applying documented response steps.
• Execute containment actions, including network isolation and sensor troubleshooting.
• Validate full sensor coverage across the estate and address gaps in coordination with IT.
• Support tuning activities by analysing false positives and proposing rule refinements.
• Contribute to playbook improvements and operational readiness tasks.

Security Operations

• Conduct initial investigation of security incidents, collect evidence, and escalate based on severity with a keen eye on the quality of the output.
• Perform daily review of alerts across our SIEM, Wiz, CrowdStrike, and other platforms.
• Validate vulnerabilities and configuration weaknesses raised by scanning tools.
• Ability to interpret and operationalise threat intelligence, understand how it informs detection, prioritisation, and response activities, and clearly communicate technical threat intelligence to non-technical stakeholders.
• Support cloud security controls, identity hygiene checks, and network policy reviews.
• Contribute to the ongoing maturity and documentation of operational processes.

Collaboration and Ways of Working

• Act as a trusted operational partner to the Cyber Security Manager and the wider Information Security team, providing proactive support and consistent engagement.
• Partner closely with DevOps, IT, and Engineering teams to drive timely and effective remediation actions.
• Deliver clear and concise updates on incidents and operational activities proactively, without the need for prompting.
• Actively participate in team stand ups, contributing constructively to continuous improvement and operational maturity.
• Support senior engineers with platform enhancements, integrations, and controlled change activities.

What you'll bring

• Demonstrated hands-on experience with security operations, incident triage, or vulnerability management.
• Familiarity with EDR platforms (ideally CrowdStrike) and security telemetry analysis.
• Knowledge of cloud environments, particularly Azure including Entra and Conditional Access, and a good understanding of cloud security concepts.
• Ability to understand alert context, assess impact, and follow structured response processes.
• Strong attention to detail, disciplined documentation, and good communication skills.

Benefits

• Competitive salary
• Company bonus
• Hybrid workplace & free access to global WeWork locations & events
• Pension Scheme with a company contribution of 6% (if you contribute 4% or more)
• 25 days annual leave
• Flexible working hours
• Professional development opportunities
• Access to a range of employee benefits, including health insurance, gym membership, and more

XML job scraping automation by YubHub

Anthropic's mission is to create reliable, interpretable, and steerable AI systems. We want AI to be safe and beneficial for our users and for society as a whole. Our team is a quickly growing group of committed researchers, engineers, policy experts, and business leaders working together to build beneficial AI systems.

About the Team

The Security Engineering team's mission is to safeguard our AI systems and maintain the trust of our users and society at large. Whether we're developing critical security infrastructure, building secure development practices, or partnering with our research and product teams, we are committed to operating as a world-class security organisation and keeping the safety and trust of our users at the forefront of everything we do.

What You'll Do:

• Conduct red and purple team engagements simulating advanced threat actors across our cloud infrastructure, endpoints and bare metal deployments.
• Penetration test specific, high value deployments.
• Contribute to AI-assisted security testing tooling and workflows.
• Work cross functionally with other security and engineering teams, particularly on AI-specific attack scenarios.
• Document and present findings to technical and executive audiences, translating attack narratives into actionable risk insights that inform security roadmaps.

Who You Are:

• 5+ years of hands-on experience in red teaming and offensive security operations.
• Deep expertise in at least two of: macOS security, Linux Security, Cloud security (GCP/AWS/Azure), Kubernetes, CI/CD pipelines.
• Track record of discovering novel attack vectors and chaining vulnerabilities creatively.
• Experience conducting adversarial simulations against well-defended environments.
• Strong engineering skills (Python, Go, or similar).
• Ability to write clear findings that drive action, helping teams understand risk and prioritise fixes.
• Collaborative approach, working in close collaboration with the blue team.

Strong candidates may also have experience with:

• Prior work at organisations with state actor threat models.
• Interest in AI safety and how security engineering contributes to responsible AI developments.
• Background testing AI/ML systems or agentic workflows.
• Familiarity with detection engineering and SIEM/EDR platforms from the defensive side.
• Experience with data centre security or hardware-based attacks.

Logistics

• Education requirements: We require at least a Bachelor's degree in a related field or equivalent experience.
• Location-based hybrid policy: Currently, we expect all staff to be in one of our offices at least 25% of the time. However, some roles may require more time in our offices.
• Visa sponsorship: We do sponsor visas! However, we aren't able to successfully sponsor visas for every role and every candidate. But if we make you an offer, we will make every reasonable effort to get you a visa, and we retain an immigration lawyer to help with this.

We encourage you to apply even if you do not believe you meet every single qualification. Not all strong candidates will meet every single qualification as listed. Research shows that people who identify as being from underrepresented groups are more prone to experiencing imposter syndrome and doubting the strength of their candidacy, so we urge you not to exclude yourself prematurely and to submit an application if you're interested in this work.

Your safety matters to us. To protect yourself from potential scams, remember that Anthropic recruiters only contact you from @anthropic.com email addresses. In some cases, we may partner with vetted recruiting agencies who will identify themselves as working on behalf of Anthropic. Be cautious of emails from other domains. Legitimate Anthropic recruiters will never ask for money, fees, or banking information before your first day. If you're ever unsure about a communication, don't click any links—visit anthropic.com/careers directly for confirmed position openings.

How we're different

We believe that the highest-impact AI research will be big science. At Anthropic we work as a single cohesive team on just a few large-scale research efforts. And we value impact — advancing our long-term goals of steerable, trustworthy AI — rather than work on smaller and more specific puzzles. We view AI research as an empirical science, which has as much in common with physics and biology as with traditional efforts in computer science. We're an extremely collaborative group, and we host frequent research discussions to ensure that we are pursuing the highest-impact work at any given time. As such, we greatly value communication skills.

The easiest way to understand our research directions is to read our recent research. This research continues many of the directions our team worked on prior to Anthropic, including: GPT-3, Circuit-Based Interpretability, Multimodal Neurons, Scaling Laws, AI & Compute, Concrete Problems in AI Safety, and Learning from Human Preferences.

Come work with us!

Anthropic is a public benefit corporation headquartered in San Francisco. We offer competitive compensation and benefits, optional relocation assistance, and a comprehensive benefits package that includes medical, dental, and vision insurance, 401(k) matching, and paid time off.

XML job scraping automation by YubHub