Lead Consultant - Cybersecurity Remediation Engineer

Job Title: Lead Consultant - Cybersecurity Remediation Engineer

Career Level - E

Introduction to role

We are looking for a detail-oriented and analytical Risk Remediation Engineer to join our growing team. This individual will play a critical role in analyzing the findings from penetration tests and other security assessments, conducting thorough root cause analysis, and driving the remediation process. You will work closely with subject matter experts (SMEs) across various technology teams to identify effective remediation steps and implement them to address technical risks. Additionally, you'll contribute to the continuous improvement of our risk management program by tracking metrics, KPIs, and reporting on remediation progress.

Accountabilities

- Findings Analysis & Root Cause Analysis: Review findings from penetration tests (pen tests), dissect vulnerabilities, and conduct root cause analysis to understand the underlying issues. Identify the most effective remediation steps for each vulnerability.
- Collaboration with SMEs: Work alongside SMEs from various IT teams (e.g., network, development, infrastructure, applications, cloud, SaaS, security) to develop and implement effective remediation solutions that address identified risks.
- Remediation Solutioning & Deployment: Architect, design, and deploy risk remediation solutions based on analysis, ensuring they align with organizational security requirements and best practices.
- Risk Mitigation & Tradeoff Analysis: Assess and evaluate alternative solution approaches, considering potential tradeoffs related to risk, cost, implementation time, and business impact.
- Continuous Program Improvement: Support the evolution of the risk remediation program by tracking key metrics and KPIs. Document and report on the progress of remediation efforts, ensuring the program is continuously improving.
- Compliance & Reporting: Ensure remediation activities align with industry standards, regulations, and best practices (e.g., NIST, ISO). Produce detailed reports for stakeholders on remediation progress and outcomes.
- Stakeholder Communication: Effectively communicate risk findings, remediation strategies, and status updates to both technical and non-technical stakeholders across the organization.

Essential Skills/Experience

- Technical depth to understand findings, and identify root causes, architect and design remediations.
- Proven experience in risk analysis, vulnerability management, and/or IT security.
- Strong experience in analyzing penetration test results and identifying the root cause of vulnerabilities.
- Familiarity with common penetration testing tools and techniques.
- Ability to work cross-functionally with IT teams to design and implement remediation solutions.
- Strong problem-solving skills with the ability to develop actionable and effective remediation strategies.
- Experience in risk assessment, mitigation, and management, with an understanding of risk management frameworks and best practices.
- Proficient in documenting metrics, KPIs, and remediation progress for continuous program improvement.
- Knowledge of security standards and frameworks (e.g., NIST, ISO, SOC 2).
- Strong communication skills, both written and verbal, with the ability to clearly explain technical issues to non-technical stakeholders

Desirable Skills/Experience

- Experience with attack chain and ability to analyze and quantify risk based on other security controls.
- Experience with security tools and technologies.
- Familiarity with cloud environments and security practices (AWS, Azure, GCP).
- Experience in automation, scripting.
- Expertise in data analytics or reporting tools (e.g., Power BI, Tableau, Excel).

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

Join a team with the backing and investment to win! You'll be working with cutting-edge technology. This marriage between our purposeful work and the use of high-tech platforms is what sets us apart. Lead the way in digital healthcare. From exploring data and AI to working in the cloud on new technologies. Join a team at the forefront. Help shape and define the technologies of the future, with the backing you need from across the business.

Ready to make an impact? Apply now!

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorisation and employment eligibility verification requirements.