Leverage technology toimpactpatients andultimately savelives

Do you haveexpertisein, and passionfor,information technology? Would you like to apply yourexpertisetoimpactthe IT strategy in a company that followsthe scienceand turns ideas into life changing medicines? If so, AstraZeneca might be the one for you!

ABOUT ASTRAZENECA

AstraZeneca is a global, science-led, patient-focused biopharmaceutical company that focuses on the discovery,developmentandcommercializationof prescription medicines for some of the world’s most seriousdisease Butwe’remore than one of the world’s leading pharmaceutical companies. At AstraZenecawe’rededicated to being a Great Place to Work.

ABOUT ROLE

The Director, CSIRT is a seniorindividual contributorleader in the Global Cybersecurity Operations Center (GSOC), based in Gaithersburg, Maryland, reporting to the Head of GSOC. You will command enterprise response to material cyber incidents across cloud,on‑premises, and OT/ICS environments, own incident governance and readiness, and drive executive reporting, lessons learned, and control hardening in partnership with Detection Engineering, CTI, Vulnerability Management, Offensive Security, IT, Legal, Risk and Compliance, and Physical Security.

What You’ll Do:

• IncidentCommand:Lead execution of the Incident Response (IR) plan to rapidly scope,contain, eradicate, and investigate incidents across hybrid and OT environments.

• IncidentGovernance:Define andmaintainincident categories, severity, decision authorities, activation criteria, and crisis management handoffs.

• Forensics evidence handling:Coordinate preservation, collection, and analysis withchain‑of‑custodyrigor;in collaboration with Legal,manageassetlitigation holdandretentionas well as facilitation ofartifact sharing for malware analysis and CTI.

• Exercises andreadinessRun regular tabletop andpurple‑teamexercises; ensure 24x7 coverage, seamlessfollow‑the‑sunhandoffs with Regional SOCs, and retainer surge playbooks.

• Automation and AI Operationalize agentic SIEM features,XDRand SOAR playbooks, LLM‑assistedrunbooks, and automated triage packages to reduce MTTD/MTTC/MTTR.

• Metrics and reporting Own IR targets/KRIs (e.g.,MTTD, MTTC, MTTR, dwell time, business impact) and deliver executive‑ready briefings, dashboards, and quarterly lessons learned.

• Stakeholder coordination Orchestrate IR with IT, Legal, Privacy, Risk, Comms, Physical Security, and Insurance for notification obligations, privilege, and crisis communications.

• ControlsHardening:Drive post‑incidentdetection and control improvements with Detection Engineering, Identity, Cloud, Endpoint, and OT teams.

• Assurance integration: Partner with Vulnerability Management and Offensive Security to prioritize testing and remediation informed by incident findings and CTI.

People Leadership:

• Strategy and planning:Developand maintainCSIRT area plans aligned to GSOC strategy; set direction and goals with autonomy.

• Performance and tiers:Define and review reporting and team targets; alignobjectivesto incident outcomes and customer experience.

• Coverage and on‑call:Maintain24x7 on‑call rotations, surge models, and cross‑regional handoff standards.

• Talent and capability:Lead inclusive recruitment; build career paths and targeted upskilling in DFIR, cloud identity, OT/ICS, and automation/SOAR through regional/external partnerships.Provide mentorship to junior CSIRT resources.

Knowledge, Experience, and Understanding of:

• Incident command & IR lifecycle Proven command acrosscyberincidentlifecycles,plansandplaybooks.Deep understanding of the incident lifecycle, from preparation to scoping, containment,eradicationand remediation at enterprise scale

• DFIR evidence handling Experiencedin managing the collection, preservation and analysis of digital evidence and chain of custody; timeline reconstruction; attacker attribution; concise executive reporting.

• Attacker tradecraft (MITRE ATT&CK)Deep knowledgeof the attack lifecycle (i.e.MITRE ATT&CK), timeline construction and familiarity with attribution and common threat actor TTPs

• Automation & AIExperience with operationalization of modern security tools (SIEM, SOAR, XDR) including integration of artificial intelligence, large languagemodelsand agentic features to enable triage,analysisand eradication at scale

• Cloud, identity, and endpoint visibilityProficiencywith logging prioritization and telemetry from industry standard cloud platforms, identity providers, operatingsystemsand security tools.

• Manufacturing Operational Technology/Industrial Control Systems Coordinating IR in industrial/OT environments with safety andproduction continuity considerations.

• Legal/regulatory & crisis communicationsComfortable building partnerships outside of cyber operations with legal, risk & compliance, physical security and other business collaborators relevant to incident response

• Retainer and vendor readinessMaintaining IR retainer partner readiness; knowing when to escalate and how to integrate external specialists during major incidents.

MinimumSkills & ExperienceRequired

• Education:Bachelor’s degree in information security, computer science, or related field (or equivalent experience).

• Enterprise-scale SOC/IR leadershipOverfive (5)years managing Cyber Security Operations CentreIncidentResponse in enterprise-sized organizations, commanding events across hybrid cloud,onprem, and OT.

• Global coordination with RegionalSOCsExperience integrating and working alongside global, 24x7, distributed teams to complete incident response and cyber operations missions

• Communication and facilitationWell developedskills to explain complex technical issues in clear business terms; produce concise written material (executive updates, IR reports); and lead briefings.

• Analytical decisionmaking Ability to analyze complex situations, assess risk, and balance strategic and tactical security requirements with business pragmatism, risk appetite, and innovation.

• Customer orientation andcross-culturalworkingDemonstratedability to collaborate across regions and functions (IT, Legal, GRC, Physical Security) with a strong service outlook.

Preferred Skills & Experience:

• Certifications Security certifications preferred (e.g., CISSP, CISM, GIAC such as GCIH/GCFA/GREM; CCSP; ITIL).

When we put unexpected teams in the same room, we unleash bold thinking with the power to encourage life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

The annual base pay for this position ranges from $169,320.00 - $253,980.00 USD Annual. Hourly and salaried non-exempt employees will also be paid overtime pay when working qualifying overtime hours. Base pay offered may vary depending on multiple individualized factors, including market location, job-related knowledge, skills, and experience. In addition, our positions offer a short-term incentive bonus opportunity; eligibility to participate in our equity-based long-term incentive program (salaried roles), to receive a retirement contribution (hourly roles), and commission payment eligibility (sales roles). Benefits offered included a qualified retirement program [401(k) plan]; paid vacation and holidays; paid leaves; and, health benefits including medical, prescription drug, dental, and vision coverage in accordance with the terms and conditions of the applicable plans. Additional details of participation in these benefit plans will be provided if an employee receives an offer of employment. If hired, employee will be in an “at-will position” and the Company reserves the right to modify base pay (as well as any other discretionary payment or compensation program) at any time, including for reasons related to individual performance, Company or individual department/team performance, and market factors.

Are you ready to bring new insights and fresh thinking to the table? Fantastic! We have one seat available, and we hope it’s yours. Apply today.

AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We follow all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.

WHY JOIN US ?

We’re a network of high-reaching self-starters who contribute to something far bigger. We enable AstraZeneca to perform at its peak by delivering premier technology and data solutions.

We’re not afraid to take ownership and run with it. Empowered with unrivalled freedom. Put simply, it’s because we make a significant impact. Everything we do matters.