Are you ready to engineer and run security platforms at global scale — platforms that keep critical science safe and moving? Join a high-impact team protecting the infrastructure that enables researchers, engineers, and clinicians to deliver life-changing medicines.
This is a hands-on, high-autonomy role centred on Microsoft Sentineland Microsoft Defender, operating across hybrid and cloud-native environments. You'll own the health, performance, and evolution of our SIEM and EDR platforms — tuning configurations, validating telemetry, elevating alert quality, and resolving operational issues so that signals are trustworthy and action is fast. You'll also support NAS Protect and related protection capabilities across endpoint, network, identity, storage, and cloud.
We're looking for someone who brings critical thinking, automation instincts, and a genuine AI-first mindset— someone who sees repetitive toil and immediately thinks "how do I make a machine do this better than I can?"If you've lived through a SIEM migration (particularly Splunk to Sentinel), you already know the kind of complexity and reward this role delivers.
This role is based in Guadalajara, Mexicowith a hybrid model requiring a minimum of three days on-site per week
Security tooling operations:Independently run enterprise security tools including SIEM (Microsoft Sentinel), EDR (Microsoft Defender), NAS Protect, and related platforms to keep them stable, secure, and operationally effective.
Platform administration and support:Maintain platform health through configuration, agent and connector support, telemetry onboarding, troubleshooting, tuning, upgrades, and performance optimization.
Platform migration and modernization:Support or lead the transition, integration, and optimization of security platforms across vendor ecosystems — including SIEM migrations, EDR transformations, and telemetry pipeline modernization — ensuring continuity of detection and protection capabilities throughout.
Monitoring and analytics enablement:Enable high-quality monitoring and analytics with effective data ingestion, parsing, normalization, alerting logic, dashboards, telemetry validation, and detection-enabling content. Apply AI-assisted triage, enrichment, and automation where appropriate to improve speed and reliability.
Protection tooling support:Optimize protection coverage and policy effectiveness for EDR, NAS Protect, and other technologies; ensure agent health, event quality, and integration with broader security and IT services.
Continuous improvement and automation:Lead or contribute to improvements in tool configuration, service quality, procedures, automation, documentation, standards, and support models — actively leveraging AI and machine learning to reduce toil, increase resilience, and accelerate outcomes.
Service management processes:Operate and improve incident, problem, change, and release processes for security tooling to meet service expectations and business needs.
Governance and compliance:Operate tools in line with policy, access control, retention, and security data handling requirements, ensuring audit readiness in a regulated enterprise environment.
Risk and issue management:Identify and escalate operational risks, control gaps, integration weaknesses, and performance concerns; contribute to assessment, remediation, and prioritization.
Project and initiative delivery:Contribute to and, when assigned, lead small-to-medium tooling initiatives such as onboarding, upgrades, migrations, telemetry expansion, integration enhancements, and modernization.
Stakeholder collaboration:Partner with SOC, Incident Response, Threat Intelligence, Infrastructure, Cloud, Network, Identity, Storage, and GRC teams, plus vendors, to shape practical solutions that meet operational and business needs.
Technical guidance and mentoring:Advise stakeholders on capabilities and constraints; mentor colleagues on platforms, processes, and controls.
Experience:Typically 5+ years in cyber security technologies and processes, with strong hands-on experience in security tooling engineering, administration, or operations in large enterprise environments.
Microsoft Security platform expertise:Hands-on experience engineering, administering, or operating Microsoft Sentinel(or equivalent enterprise SIEM) and Microsoft Defender(or equivalent enterprise EDR). Experience with KQL, analytic rules, workbooks, data connectors, and Defender policy management is expected.
Tooling breadth:Practical experience operating and supporting additional security platforms, which may include NAS Protect, security analytics platforms, endpoint security tooling, storage protection tools, logging pipelines, cloud security tools, identity-related security tooling, network security technologies, or related cyber security platforms.
Operational capability:Experience in platform configuration, troubleshooting, telemetry onboarding, connector or agent management, policy tuning, integration support, upgrade coordination, and performance optimization.
Automation and scripting:Experience using scripting or automation (PowerShell, Python, KQL, Logic Apps, or similar) to improve operational efficiency, service quality, and platform supportability.
AI and automation mindset:Demonstrated interest or experience in applying AI, copilots, or machine learning to security operations — whether that's automated triage, playbook generation, enrichment workflows, detection tuning, or operational efficiency. You don't need to be a data scientist; you need to be someone who actively looks for ways to automate toil and isn't waiting for permission to experiment.
Cyber security analysis:Practical understanding of security risk identification, telemetry analysis, log review, operational issue investigation, and platform-related response support.
Governance and compliance awareness:Experience supporting tools in regulated and compliance-aware environments, including security data governance, access controls, retention, auditability, policies, standards, and procedures.
Cross-functional collaboration:Demonstrated ability to work effectively with technical teams, business stakeholders, suppliers, and service partners across a complex and matrixed environment.
Execution and prioritization:Proven ability to manage competing priorities, define realistic plans, solve problems effectively, and deliver secure, stable, and supportable outcomes.
Communication and influence:Strong communication, active listening, and collaboration skills, with the ability to influence peers and stakeholders to achieve common goals.
Adaptability:Ability to learn new tools quickly, adapt to evolving hybrid, cloud-native, and vendor-based security ecosystems, and flex across products as the tooling landscape evolves. Comfort working across multiple vendor platforms without rigid allegiance to any single stack.
Education:Bachelor's degree in information security, computer science, engineering, or a related field, or equivalent practical experience.
SIEM migration experience— particularly Splunk to Microsoft Sentinel — or equivalent large-scale platform transformation, telemetry modernization, or EDR migration experience.
Experience working in a global, regulated organization with geographically dispersed and multicultural teams.
Knowledge of recognized security and compliance frameworks such as NIST CSF, ISO 27001, CIS Controls, and regulated control environments such as SOX, GxP, or equivalent.
Experience supporting vendor-managed tooling, managed detection services, audit activities, control reviews, service reviews, or compliance assessments.
Experience contributing to cost-effective, sustainable, and supportable technology operations, including awareness of license usage, support overhead, operational efficiency, and service value.
Relevant security certifications applicable to the tooling or platform domain (e.g., SC-200, SC-100, AZ-500, or equivalent).
Hands-on experience applying AI and machine learning concepts in cyber security operational use cases (e.g., Microsoft Security Copilot, custom automation with LLMs, ML-based anomaly detection).
Here, innovation meets large-scale impact. You'll join a diverse group of inclusive self-starters who build from scratch as a collective — sharing ideas, challenging assumptions, and taking accountability to make them real. We connect across the business and with external partners, applying advanced techniques and modern tooling to protect the data and platforms that speed therapies to patients.
You'll work in a team that's actively transforming its tooling landscape — migrating platforms, embedding AI into daily operations, and challenging the status quo of how security engineering gets done. You'll work alongside deep specialists, leverage cutting-edge approaches in automation and machine learning, and grow fast through complex, varied work — ambitious in our goals and kind in how we get there.
Ready to own the platforms that protect the science? Apply now — and bring your curiosity, your automation instincts, and your best migration war stories.
Date Posted
26-may-2026
Closing Date
14-jun-2026
AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.
We're transforming the future of healthcare by unlocking the power of what science can do for people, society and the planet. For more information, visit www.astrazeneca.com.
Community Guidelines: bit.ly/2MgAcio
