Senior Engineer – Cyber SOC Operations

Are you ready to turn signal into certainty and protect the science that changes patients’ lives? As a Senior Engineer in our Cybersecurity Operations Center, you will be on the first line of defense. You will secure platforms that support the discovery, development, and delivery of medicines. Every alert you investigate, every incident you clarify, and every issue you guide helps safeguard the data and systems our people rely on every day.

You will move quickly in a modern, global security operations environment, using Splunk and established runbooks to make fast, high-quality decisions. Can you separate noise from real risk and drive clear action that prevents disruption? Your expertise will help the wider organization move authoritatively, knowing critical work is protected and progress stays on track.

• Threat Monitoring: Maintain vigilant oversight of Splunk dashboards, spotting anomalies early to reduce time-to-detect and prevent issue.
• Quickly evaluate deceptive emails, harmful software, repeated unauthorized access attempts, and suspicious login alerts. Identify true positives and false positives to focus effort optimally.
• Evidence Collection: Capture and preserve IPs, hashes, URLs and usernames to build a clear investigative picture and enableflawlesss handoffs.
• Investigation and Documentation: Conduct L1 investigations following runbooks and playbooks, collecting notes, timelines and decisions that withstand scrutiny.
• Critical issue and Collaboration: Raise incidents to L2/L3 with detailed context and recommended next steps, enabling faster containment and recovery.
• Workflow and Tooling: Handle incidents through ticketing systems (ServiceNow, JIRA) to maintain visibility, accountability and efficiency.
• Shift Operations and Handover: Keep shift documents up to date to ensure continuity, clear priorities and zero information loss between teams.
• Process Perfection: Implement to SOPs and issue matrices while finding opportunities to simplify, automate and sharpen detection and response over time.

• Supervise Splunk Dashboard
• Identify and triage security alerts (phishing, malware, brute force, suspicious logins)
• Distinguish true positives vs false positives
• Follow detailed procedures and operational guides for alert investigation
• Perform initial investigation (L1) on alerts
• Collect basic evidence: IPs, hashes, URLs, usernames
• Raise incidents to L2/L3 analysts with clear documentation
• Track incidents using service desk tools like ServiceNow and JIRA
• Maintain incident notes and timelines
• Update shift handover documents
• Follow SOPs and issue matrices

• Experience in a 24/7 SOC with rotating shifts and handovers across regions
• Familiarity with EDR tools and SOAR automation; ability to chip in to playbook improvements
• Solid understanding of cloud logging and security telemetry (e.g., Azure, AWS, O365)
• Understanding of MITRE ATT&CK, phishing analysis techniques and basic malware triage
• Scripting or query skills for investigation efficiency (e.g., Python, KQL, SPL)
• Industry certifications that demonstrate SOC and incident response capability (e.g., Security+, CySA+, GCIA, GCIH)
• Strong written and verbal communication to document investigations and guide collaborators under time pressure

When we put unexpected teams in the same room, we unleash bold thinking with the power to

inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge

perceptions. That's why we work, on average, a minimum of three days per week from the office. But that

doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual

flexibility. Join us in our unique and ambitious world.

Join a global technology community that protects the work that matters most—advancing science into treatments for patients. Here, you’ll collaborate across disciplines and borders, sitting shoulder-to-shoulder with engineers, analysts and scientists to solve problems that have real-world impact. We’re investing in a bold, data-led future and encourage experimentation, from hands-on hackathons to piloting new detection techniques. You’ll find the scale to drive meaningful change and the support to keep learning; we value kindness alongside ambition and bring diverse voices together to move faster and think bigger.

If you’re ready to sharpen detection, accelerate response and protect a mission that saves lives, step into this role and help shape our security impact today.

Date Posted

Closing Date

AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.