Mid-Level Threat Detection Engineer

Mid-Level Threat Detection Engineer

Macclesfield

AstraZeneca is a global, innovation-driven pharmaceutical business that focuses on the discovery, development, and commercialization of prescription medicines for some of the world’s most serious disease. 

But we’re more than one of the world’s leading pharmaceutical companies. 

At AstraZeneca, we 're dedicated to being a Great Place to Work. Where you are empowered to push the boundaries of science and unleash your ambitious spirit. There’s no better place to make a difference to securing medicine, patients, and society. An inclusive culture that champions diversity and collaboration, AstraZeneca is always committed to lifelong learning, growth, and development. 

The Enterprise Technology Services Team

The Enterprise Technology Services (ETS) team is accountable for all Security, IT Operations, Infrastructure, and End User Services and Technologies. This group will ensure that our IT Services are seamless and secure, and that technology is delivered in an efficient, effective, and agile way, with a strong focus on experience. It’s a dynamic and challenging environment to work in – but that’s why we like it. There are countless opportunities to learn and grow, whether that’s exploring new technologies in hackathons, or transforming the roles and work of colleagues, forever. This is your chance to be part of a team that has the backing to innovate, disrupt an industry and change lives.  

Introduction To Role

Cybersecurity Defence Operations (CSDO), which sits within ETS, is fundamental to enterprise information security and responsible for detecting, analysing, and responding to real or potential security incidents. The Insider Threat Management (ITM) Analyst specializes in the collection and analysis of incidents to proactively identify and mitigate potential data breaches at AstraZeneca. The ITM function empowers operational decision-makers to a) respond more effectively to data incidents through informed decision-making and b) implement measures to mitigate or close gaps in defence, thereby preventing data breaches from occurring in the first place. 

Accountabilities

Design and implement threat detection mechanisms across cloud, on-premises, and third-party collaboration platforms to identify suspicious activities and potential threats. 

Develop, test, and deploy high fidelity signature and anomaly-based detections. 

Partner with engineering teams to build and maintain pipelines for collecting and processing relevant security telemetry. 

Research emerging threat vectors and align detection and response capabilities with the evolving threat landscape. 

Continuously refine detection rules and address systemic issues by collaborating with engineering teams. 

Automate detection and response workflows, including playbooks and processes. 

Facilitate log data onboarding into the SIEM. 

Correlate and analyze data from diverse sources to uncover threats. 

Enhance detection workflows with automation and enriched alerts. 

Leverage expertise across multiple security domains, with a focus on two or more areas such as detection engineering, digital forensics, incident response, threat hunting, threat intelligence, or malware analysis. 

Prepare reports and metrics related to threat detection efficacy and coverage. 

Essential Skills & Experience

• Significant experience in Security Incident Response and Detection Engineering.  

• Degree in Computer Science, Information Security, Cybersecurity, (or equivalent experience

• Eager to learn new technologies and methodologies to counter evolving threats. 

• Strong English communication and interpersonal skills to collaborate with cross-functional teams and explain technical concepts to non-technical audiences/key partners.

• Experience creating detection rules using SPL, KQL, or Tanium signals, including tuning and correlation. 

• Strong knowledge of MITRE ATT&CK and adversary tactics, techniques, and procedures. 

• Hands-on experience with EDR tools such as Microsoft Defender for Endpoint, Tanium, and Trend Micro. 

• Ability to assess diverse data sources to develop relevant and impactful detections. 

• Strong understanding of false positive vs. true positive alerts. 

• In-depth knowledge of antimalware, EDR, firewalls, proxies, IDS/IPS, Windows/Linux OS, Active Directory, and cloud environments. 

Desirable Skills & Experience

• Experience with SIEM and SOAR platforms (e.g., Splunk). 

• Proficiency in programming and scripting languages, including expertise in using Regular Expressions (REGEX). 

• Previous experience collaborating with the Cyber Threat Intelligence (CTI) team to develop intelligence-driven threat detections.  

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.

At AstraZeneca when we see an opportunity for change, we seize it and make it happen, because any opportunity no matter how small, can be the start of something big. Protecting the people, processes, and technologies required to develop and deliver life-changing medicines is about being entrepreneurial - finding those moments and recognizing their potential. Join us on our journey of building a new kind of organization to reset expectations of what cybersecurity can look like. This means we’re opening new ways to work, pioneering cutting edge methods, and bringing unexpected teams together. 

Ready to make an impact?

Apply now!

Date Posted

07-Feb-2025

Closing Date

21-Feb-2025

Our mission is to build an inclusive and equitable environment. We want people to feel they belong at AstraZeneca and Alexion, starting with our recruitment process. We welcome and consider applications from all qualified candidates, regardless of characteristics. We offer reasonable adjustments/accommodations to help all candidates to perform at their best. If you have a need for any adjustments/accommodations, please complete the section in the application form.