Cyber Security Vulnerability Specialist

Cyber Security Vulnerability Specialist

📍 Location: Guadalajara

📌Strong English communication skills required.

📌 Must Submit Resume in English

📌 Positions are open to Mexican Citizens and official residents of Mexico.

About the AstraZeneca

AstraZeneca is a global, innovation-driven biopharmaceutical business that focuses on the discovery, development, and commercialization of prescription medicines for some of the world's most serious diseases. But we're more than one of the world's leading pharmaceutical companies. 

At AstraZeneca, we're proud to have a unique workplace culture that inspires innovation and collaboration. Here, employees are empowered to express diverse perspectives - and are made to feel valued, energized and rewarded for their ideas and creativity. 

At AstraZeneca we:

• Believe in lifelong learning.
• Endeavor to be a great place to work.
• Encourage a “speak up” culture.
• Lead the way in sustainable IT & social impact.
• Actively work towards becoming a digital organization.

About the team

The Enterprise Technology Services (ETS) team is accountable for all Infrastructure, Security, IT Operations and all End User Services and technologies. This group will ensure that our IT Services are seamless and secure, and that technology is delivered in an efficient, effective, and agile way, with a strong focus on experience. It’s a dynamic and challenging environment to work in – but that’s why we like it. There are countless opportunities to learn and grow, whether that’s exploring new technologies in hackathons, or transforming the roles and work of colleagues, forever. This is your chance to be part of a team that has the backing to innovate, disrupt an industry and change lives.  

About The role

The cyber security specialist will be part of a team of security specialists and analysts, maintaining corporate wide information Security to ensure that AstraZeneca’s information assets are adequately protected in relation to confidentiality, integrity and availability. The role is accountable for the delivery of services in accordance with Service Level Agreements, business requirements and customer experience expectations and meeting required quality and compliance to standards. The role is also required to work closely with work collaboratively with other IT functions, AZ business areas and suppliers. 

Cyber security specialist role works as an individual contributor, working in a security specialty supporting the wider security function. 

We are looking for Individuals who:

• Understand that security is a journey and not a destination. Cyber Security is not something that can be “fixed”, and we instead need to focus on innovation to maintain sustainable risk position against the evolving threat landscape. 
• Understand that we can’t just buy our way out of a Cyber Security problem. Technology may win the battle, but it won’t win the war. 
• Understand that Cyber Security is not just dealing with individual hackers. We are potentially working against state-sponsored attacks and multi-billion-dollar organized crime syndicates. 
• Understand attackers, their motivations, and their ways of working to be able to get ahead and keep ahead of them. 

The Cyber Security Vulnerability Specialist will be accountable for:

• Execution and maintenance of end-to-end Vulnerability Management processes (i.e., the VM lifecycle) with regards to On-Prem infrastructure security, application security and cloud security, specially in Network devices or Attack Surface Management. 
• Collaborate in the definition of strategies and work towards their implementation increase scanning coverage 
• Monitor and follow up remediation or closure of the vulnerabilities with corresponding teams. 
• Improve the existing vulnerability management lifecycle. Including but not limited to, data ingestion & normalization, compliance metrics and detections on assets. 
• Participate in security assessments to define prioritization and proper monitoring coverage. 
• Develop automation, orchestration, and scripting to reduce manual processes, improving overall efficiency while also enabling new capabilities to meet our rapidly changing needs. 
• Collaborate with other IT teams to resolve aging critical vulnerabilities on assets. 
• Collaborate with leadership teams to develop program metrics and performance through reporting and active engagement with stakeholders for continuous service improvement. 
• Review new vulnerabilities published from multiple sources and collaborate with other IT and security teams to identify those that may pose risk. 
• Able to provide remediation solutions for the vulnerabilities based on the unique vulnerability categorization. Support teams to understand what is required to remediate vulnerabilities. 
• Provide technical expertise in providing compensating controls for exception vulnerabilities.   

Requirements

Essential

• Experience working in Security, in a complex, multinational, corporate environment. 
• Strong collaboration skills 
• Experience correlating data from difference sources (threat intelligence, scanning tools, etc.) to identify vulnerabilities, prioritize remediation and reduce cyber risk. 
• Demonstrated experience implementing and executing Vulnerability Management programs. 
• Experience analyzing vulnerabilities and their prioritization based on risk.  
• Experience working in scanner agent deployment activities and troubleshooting or issues. 
• Technical knowledge to provide guidance related to remediation activities, risks assessments and identify false positives. 
• Demonstrate an understanding of Cyber security & proven experience in Infrastructure Vulnerability Management activities (specially in Network Devices, Cloud & OT devices). 
• Understanding of various security technologies and controls 
• Experience of vulnerability management methodologies and tools 
• A relevant technical degree in computer science, information technology, or a related field. 
• Excellent problem solving and troubleshooting skills, autonomous working, direction and goal setting. 
• Knowledge of vulnerability management – Triage, Prioritize, Remediate, and security threat modelling. 
• Written and verbal communication skills along with the proven ability to present complex, technical information to both technical and non-technical audiences. 
• Be valued and respected for collaboration, integrity and enablement. 
• Ability to prioritize, re-schedule and adapt to changes in a dynamic environment. 
• Excellent business acumen with sensitivity to environment 
• Experience working on vulnerability assessment tools and configuring sites, asset groups, tagging activities. 

Desirable

• Industry relevant Certification (e.g. CISSP, CISM, etc.) 
• Familiar with cyber security solutions like: Qualys, Tanium, Splunk. 
• Threat Intelligence  
• A high level of governance knowledge 
• Scripting  
• OWASP Top 10 Framework 
• Application security 
• API security and Mobile application security 

(Hybrid - Expectation of working in the office 3 days a week)
When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working give us the platform we need to connect, work at pace and challenge perceptions. That’s why we work, on average, a minimum of three days per week from the office. But that doesn’t mean we’re not flexible. We balance the expectation of being in the office while respecting individual flexibility.

Why AstraZeneca?

At AstraZeneca when we see an opportunity for change, we seize it and make it happen, because any opportunity no matter how small, can be the start of something big. Delivering life-changing medicines is about being entrepreneurial - finding those moments and recognising their potential. Join us on our journey of building a new kind of organisation to reset expectations of what a bio-pharmaceutical company can be. This means we’re opening new ways to work, pioneering cutting edge methods and bringing unexpected teams together.

Interested? Come and join our journey.

So, what’s next!

Are you already imagining yourself joining our team? Good, because we can’t wait to hear from you.

Where can I find out more?

Our Social Media:

Follow AstraZeneca on LinkedIn https://www.linkedin.com/company/1603/

Follow AstraZeneca on Facebook https://www.facebook.com/astrazenecacareers/

Follow AstraZeneca on Instagram https://www.instagram.com/astrazeneca_careers/?hl=en

AstraZeneca is an equal opportunity employer.

AstraZeneca will consider all qualified applicants for employment without discrimination on grounds of disability, sex or sexual orientation, pregnancy or maternity leave status, race or national or ethnic origin, age, religion or belief, gender identity or re-assignment, marital or civil partnership status, protected veteran status (if applicable) or any other characteristic protected by law. AstraZeneca only employs individuals with the right to work in the country/ies where the role is advertised.

Date Posted

Closing Date

AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.