Director, Cyber Security Incident Response Team (CSIRT)

AstraZeneca

Hybrid Actively hiring Posted this week
Gaithersburg, MD Posted 4 days ago $169,320$253,980 / year
View original post Log in to save

At a glance

AI generated

TL;DR

As the Director of CSIRT at AstraZeneca's Global Cybersecurity Operations Center in Gaithersburg, Maryland, you will lead enterprise-wide incident response efforts across cloud, on-premises, and OT/ICS environments. Your daily responsibilities include executing IR plans to contain and eradicate incidents, defining incident governance frameworks, coordinating forensic evidence handling with legal teams, conducting regular exercises for readiness, and leveraging automation and AI tools like SIEM, SOAR, and XDR to enhance operational efficiency. You will also manage metrics and reporting, ensure stakeholder coordination during crises, and drive post-incident control hardening initiatives. The role requires expertise in incident command, digital forensics, attacker tradecraft (MITRE ATT&CK), cloud identity management, and legal/regulatory compliance, with a preference for certifications like CISSP or CISM. This position demands experience leading SOC/IR teams at the enterprise scale and coordinating globally distributed security operations to protect AstraZeneca’s critical IT infrastructure in a highly regulated pharmaceutical environment.

Skills

SIEM SOAR XDR MITRE ATT&CK Python Go Docker Kubernetes AWS Azure CI/CD PostgreSQL OT/ICS LLM Grafana Prometheus Terraform GitLab GitHub

What you'll do

  • Lead execution of the Incident Response (IR) plan to scope, contain, eradicate, and investigate incidents.
  • Define and maintain incident categories, severity, decision authorities, activation criteria, and crisis management handoffs.
  • Coordinate preservation, collection, and analysis of forensics evidence with chain-of-custody rigor.
  • Run regular tabletop exercises and ensure 24x7 coverage with seamless follow-the-sun handoffs.
  • Operationalize SIEM features, XDR playbooks, LLM-assisted runbooks to reduce MTTD/MTTC/MTTR.
  • Own IR targets/KRIs (e.g., MTTD, MTTC, MTTR) and deliver executive-ready briefings and dashboards.

What we're looking for

  • Over 5 years of experience managing SOC/IR in enterprise-sized organizations.
  • Proven command across cyber incident lifecycles and plans at an enterprise scale.
  • Deep knowledge of attacker tradecraft, including MITRE ATT&CK framework.
  • Experience with automation and AI integration in modern security tools.
  • Proficiency in cloud, identity, endpoint visibility, and OT/ICS environments.
  • Strong communication skills to explain technical issues in business terms.
  • Ability to coordinate global teams for incident response and cyber operations.

Employer

About AstraZeneca

AstraZeneca is a global biopharmaceutical company focused on the research, development, and commercialization of prescription medicines in oncology, cardiovascular, respiratory, and rare disease areas. Industry: Biopharmaceuticals

AstraZeneca currently has 10 open roles on FindRole.

Listed pay typically runs $169,320–$253,980 across 9 roles with salary data.

Most-posted roles

View all roles at AstraZeneca