Job Title: Lead Consultant – Cyber SOC Operations
GCL:E
Are you ready to lead a high-impact Security Operations Center and defend the expertise behind life-changing medicines? As Lead Consultant – Cyber SOC Operations, you will guide incident response across a sophisticated digital world, safeguarding critical research, manufacturing, and patient-facing systems. Your decisions will reduce risk, maintain continuity, and keep our mission moving at speed.
You will join a collaborative team that blends deep security expertise with data, automation, and AI to outpace evolving threats. From day one, you will turn signals into crucial action, scale playbooks that improve, and mentor analysts to achieve steady, measurable outcomes. You see yourself transforming sophisticated telemetry into clear, business-saving decisions?
Incident Investigation: Lead investigations through analysis of logs, endpoint data, and network communication to resolve scope, impact, and next steps, accelerating time to containment and recovery.
Rapid Containment: Orchestrate containment actions such as suspending account access, isolating compromised devices, and blocking IPs to stop attacker movement and protect high-value assets.
Severity-based Issue: Apply risk-based judgment to raise incidents in line with impact, severity, and SLAs, ensuring focus and response from the right collaborators at the right time.
IOC and Threat Pattern Analysis: Analyze indicators of compromise and charge patterns to identify root behaviors, drive detection improvements, and close gaps.
Root Cause and Timeline Reconstruction: Conduct RCA, build accurate timelines, and foster insights back into controls, architecture, and training to prevent recurrence.
Cross-Tool Correlation: Link events from SIEM, EDR, network, and identity platforms to build a unified view of the charge chain and reduce noise.
SOAR Response Execution: Implement response actions through SOAR playbooks to deliver consistent, rapid, and auditable remediation.
Playbook Optimization: Assist in tuning playbooks and automation to improve fidelity, reduce false positives, and increase analyst efficiency.
Incident Documentation: Document incidents with clear evidence, actions, and decisions, creating a reusable institutional memory and enabling executive-level communication.
Runbook and SOP Maintenance: Keep runbooks, SOPs, and incident response documentation up to date so the team operates predictably and scales effectively.
When we put unexpected teams in the same room, we unleash aggressive thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world.
At AstraZeneca, our work has a direct impact on patients by transforming our ability to develop life-changing medicines. We empower the business to perform at its peak by combining modern science with leading digital technology platforms. With a passion for impacting lives through data, analytics, AI, machine learning, and more, we are committed to driving cross-company change to disrupt the entire industry. Join us at a crucial stage of our journey in becoming a digital and data-led enterprise
Here, the work of cybersecurity directly protects the science and systems that bring new medicines to patients. You will partner with diverse specialists who bring unexpected perspectives together to spark bold ideas, backed by investment in leading data, automation, and AI. We encourage experimentation and ownership, value kindness alongside ambition, and give you the platform to design resilient defenses that scale across a global enterprise. Your expertise will help unlock innovation at pace while keeping our mission safe.
Lead the defense that powers breakthroughs—step into this role to shape resilient operations and safeguard the science that saves lives.
Date Posted
20-Mar-2026Closing Date
23-Mar-2026AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.