# Director, Cyber Security Detection Engineering **Company**: Cyber Security Defence Operations **Location**: Gaithersburg, Maryland, United States of America **Work arrangement**: hybrid **Experience**: senior **Job type**: full-time **Salary**: $169,320.00 - $253,980.00 USD Annual **Category**: Engineering **Industry**: Healthcare **Apply**: https://astrazeneca.eightfold.ai/careers/job/563877690451346?utm_source=yubhub.co&utm_medium=jobs_feed&utm_campaign=apply **Canonical**: https://yubhub.co/jobs/job_ea54d1ae-776 ## Description Leverage technology to impact patients and ultimately save lives. Do you have expertise in, and passion for, information technology? Would you like to apply your expertise to impact the IT strategy in a company that follows the science and turns ideas into life-changing medicines? If so, AstraZeneca might be the one for you! The Director, Cyber Security Detection Engineering is a senior leader in the Cyber Operations function, based in Gaithersburg, Maryland, working with the Head of Cyber Operations. The role encompasses command of enterprise detection capabilities across cloud, on-premises, and OT/ICS environments, ownership of detection governance and validation, and delivery of executive reporting, coverage assessments, and capability maturation in partnership with GSOC, CTI, Vulnerability Management, Offensive Security, IT, Legal, Risk and Compliance, and business customers. **Detection Strategy and Roadmap:** Direct the development and execution of comprehensive detection engineering programmes aligned to interpersonal risk appetite and threat landscape; establish capability roadmaps spanning data engineering, detection development, purple teaming, and automation/AI. **Data Engineering Oversight:** Ensure robust data pipelines support detection activities through telemetry collection, normalization, and quality assurance across hybrid and OT environments; define data retention, schema standards, and platform configuration to enable effective threat detection. **Detection Content Development:** Oversee creation, testing, and deployment of detection logic across SIEM, EDR, and cloud-native tooling; enforce detection standards, naming conventions, and MITRE ATT&CK mapping; prioritize coverage based on threat intelligence and risk assessments. **Purple Team Exercising:** Oversee purple team operations to validate detection efficacy systematically; orchestrate adversary emulation exercises across technology domains; drive remediation of detection gaps identified through testing and operational feedback. **Automation and AI Integration:** Operationalize AI agents, machine learning models, and orchestration workflows to enhance detection accuracy, reduce false positives, and augment GSOC analyst capabilities; oversee development of automated enrichment, triage, and investigation playbooks. **Metrics and Reporting:** Own detection engineering targets (e.g., MITRE ATT&CK coverage, mean time to detect, false positive rates, purple team success metrics) and deliver executive-ready briefings, dashboards, and quarterly maturity assessments. **Policy and Governance:** Develop and enforce detection engineering policies, standards, and quality frameworks; maintain detection content libraries with version control and organizational change field; ensure regulatory compliance in data handling. **People Leadership:** Strategy and planning: Develop and maintain detection engineering area plans aligned to Cyber Operations strategy; set direction and goals with autonomy across data engineering, detection development, purple teaming, and automation functions. Performance and tiers: Define and review reporting and team targets; align objectives to detection outcomes, coverage improvements, and operational efficiency. Talent and capability: Lead inclusive recruitment; build career paths and targeted upskilling in detection development, threat hunting, cloud security, OT/ICS detection, and SOAR/AI through multi-functional, regional, and external partnerships. **Knowledge, Experience, and Understanding Of:** Detection engineering lifecycle: Proven leadership across detection development, testing, deployment, and tuning at enterprise scale; deep understanding of detection logic design, coverage mapping, and efficacy validation. Threat detection frameworks: Extensive knowledge of MITRE ATT&CK, Cyber Kill Chain, and detection engineering methodologies; experience mapping organisational coverage and prioritising development based on threat intelligence. Purple team operations: Experienced in designing and accomplishing adversary emulation exercises; skilled in translating purple team findings into actionable detection improvements and coverage enhancements. Automation and AI: Experience operationalizing modern detection platforms (SIEM, XDR, SOAR) including integration of artificial intelligence, machine learning models, and agentic features to enable detection at scale. Data engineering and platforms: Proficient with data pipeline architecture, log aggregation, normalisation, and query optimisation; solid grasp of data quality requirements for effective detection. Cloud, identity, and endpoint detection: Deep understanding of detection approaches across multi-cloud environments, identity systems, endpoints, and network infrastructure; familiar with cloud-native security services and integration patterns. Manufacturing Operational Technology/Industrial Control Systems: Coordinating detection engineering in industrial/OT environments with safety, availability, and production continuity considerations; knowledge of industrial protocols and OT-specific threats. **Minimum Skills & Experience Required:** Education: Bachelor's degree in information security, computer science, or related field (or equivalent experience). Enterprise-scale detection leadership: Over 5 years managing detection engineering or security operations in enterprise-sized organisations, commanding capabilities across hybrid cloud, on-premises, and OT environments. Global coordination with distributed teams: Experience integrating and working alongside global, 24×7, geographically dispersed teams to deliver detection capabilities and support security operations missions. Communication and facilitation: Well-developed skills to explain complex technical concepts in clear business terms; produce concise written material (executive updates, coverage reports); and lead briefings to diverse stakeholders. Analytical decision making: Ability to analyse complex threat landscapes, assess detection gaps, and balance strategic capability development with tactical operational requirements, risk appetite, and resource constraints. Customer orientation and cross-cultural working: Demonstrated ability to collaborate across regions and functions (GSOC, IT, Legal, GRC, business units) with a strong service approach and commitment to enabling organisational resilience. **Preferred Skills & Experience:** Certifications: Security certifications preferred (e.g., CISSP, CISM, GIAC such as GCIA/GCDA/GMON; cloud certifications; ITIL). When we put unexpected teams in the same room, we unleash bold thinking with the power to encourage life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That's why we work, on average, a minimum of three days per week from the office. But that doesn't mean we're not flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world. ## Skills ### Required - CISSP - CISM - GIAC - cloud certifications - ITIL - information security - computer science - detection engineering - security operations - MITRE ATT&CK - Cyber Kill Chain - detection engineering methodologies - data engineering - detection development - purple teaming - automation - artificial intelligence - machine learning - agentic features - data pipeline architecture - log aggregation - normalisation - query optimisation - data quality requirements - multi-cloud environments - identity systems - endpoints - network infrastructure - cloud-native security services - integration patterns - industrial protocols - OT-specific threats --- Source: [Apply at astrazeneca.eightfold.ai](https://astrazeneca.eightfold.ai/careers/job/563877690451346?utm_source=yubhub.co&utm_medium=jobs_feed&utm_campaign=apply)