Cybersecurity Director - Product Security Solutions
Company: AstraZeneca
Location: Montgomery Village
Posted on: July 1, 2025
|
|
|
Job Description:
Do you have expertise in, and passion for, cyber security? Would
you like to apply your expertise to impact the product security in
a company that follows the science and turns ideas into life
changing medicines? If so, AstraZeneca might be the one for you!
About AstraZeneca AstraZeneca is a global, science-led,
patient-focused biopharmaceutical company that focuses on the
discovery, development, and commercialization of prescription
medicines for some of the world’s most serious disease. But we are
more than one of the world’s leading pharmaceutical companies. At
AstraZeneca, we are dedicated to being a Great Place to Work. About
our Team It is a dynamic and performance-based environment to work
in – but that’s why we like it. There are countless opportunities
to learn and grow, whether that’s exploring new technologies in
hackathons, or redefining the roles and work of colleagues,
forever. Craft your own path, with support all the way. A diverse
set of minds that work cross-functionally and broadly together.
Introduction to role Our increased focus on Digital, AI & ML, Data
& Data Science along with joint ventures and collaboration with
third parties are crafting new opportunities within the Cyber
Security team. We are looking for an experienced and strategic
Product Security Leader to join our diverse team. In this role, you
will be responsible for shaping the overall security strategy for
our products, ensuring the secure design, development, and
deployment across the entire product lifecycle. You will help
streamline the current product security efforts across various
product teams, build the core product security team, collaborate
with engineering, development, and cross-functional teams, and
drive security initiatives across all stages of product
development. The ideal candidate will have a strong background in
system development lifecycle, software or product development
experience, software security, threat modeling, and a proven track
record of building scalable security programs in a fast-paced,
innovation-driven environment. This role requires both technical
expertise and leadership skills to influence product design
decisions and create a secure-by-design culture. Accountabilities
Collaboration: Partner with product development, engineering,
DevOps, and other teams to identify security requirements,
influence design decisions, and ensure security best practices are
followed throughout the development lifecycle. Develop and Lead
Product Security Strategy and roadmap for target product domains:
Lead the vision, roadmap, engineering, and execution of the product
security strategy, ensuring the development of trust-by-design
products and services. Product Vulnerability Management:
Collaborate with product teams and be responsible for the
identification, prioritization, and mitigation of security
vulnerabilities and issues. Lead and coordinate efforts for secure
code reviews, threat modeling, penetration testing, and
vulnerability assessments. Risk Management: Assess security risks
across product portfolios and recommend remediation strategies
while balancing business and technical needs. Secure Development
Lifecycle (SDL): Implement and carry out secure development
lifecycle practices including tooling, ensuring products are
designed and developed with security built in. Training and
Awareness: Lead initiatives to increase security awareness and
knowledge among engineers and product teams through training,
workshops, and the development of security resources. Compliance:
Ensure adherence to relevant regulatory requirements and industry
best practices related to product security (e.g., GDPR, SOC2,
OWASP, etc.). Leadership: Build, mentor, and lead a high-performing
product security team. Cultivate a culture of security excellence
and innovation. Essential Skills/Experience: Bachelors degree in
Computer Science, Information Security, or a related field (or
equivalent experience). 8 years of experience in security, with at
least 3 years in a leadership role focusing on product or software
security. Expertise in secure software development, application
security, threat modeling, vulnerability management, and
penetration testing. Strong understanding of common security
threats (e.g., OWASP Top 10), attack vectors, and mitigation
strategies. In-depth knowledge of DevSecOps security tools and
techniques for code analysis, vulnerability scanning, and risk
assessment. Experience working with cross-functional teams,
especially product management, engineering, and operations, to
integrate security into the product lifecycle. Strong
problem-solving and analytical skills with the ability to translate
technical concepts to business leaders and non-technical team
members. Excellent interpersonal skills, both written and verbal,
with the ability to clearly convey complex security topics to a
wide audience. Desirable Skills/Experience Master’s degree in
Information Security, Computer Science, or a related field.
Industry certifications such as CISSP, CISM, or CEH. Hands-on
experience with security frameworks, tools, and methodologies
(e.g., SAST, DAST, threat modeling, etc.). Familiarity with cloud
security and DevSecOps practices. Experience leading security
initiatives in agile and fast-paced development environments.
Knowledge of industry standards and regulations (e.g., ISO 27001,
NIST, SOC2). The annual base pay for this position ranges from
160,313.60 - 240,470.40 USD Annual (80% - 120%). Hourly and
salaried non-exempt employees will also be paid overtime pay when
working qualifying overtime hours. Base pay offered may vary
depending on multiple individualized factors, including market
location, job-related knowledge, skills, and experience. In
addition, our positions offer a short-term incentive bonus
opportunity; eligibility to participate in our equity-based
long-term incentive program (salaried roles), to receive a
retirement contribution (hourly roles), and commission payment
eligibility (sales roles). Benefits offered included a qualified
retirement program [401(k) plan]; paid vacation and holidays; paid
leaves; and, health benefits including medical, prescription drug,
dental, and vision coverage in accordance with the terms and
conditions of the applicable plans. Additional details of
participation in these benefit plans will be provided if an
employee receives an offer of employment. If hired, employee will
be in an “at-will position” and the Company reserves the right to
modify base pay (as well as any other discretionary payment or
compensation program) at any time, including for reasons related to
individual performance, Company or individual department/team
performance, and market factors. When we put unexpected teams in
the same room, we spark bold thinking with the power to inspire
life-changing medicines. In-person working gives us the platform we
need to connect, work at pace and challenge perceptions. Thats why
we work, on average, a minimum of three days per week from the
office. But that doesnt mean were not flexible. We balance the
expectation of being in the office while respecting individual
flexibility. Join us in our unique and ambitious world. Join a team
with the backing and investment to win! Youll be working with
cutting-edge technology. This marriage between our purposeful work
and the use of high-tech platforms is what sets us apart. Own the
way in digital healthcare. From exploring data and AI to working in
the cloud on new technologies. Join a team at the forefront. Help
shape and define the technologies of the future with the backing
you need from across the business. Ready to make an impact? Apply
now! AstraZeneca embraces diversity and equality of opportunity. We
are committed to building an inclusive and diverse team
representing all backgrounds, with as wide a range of perspectives
as possible, and harnessing industry-leading skills. We believe
that the more inclusive we are, the better our work will be. We
welcome and consider applications to join our team from all
qualified candidates, regardless of their characteristics. We
comply with all applicable laws and regulations on
non-discrimination in employment (and recruitment), as well as work
authorization and employment eligibility verification
requirements.
Keywords: AstraZeneca, Silver Spring , Cybersecurity Director - Product Security Solutions, IT / Software / Systems , Montgomery Village, Maryland
