Principal Enterprise Security Architect

Location: Macclesfield, UK

Hybrid working model, 3 days per week onsite

About us:

At AstraZeneca,we'reunited by a bold ambition: to push the boundaries of science and deliver life-changing medicines to patients worldwide. As a global, science-led biopharmaceutical company, we transform pioneering research into breakthrough treatments across oncology, cardiovascular, respiratory, and rare diseases. Here, your talent will contribute to innovations that truly matter—helping us reimagine healthcare and create a healthier future for all!

Introduction to role

We seek a senior enterprise security architect to lead solutioning for remediation activities driven by security findings and risk assessments. You will translate vulnerabilities and control gaps into scalable, sustainable architecture patterns and target-state designs across enterprise technologies, partnering with SMEs to reduce risk while aligning to standards, governance, and business priorities.

Accountabilities

• Architecture analysis and guidance: Break down systemic risks; define reference designs, controls, and runbooks across on-prem, cloud, API, containers/Kubernetes, SaaS, and OT/IoT; deliver actionable artifacts (ADRs, diagrams, control requirements) tocross functionalteams.

• Enterprise alignment and governance: Align security architecture to enterprise frameworks and target-state roadmaps;participatein Architecture Review Boards to enforce security-by-design and standardized guardrails; ensure traceable decisions and exceptions.

• Remediation enablement: Triage audit/offensivesecurityfindings; distinguish acute issues from systemic gaps; shape prioritized remediation backlogs,identifyowners,high leveltimelines, andsuccesscriteria; track progress in JIRA or equivalentwith collaboration with internal and external stakeholders.

• Standards and modernization: Assess baselines and control efficacy versus threats; propose upgrades and deprecation plans; land durable fixes in standards, blueprints, and runbooks.

• Identity, Zero Trust, and segmentation: Design identity-centric controls (authN/authZ, PAM, JIT/JEA, federation) and macro/micro-segmentation across on-prem, cloud, and SaaS, including secure remote access patterns.

• Data protection and privacy: Define classification and protection controls (DLP, encryption, key management, tokenization) and privacy-by-design patterns for safe data use and sharing.

• Resilience and observability: Embed backup/restore, immutable storage, ransomware resilience; set logging/telemetry standards,threat modelling output,detections-as-code, and SIEM/SOAR integrationsfor all the solution developed to address securityfindings, defineKPIs/KRIs to measure control effectiveness

• Risk-based decisions and collaboration: Recommend pragmatic solutions balancing security, usability, performance, and effort; orchestrate cross-functional delivery; communicate clearly to business and engineeringstakeholders.

Essential Skills/Experience

• Security gap identification and risk analysis: Ability toidentifysecurity gaps and limitations in current processes, standards, and controls based on risk assessments/security findings; perform qualitative/quantitative risk analysis on associated threats and exposures; articulate risk trade-offs and prioritize mitigations.

• Solutioning and standards modernization: Skill in proposing high-level solutions and design changes to addressidentifiedlimitations; revising and modernizing security standards and baselines; embedding updates into governance, policy, and delivery pipelines with clear communication to stakeholders.

• In-depth cloud, container, and platform security: Deep architectural expertise across Azure/AWS/GCP (IAM, segmentation, KMS/HSM, workload protection, posture management, and native controls), combined with advanced Kubernetes security controls including image/SBOM/supply chain scanning, admission policies, Pod Security and Network Policies, secrets management, CIS benchmark hardening, and runtime protection.

• Enterprise platforms and toolingexposure:Broad exposure to tools across security frameworks, including CNAPP/container security, API gateways, SIEM/SOAR, EDR/XDR, vulnerability management, endpoint/server/network/OT tooling, and major SaaS platforms; able to integrate these technologies and develop solutions rapidly.

• API and application security: OAuth2/OIDC,mTLS, token lifecycles, fine-grained authorization, WAF/gateway protection, rate limiting, schema validation, abuse detection, and secure API design/testing/monitoring.

• Executive and technical communication: Experience presenting solutions, alternative options, and limitations to senior leaders and technical SMEs; able to articulate trade-offs, assumptions, and risks clearly,facilitatedecision-making, and adapt messaging for executive, product, and engineering audiences.

Desirable Skills/Experience

• Insight to GRC and regulatory frameworks: ISO 27001/27002, NIST CSF/800-53/800-207, SOC 2, HIPAA, GDPR; control mapping, shared responsibility in cloud, and compliance/risk reporting.

• AI security and governance familiarity (LLMs/generative AI): data/model provenance, prompt-injectiondefenses, output validation, privacy/PII safeguards, usage guardrails.

• Identity, Zero Trust, and PAM: Enterprise strategies for identity/federation, conditional access, continuous verification, privileged access, session/credential management, workload identities, and segmentation.

• Experience mapping attack chains (e.g., MITRE ATT&CK) and selecting controls that degrade adversary paths; ability to quantify risk reduction.

• Knowledge of legacy-to-modern migrations (hybrid identity, network segmentation, VDI/Citrix hardening) and deprecation strategies for insecure configurations.

• Exposure toDevSecOpsand automation: Policy-as-code,IaC/container scanning, golden pipelines, preventative guardrails, drift detection, and detections-as-code.

• Relevant certifications: CISSP, CISM, CCSP, SABSA, TOGAF, AZ-500, AWS Security Specialty.

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challengeperceptions.That'swhy we work, on average, a minimum of three days per week from the office. But thatdoesn'tmeanwe'renot flexible. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world!

Why AstraZeneca:

Here, your leadership turns complex science into dependable supply for patients worldwide. You will work with pioneering chemistry, digital technologies, and lean principles, side by side with colleagues who put unexpected teams in the same room to crack tough problems. With a truly global network and strong investment in people and modern facilities, you will grow your impact and your career—learning from diverse teams, shaping standards across sites, and contributing to a more sustainable future. We value kindness alongside ambition, andweback decisive leaders who take ownership and deliver outcomes that matter.