Director, Cyber Security Incident Response Team (CSIRT)
AstraZeneca
Leverage technology to impact patients and ultimately save lives Do you have expertise in, and passion for, information technology? Would you like to apply your expertise to impact the IT strategy in a company that follows the science and turns ideas into life changing medicines? If so, AstraZeneca might be the one for you!
ABOUT ASTRAZENECA AstraZeneca is a global, science-led, patient-focused biopharmaceutical company that focuses on the discovery, development and commercialization of prescription medicines for some of the world's most serious disease. But we're more than one of the world's leading pharmaceutical companies. At AstraZeneca we're dedicated to being a Great Place to Work.
ABOUT ROLE The Director, CSIRT is a senior individual contributor leader in the Global Cybersecurity Operations Center (GSOC) , based in Gaithersburg, Maryland, reporting to the Head of GSOC. You will command enterprise response to material cyber incidents across cloud, on-premises, and OT/ICS environments, own incident governance and readiness, and drive executive reporting, lessons learned, and control hardening in partnership with Detection Engineering, CTI, Vulnerability Management, Offensive Security, IT, Legal, Risk and Compliance, and Physical Security. What You'll Do:
We're a network of high-reaching self-starters who contribute to something far bigger. We enable AstraZeneca to perform at its peak by delivering premier technology and data solutions.
We're not afraid to take ownership and run with it. Empowered with unrivalled freedom. Put simply, it's because we make a significant impact. Everything we do matters.
Date Posted
23-Jun-2026 Closing Date
06-Jul-2026
Our mission is to build an inclusive environment where equal employment opportunities are available to all applicants and employees. In furtherance of that mission, we welcome and consider applications from all qualified candidates, regardless of their protected characteristics. If you have a disability or special need that requires accommodation, please complete the corresponding section in the application form.
ABOUT ASTRAZENECA AstraZeneca is a global, science-led, patient-focused biopharmaceutical company that focuses on the discovery, development and commercialization of prescription medicines for some of the world's most serious disease. But we're more than one of the world's leading pharmaceutical companies. At AstraZeneca we're dedicated to being a Great Place to Work.
ABOUT ROLE The Director, CSIRT is a senior individual contributor leader in the Global Cybersecurity Operations Center (GSOC) , based in Gaithersburg, Maryland, reporting to the Head of GSOC. You will command enterprise response to material cyber incidents across cloud, on-premises, and OT/ICS environments, own incident governance and readiness, and drive executive reporting, lessons learned, and control hardening in partnership with Detection Engineering, CTI, Vulnerability Management, Offensive Security, IT, Legal, Risk and Compliance, and Physical Security. What You'll Do:
- Incident Command: Lead execution of the Incident Response (IR) plan to rapidly scope, contain, eradicate, and investigate incidents across hybrid and OT environments.
- Incident Governance: Define and maintain incident categories, severity, decision authorities, activation criteria, and crisis management handoffs.
- Forensics evidence handling: Coordinate preservation, collection, and analysis with chain-of-custody rigor; in collaboration with Legal, manage asset litigation hold and retention as well as facilitation of artifact sharing for malware analysis and CTI.
- Exercises and readiness : Run regular tabletop and purple-team exercises; ensure 24x7 coverage, seamless follow-the-sun handoffs with Regional SOCs, and retainer surge playbooks.
- Automation and AI : Operationalize agentic SIEM features, XDR and SOAR playbooks, LLM-assisted runbooks, and automated triage packages to reduce MTTD/MTTC/MTTR.
- Metrics and reporting : Own IR targets/KRIs (e.g., MTTD, MTTC, MTTR, dwell time, business impact) and deliver executive-ready briefings, dashboards, and quarterly lessons learned.
- Stakeholder coordination : Orchestrate IR with IT, Legal, Privacy, Risk, Comms, Physical Security, and Insurance for notification obligations, privilege, and crisis communications.
- Controls Hardening: Drive post-incident detection and control improvements with Detection Engineering, Identity, Cloud, Endpoint, and OT teams.
- Assurance integration: Partner with Vulnerability Management and Offensive Security to prioritize testing and remediation informed by incident findings and CTI.
- Strategy and planning: Develop and maintain CSIRT area plans aligned to GSOC strategy; set direction and goals with autonomy.
- Performance and tiers: Define and review reporting and team targets; align objectives to incident outcomes and customer experience.
- Coverage and on - call: Maintain 24x7 on-call rotations, surge models, and cross-regional handoff standards.
- Talent and capability: Lead inclusive recruitment; build career paths and targeted upskilling in DFIR, cloud identity, OT/ICS, and automation/SOAR through regional/external partnerships. Provide mentorship to junior CSIRT resources.
- Incident command & IR lifecycle : Proven command across cyber incident lifecycles, plans and playbooks. Deep understanding of the incident lifecycle, from preparation to scoping, containment, eradication and remediation at enterprise scale.
- DFIR evidence handling : Experienced in managing the collection, preservation and analysis of digital evidence and chain of custody; timeline reconstruction; attacker attribution; concise executive reporting.
- Attacker tradecraft (MITRE ATT&CK) : Deep knowledge of the attack lifecycle (i.e. MITRE ATT&CK), timeline construction and familiarity with attribution and common threat actor TTPs
- Automation & AI : Experience with operationalization of modern security tools (SIEM, SOAR, XDR) including integration of artificial intelligence, large language models and agentic features to enable triage, analysis and eradication at scale.
- Cloud, identity, and endpoint visibility : Proficiency with logging prioritization and telemetry from industry standard cloud platforms, identity providers, operating systems and security tools.
- Manufacturing Operational Technology/Industrial Control Systems : Coordinating IR in industrial/OT environments with safety and production continuity considerations.
- Legal/regulatory & crisis communications : Comfortable building partnerships outside of cyber operations with legal, risk & compliance, physical security and other business collaborators relevant to incident response.
- Retainer and vendor readiness : Maintaining IR retainer partner readiness; knowing when to escalate and how to integrate external specialists during major incidents.
- Education: Bachelor's degree in information security, computer science, or related field (or equivalent experience).
- Enterprise-scale SOC/IR leadership : Over five (5) years managing Cyber Security Operations Centre Incident Response in enterprise-sized organizations, commanding events across hybrid cloud, onprem, and OT.
- Global coordination with Regional SOCs : Experience integrating and working alongside global, 24x7, distributed teams to complete incident response and cyber operations missions.
- Communication and facilitation : Well developed skills to explain complex technical issues in clear business terms; produce concise written material (executive updates, IR reports); and lead briefings.
- Analytical decision making : Ability to analyze complex situations, assess risk, and balance strategic and tactical security requirements with business pragmatism, risk appetite, and innovation.
- Customer orientation and cross-cultural working : Demonstrated ability to collaborate across regions and functions (IT, Legal, GRC, Physical Security) with a strong service outlook.
- Certifications : Security certifications preferred (e.g., CISSP, CISM, GIAC such as GCIH/GCFA/GREM; CCSP; ITIL).
We're a network of high-reaching self-starters who contribute to something far bigger. We enable AstraZeneca to perform at its peak by delivering premier technology and data solutions.
We're not afraid to take ownership and run with it. Empowered with unrivalled freedom. Put simply, it's because we make a significant impact. Everything we do matters.
Date Posted
23-Jun-2026 Closing Date
06-Jul-2026
Our mission is to build an inclusive environment where equal employment opportunities are available to all applicants and employees. In furtherance of that mission, we welcome and consider applications from all qualified candidates, regardless of their protected characteristics. If you have a disability or special need that requires accommodation, please complete the corresponding section in the application form.
Vacancy posted 5 days ago
Similar jobs that could be interesting for youBased on the Director, Cyber Security Incident Response Team (CSIRT) in Gaithersburg, MD vacancy
- ...Position Title: Tier 2 Cybersecurity Incident Response Analyst Location: [On-site - Bethesda, MD Position Overview The Tier... ...developing or maintaining incident response playbooks Incident response or security certifications (GCIH, GCIA, CISSP, etc.Suggested
$107.9k - $195.05k
...capabilities in the areas of cyber, logistics, security operations, and decision... ...threats around the world. Our team’s focus is to ensure our... ...Officer (ISSO). The ISSO will be responsible for managing the... ...enforcement and report the incident to the . Commitment to Non...SuggestedContract workLocal areaImmediate start$141.92k - $212.89k
...independent regulator of securities firms doing business in... ...At FINRA, you'll join a team of dedicated professionals... ...Risk Specialist, Cyber Engagements, you'll play... ...simulate real-world cyber incidents, helping member firms sharpen their response strategies, improve coordination...SuggestedFor contractorsFor subcontractorLocal area- ...independent regulator of securities firms in the U.S. It... ...Principal Risk Specialist - Cyber Engagements, you will... ...that simulate real‑world incidents, helping member firms sharpen response strategies, improve coordination... ...’s Employee Relations team at (***) ***-**** or at...SuggestedLocal area
$102.17k
...country. Job Description Join the Trinnex Security Team as a Senior Cyber Security Analyst, where you will operate at the intersection... ...rules to detect emerging threats. • Lead response efforts for complex incidents (e.g., APTs, data breaches), including forensic...SuggestedH1b$107.9k - $195.05k
...experienced Senior Zero Trust Cyber Security Analyst to support the... ...security outcomes. Primary Responsibilities Support implementation of... ...with ISSOs, ISSMs, DevSecOps teams, system engineers, and cybersecurity... ...enforcement and report the incident to the U.S. Federal Trade...Local areaImmediate start$120k - $150k
...Information Systems Security Officer Location US-MD... ...89 Category IT / Cyber Security / Network Systems... ...Analysis, and Training. Responsibilities Perform duties and responsibilities... ...and respond to security incidents in a timely manner....Full timeFor contractorsRemote work- ...seeking a Senior Principal Risk Specialist - Cyber Engagements in Rockville, MD. This role... ...exercises that simulate real-world incidents. Qualified candidates should possess advanced... ...in cybersecurity risks and incident response. A competitive compensation package and...
- ...Description: Join a dynamic team at the pulse of global... ...: The Senior Cyber Threat Analyst will... ...cybersecurity incidents from end-to-end, engaging... ...the areas of incident response, threat hunting, and forensics... ...including engineering, security, and network & system...Remote workFlexible hours
$135k - $160k
Information System Security Officer (ISSO) #26-00052 Gaithersburg, MD - Onsite Location... ...of critical mission systems. Primary Responsibilities Develop risk mitigation strategies... ...Provide guidance and engage technical teams to implement secure software and hardware...Full timeRelocation packageShift work- Leidos Inc in Gaithersburg, Maryland, is seeking a Senior Zero Trust Cyber Security Analyst to enhance enterprise data and analytics products across the DoD. In this role, you will collaborate with engineers and partners to implement Zero Trust capabilities and ensure...
$131.2k - $238.3k
...will lead cybersecurity tabletop exercises and workshops, develop formal engagement documentation, and serve as a trusted advisor on incident management. You should have a Bachelor's degree, significant experience in cybersecurity, and advanced communication skills. This...$89k - $143.75k
...possibilities of surgery? Ready to join a team that’s reimagining how we heal?... ...medical field. You will be responsible for : Designing,... ...reviews and design reviews with a cyber-lens. Performing periodic risk assessment of security vulnerabilities in software for...Full timeTemporary workWork at officeLocal areaRemote workNight shift- ...Cybersecurity Engineer / Offensive Security Lead to support high‑... ...certifications, and recent red‑team experience in mission‑critical... ...federal stakeholders to strengthen cyber resilience across complex infrastructures. Key Responsibilities Lead red‑team, adversary...
- ...largest independent regulator of securities firms doing business in the... .... At FINRA, you'll join a team of dedicated professionals committed... .... Opportunity Are you a cyber threat intelligence expert... ..., dark web intelligence, and incident data. Produce timely cyber event...Local area
$135k - $216k
Responsibilities Peraton delivers mission‑critical cybersecurity solutions in support... ...underpin our nation’s energy security and nuclear enterprise. As a Cyber Systems Administrator on the CBOSS... ...enterprise perimeter Monitoring, Incident Response & Troubleshooting Monitor...Contract workShift work$130k - $170k
...serves as a senior technical leader within the SOC, responsible for advanced threat detection, incident response, threat hunting, and forensic analysis. This... ...data to identify, analyze, and mitigate sophisticated cyber threats impacting Agency systems. Location: Rockville...- ...cybersecurity compliance activities. The ideal candidate will assist in executing defined processes and provide support to end-users. Key responsibilities include frontline IT support, maintaining compliance documentation, and supporting data management activities. Ideal...
- ...supporting end users, maintaining documentation, and assisting with secure system integration under the direction of senior IT leadership... ...position is designed to expand internal capacity, improve responsiveness to user needs, and ensure ongoing compliance efforts are...
- General Dynamics Information Technology is looking for a Sr. Cyber Security Analyst in Rockville, Maryland. This role will support our HHS... ...while documenting procedures and responding to incidents, ensuring the welfare of U.S. citizens. #J-18808-Ljbffr General...
- ...seeking an Information Systems Security Officer (ISSO) with DIACAP... ...document upgrades. - Maintain responsibility for managing cybersecurity... ...subject matter expertise for cyber security and trusted system technology... ...and as a part of a team. - Excellent work ethic and...Full timeLocal areaFlexible hours
$90.27k - $149.48k
...requires over 6 years of experience in designing secure and scalable cloud infrastructures across Azure, AWS, and GCP. Responsibilities include developing CI/CD pipelines, ensuring... ..., and collaborating with technical teams. The position offers a full-time employment...Full time- ...design and testing support. Candidates should have extensive experience with Cisco/Juniper routers, diverse network protocols, and security compliance. The role involves conducting design reviews and integrating network installations. Interested applicants can send...
- ...to safeguard digital assets by addressing cyber threats and managing risks. The ideal... ...programs, conduct IT audits, and prepare security reports. With a bachelor's degree in Computer... ...collaborates with cross-functional teams. Benefits include a 401(k) plan with employer...Remote job
$155k - $165k
...level cybersecurity program in Rockville, MD. The role involves assisting the Cybersecurity Program Manager with risk assessment, security policy development, compliance monitoring, and report management. Candidates should have at least six years of experience in cybersecurity...- ...a Full Stack Web Developer to enhance a data inventory effort. This role involves developing applications and collaborating across teams. Candidates should have a Bachelor's degree and 11 years of relevant experience, as well as expertise in JavaScript libraries and Agile...
- ...position. The role involves designing and supporting distributed networks, configuring routers and switches, and ensuring network security. Ideal candidates should have knowledge of OSPF and BGP, relevant certifications, and a Bachelor’s degree. This position may require...Contract work
- ...Cybersecurity Analyst to safeguard digital assets by monitoring and responding to cyber threats. This role involves evaluating security tools, conducting risk assessments, and collaborating across teams to implement effective security programs. The ideal candidate has a...Remote job
- ...experienced Engineer/Scientist to support the National Nuclear Security Administration. This full-time on-site position requires an... ...degree, along with a minimum of ten years in government roles. Responsibilities include project support, conducting assessments, and...Full timeFor contractors
- ...Rockville, MD is seeking a Cloud Engineer to design and operate secure AWS environments. Candidates should have 3-5 years of real AWS experience... ..., and opportunities for professional development. Join our team and contribute to modernizing government services with...Remote job
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to Director, Cyber Security Incident Response Team (CSIRT). Be the first to apply!
Related searches
- cyber Gaithersburg, MD
- cyber security Gaithersburg, MD
- IT cyber security Gaithersburg, MD
- cybersecurity software engineer Gaithersburg, MD
- senior cybersecurity engineer Gaithersburg, MD
- cyber security project manager
- cybersecurity project manager
- senior manager cyber security
- cyber security account manager
- director - cyber security


