Principal Enterprise Security Architect in Macclesfield

Location: Macclesfield, UK
Hybrid working model, 3 days per week onsite

At AstraZeneca, we are united by a bold ambition: to push the boundaries of science and deliver life-changing medicines to patients worldwide. As a global, science-led biopharmaceutical company, we transform pioneering research into breakthrough treatments across oncology, cardiovascular, respiratory, and rare diseases. Here, your talent will contribute to innovations that truly matter—helping us reimagine healthcare and create a healthier future for all!

We seek a senior enterprise security architect to lead solutioning for remediation activities driven by security findings and risk assessments. You will translate vulnerabilities and control gaps into scalable, sustainable architecture patterns and target-state designs across enterprise technologies, partnering with SMEs to reduce risk while aligning to standards, governance, and business priorities.

Responsibilities

• Architecture analysis and guidance: Break down systemic risks; define reference designs, controls, and runbooks across on-prem, cloud, API, containers/Kubernetes, SaaS, and OT/IoT; deliver actionable artifacts (ADRs, diagrams, control requirements) to cross functional teams.
• Enterprise alignment and governance: Align security architecture to enterprise frameworks and target-state roadmaps; participate in Architecture Review Boards to enforce security-by-design and standardized guardrails; ensure traceable decisions and exceptions.
• Remediation enablement: Triage audit/offensive security findings; distinguish acute issues from systemic gaps; shape prioritized remediation backlogs, identify owners, high level timelines, and success criteria; track progress in JIRA or equivalent with collaboration with internal and external stakeholders.
• Standards and modernization: Assess baselines and control efficacy versus threats; propose upgrades and deprecation plans; land durable fixes in standards, blueprints, and runbooks.
• Identity, Zero Trust, and segmentation: Design identity-centric controls (authN / authZ, PAM, JIT/JEA, federation) and macro/micro-segmentation across on-prem, cloud, and SaaS, including secure remote access patterns.
• Data protection and privacy: Define classification and protection controls (DLP, encryption, key management, tokenization) and privacy-by-design patterns for safe data use and sharing.
• Resilience and observability: Embed backup/restore, immutable storage, ransomware resilience; set logging/telemetry standards, threat modelling output, detections-as-code, and SIEM/SOAR integrations for all solutions addressing security findings; define KPIs/KRIs to measure control effectiveness.
• Risk-based decisions and collaboration: Recommend pragmatic solutions balancing security, usability, performance, and effort; orchestrate cross-functional delivery; communicate clearly to business and engineering stakeholders.

Essential Skills/Experience

• Security gap identification and risk analysis: Ability to identify security gaps and limitations in current processes, standards, and controls based on risk assessments/security findings; perform qualitative/quantitative risk analysis on associated threats and exposures; articulate risk trade-offs and prioritize mitigations.
• Solutioning and standards modernization: Skill in proposing high-level solutions and design changes to address identified limitations; revising and modernizing security standards and baselines; embedding updates into governance, policy, and delivery pipelines with clear communication to stakeholders.
• In-depth cloud, container, and platform security: Deep architectural expertise across Azure/AWS/GCP (IAM, segmentation, KMS/HSM, workload protection, posture management, and native controls), combined with advanced Kubernetes security controls including image/SBOM/supply chain scanning, admission policies, Pod Security and Network Policies, secrets management, CIS benchmark hardening, and runtime protection.
• Enterprise platforms and tooling exposure: Broad exposure to tools across security frameworks, including CNAPP/container security, API gateways, SIEM/SOAR, EDR/XDR, vulnerability management, endpoint/server/network/OT tooling, and major SaaS platforms; able to integrate these technologies and develop solutions rapidly.
• API and application security: OAuth2/OIDC, mTLS, token lifecycles, fine-grained authorization, WAF/gateway protection, rate limiting, schema validation, abuse detection, and secure API design/testing/monitoring.
• Executive and technical communication: Experience presenting solutions, alternative options, and limitations to senior leaders and technical SMEs; able to articulate trade-offs, assumptions, and risks clearly, facilitate decision-making, and adapt messaging for executive, product, and engineering audiences.

Desirable Skills/Experience

• Insight to GRC and regulatory frameworks: ISO 27001/27002, NIST CSF/800-53/800-207, SOC 2, HIPAA, GDPR; control mapping, shared responsibility in cloud, and compliance/risk reporting.
• AI security and governance familiarity (LLMs/generative AI): data/model provenance, prompt-injection defenses, output validation, privacy/PII safeguards, usage guardrails.
• Identity, Zero Trust, and PAM: Enterprise strategies for identity/federation, conditional access, continuous verification, privileged access, session/credential management, workload identities, and segmentation.
• Experience mapping attack chains (e.g., MITRE ATT&CK) and selecting controls that degrade adversary paths; ability to quantify risk reduction.
• Knowledge of legacy-to-modern migrations (hybrid identity, network segmentation, VDI/Citrix hardening) and deprecation strategies for insecure configurations.
• Exposure to DevSecOps and automation: Policy-as-code, IaC/container scanning, golden pipelines, preventative guardrails, drift detection, and detections-as-code.
• Relevant certifications: CISSP, CISM, CCSP, SABSA, TOGAF, AZ-500, AWS Security Specialty.

Why AstraZeneca

When we put unexpected teams in the same room, we unleash bold thinking with the power to inspire life-changing medicines. In-person working gives us the platform we need to connect, work at pace and challenge perceptions. That’s why we work, on average, a minimum of three days per week from the office. We balance the expectation of being in the office while respecting individual flexibility. Join us in our unique and ambitious world!

Date Posted: 30-ene-2026
Closing Date: 19-feb-2026

Our mission is to build an inclusive and equitable environment. We want people to feel they belong at AstraZeneca and Alexion, starting with our recruitment process. We welcome and consider applications from all qualified candidates, regardless of characteristics. We offer reasonable adjustments/accommodations to help all candidates to perform at their best. If you have a need for any adjustments/accommodations, please complete the section in the application form.