Cyber Defense Engineer - Evinova

<div><div><p>Role based in Barcelona - 3 days onsite office / 2 days at home</p><p></p><p><span><span>Evinova</span><span><span> </span>delivers market-leading digital health solutions that are science-based, evidence-led, and human experience-driven. Thoughtful risks and quick decisions come together to accelerate innovation across the life sciences sector. Be part of a diverse team that pushes the boundaries of science by digitally empowering a deeper understanding of the patients<span> </span></span><span>we’re</span><span><span> </span>helping. Launch pioneering digital solutions that improve<span> </span></span><span>the patients</span><span>’ experience and deliver better health outcomes.<span> </span></span><span>Together, we have the opportunity to combine deep scientific expertise with digital and artificial intelligence to serve the wider healthcare community and create new standards across the sector.</span><span>  </span></span><span> </span></p><p></p></div><div><p><span><span>The Cyber Defense Engineer at<span> </span></span><span>Evinova</span><span><span> </span></span><span>is positioned</span><span><span> </span>as an internal subject matter expert for cyber threat detection, analysis,<span> </span></span><span>and response</span><span>.<span> </span></span><span>The successful candidate</span><span><span> </span>will be</span><span><span> </span>specifically accountable for the design, engineering, and operational execution of our cyber threat detection and response capabilities across a global</span><span><span> </span>multi-cloud environment</span><span><span> </span>and will be exposed to several leading technologies such as Amazon Web Services, Microsoft 365,<span> </span></span><span>SalesForce</span><span>, Splunk Cloud, and several others. </span></span><span> </span></p></div></div><div><div><p><span> </span></p></div><div><p><span><span>This role<span> </span></span><span>operates</span><span><span> </span>as the primary technical escalation point for all cyber threats<span> </span></span><span>identified</span><span><span> </span>by our Security Operations Center</span><span><span> </span>(SOC)</span><span><span> </span>and<span> </span></span><span>is responsible for</span><span><span> </span>validating, investigating, and directing responses to escalated security incidents. This role provides a unique blend of technical detection engineering with threat-informed cyber defense strategy ownership. </span></span><span> </span></p></div><div><p><span> </span></p></div><div><p><span><span>With<span> </span></span><span>Evinova</span><span><span> </span>positioned as</span><span><span> </span>a trusted technology partner to Life Sciences and Pharmaceutical Research focused organizations, this role will be exposed to regulated workloads, clinical data, and<span> </span></span><span>GxP</span><span>-relevant systems. Considering our business context, success in this role requires adequate understanding of system assurance principles, data integrity controls, and relevant external<span> </span></span><span>guidance /<span> </span></span><span>compliance requirements (e.g., ISO 27001, SOC2, NIST CSF, UK / EU GDPR, etc.). </span></span><span> </span></p></div><div><p><span> </span></p></div><div><p><span><span>This position is ideal for technically skilled cybersecurity professionals who thrive in fast</span><span><span> </span></span><span>paced global organizations and enjoy solving complex operational challenges with innovative approaches. In addition to supporting the Cyber Defense pillar, this role will have daily exposure across our entire cybersecurity<span> </span></span><span>function</span><span><span> </span>and working collaboratively to secure<span> </span></span><span>Evinova&#39;s</span><span><span> </span>Digital Health Suite</span><span>.</span><span> </span></span><span> </span></p></div><div><p><span><span>This position will report directly to the<span> </span></span><span>Evinova</span><span><span> </span>Head of Cybersecurity<span> </span></span><span>with a dotted line to the Head of Cybersecurity Engineering</span><span><span> </span>and will have several peers to collaborate<span> </span></span><span>with;</span><span><span> </span>ensuring adequate leadership visibility and cross-functional exposure across adjacent cyber domains.<span> </span></span><span>If you are a cyber defense pro looking to gain<span> </span></span><span>cyber<span> </span></span><span>leadership<span> </span></span><span>experience</span><span>, this is the perfect role for you. </span></span><span> </span></p></div><div><p><span><span>Due to the<span> </span></span><span>business critical</span><span><span> </span>nature of this role, there may be times where<span> </span></span><span>after-hours</span><span><span> </span>support is needed to address<span> </span></span><span>cybersecurity</span><span><span> </span>incidents.<span> </span></span><span>Evinova</span><span><span> </span>cybersecurity is a globally distributed team with team members<span> </span></span><span>located</span><span><span> </span>in both the United States and Spain</span><span>.</span><span> </span></span></p><p><span><span> </span></span><span> </span></p></div><div><p><b><span>Key Responsibilities:</span></b><span> </span></p><p></p></div><div><p><u><span>SIEM Platform Management (Splunk Focus)</span></u><span><span> </span></span><br /><span> </span></p></div><div><ul><li><p><span><span>Oversee the work of our outsourced<span> </span></span><span>service</span><span><span> </span>provider who<span> </span></span><span>provides</span><span><span> </span></span><span>SIEM maintenance<span> </span></span><span>support</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Provide architectural and operational ownership of Splunk ES as the enterprise detection platform</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Design data ingestion strategies covering cloud telemetry, identities, SaaS services, and system audit logs </span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Engineer compliant data models to normalize security telemetry and enable scalable detection use case development</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Build operational dashboards supporting SOC monitoring, incident tracking, regulatory reporting, and executive cyber risk metrics</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Optimize</span><span><span> </span>search performance, indexing strategies, and storage<span> </span></span><span>utilization</span><span><span> </span>to balance detection depth with cost efficiency</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Integrate third-party and native security tooling into Splunk via APIs, forwarders, and data pipeline engineering</span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><u><span>Cloud Detection and Response Architectures (AWS-focused)</span></u><span><span> </span></span></p></div><div><ul><li><p><span><span>Provide cyber defense telemetry requirements into security architecture reviews for new platforms, applications, and cloud services</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Engineer and operationalize detections<span> </span></span><span>leveraging</span><span><span> </span>native AWS telemetry sources such as Cloud Trail, Guard Duty, Security Lake, VPC Flow Logs, Cloud Watch, EKS Logs, and others</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Develop detection use cases for IAM privilege escalation, federated identity abuse, cross-account compromise, API misuse, and serverless exploitation</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Monitor containerized and Kubernetes workloads for runtime threats, suspicious process execution, and anomalous network communication patterns</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Partner with Cloud Security peer</span><span>s</span><span><span> </span>to define cloud logging standards, retention requirements, and forensic readiness controls</span></span><span><span> </span></span><br /><span> </span></p></li></ul></div><div><p><u><span>Detection Engineering<span> </span></span><span>and</span><span><span> </span>Threat Analytics</span></u><span><span> </span></span></p></div><div><ul><li><p><span><span>Architect, engineer, and operationalize advanced threat detections within Splunk Enterprise Security, including correlation searches, risk-based alerting frameworks, behavioral detections, and anomaly<span> </span></span><span>signals aligned to cloud computing threat scenarios</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Design detection logic mapped to the MITRE ATT&amp;CK techniques, cloud threat<span> </span></span><span>kill</span><span><span> </span>chains, and identity compromise attack paths to ensure<span> </span></span><span>comprehensive adversary coverage</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Build security telemetry correlation across cloud control planes, SaaS platforms, and identity providers such as Microsoft<span> </span></span><span>EntraID</span><span><span> </span>to detect multi-stage intrusion attempts</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Collaborate with our outsourced<span> </span></span><span>SOC</span><span><span> </span>to c</span><span>ontinuously tune<span> </span></span><span>log sources</span><span><span> </span>/ detection content</span><span><span> </span>to reduce false positives,<span> </span></span><span>eliminate</span><span><span> </span>alert fatigue, and improve “signal-to-noise” ratios within the<span> </span></span><span>SOC</span><span><span> </span>escalation pipelines </span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Utilize threat intelligence feeds to translate emerging adversary Tactics, Techniques, and Procedures (TTPs) into actionable detection use cases and SIEM content updates</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Establish detection lifecycle governance including use case design documentation, testing validation, and performance monitoring </span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Develop “detection</span><span>-as-code” pipelines<span> </span></span><span>leveraging</span><span><span> </span>version control and CI/CD processes to ensure repeatable and auditable deployment of correlation logic</span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div><div><p><u><span>Threat Detection</span><span>, Analysis, and Response</span></u><span><span> </span></span></p></div><div><ul><li><p><span><span>Serve as the Tier 2 / Tier 3 escalation<span> </span></span><span>path</span><span><span> </span>for all<span> </span></span><span>relevant security</span><span><span> </span>alerts and suspicious activity escalated by our SOC</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Conduct deep technical investigations spanning SIEM telemetry,<span> </span></span><span>adjacent platforms, cloud logs, identity activity, audit trails, and other forensic artifacts</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Perform<span> </span></span><span>threat actor behavior analysis to<span> </span></span><span>determine</span><span><span> </span>initial access vectors, persistence mechanisms, privilege escalation paths, and lateral movement patterns</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Lead threat hunting initiatives<span> </span></span><span>leveraging</span><span><span> </span>hypothesis-driven and intelligence-driven methodologies</span><span><span> </span>to proactively<span> </span></span><span>identify</span><span><span> </span>hidden threats</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Function as a Technical Lead / Incident Responder for confirmed cybersecurity incidents</span><span><span> </span>and directing containment actions that are proportionate with<span> </span></span><span>the</span><span><span> </span></span><span>incident<span> </span></span><span>severity</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Coordinate cross-functional response activities across Product Engineering / Platform Operations<span> </span></span><span>and Cybersecurity stakeholders</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Maintain the Cybersecurity Incident Response Playbooks and developing new playbooks for emerging incident types / technologies</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Produce formal investigation reports documenting incident timelines,<span> </span></span><span>impacted</span><span><span> </span>assets, regulatory exposure risk, and remediation recommendations</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Provide incident briefings summarizing incident severity, business impact, and containment posture<span> </span></span><span>to the Head of Cybersecurity, Head of Cybersecurity Engineering, and other relevant leadership stakeholders (including the<span> </span></span><span>Evinova</span><span><span> </span>Chief Technology Officer)</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Collaborate with Cybersecurity Assurance to document incident root cause</span><span>s</span><span>, specifically focusing on</span><span><span> </span>control failures, detection gaps, and<span> </span></span><span>posture</span><span><span> </span>improvement actions</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Lead cyber crisis simulations and tabletop exercises with adjacent teams in Product Engineering and Platform Operations to ensure operational readiness</span></span><span> </span></p></li></ul></div><div><p><span> </span></p></div></div><div><div><p><b><span>HIGHLIGHT THE SKILLS AND CAPABILITIES NEEDED</span></b><span> </span></p></div></div><div><div><p><b><span>Minimum Qualifications: </span></b><span> </span></p></div><div><ul><li><p><span><span>University</span><span><span> </span>degree in Cybersecurity,<span> </span></span><span>Information Security, Computer Science,<span> </span></span><span>Information Systems,</span><span><span> </span>or<span> </span></span><span>a related</span><span><span> </span></span><span>technical discipline.</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>6-8&#43; years of progressive experience in Cybersecurity Operations, Detection Engineering, Cybersecurity Incident Response</span><span>, or Threat Intelligence functions within global enterprises</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Demonstrated hands-on engineering and operational experience administering and developing detection use cases in Splunk Enterprise Security, including correlation searchers, notable event frameworks, risk-based alerting, and data model<span> </span></span><span>utilization</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Hands on security monitoring and threat detection experience across Amazon Web Services (AWS) environments</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Operational familiarity with cloud native attack vectors<span> </span></span><span>including IAM privilege escalation, credential misuse</span><span>, token compromise, API abuse, and cross-account persistence mechanisms</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Familiarity with SOAR platforms and automation engineering supporting incident response orchestration and alert enrichmen</span><span>t</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Demonstrated experience leading or coordinating incident response activities, including containment execution, stakeholder coordination, forensic triage, and post-incident lessons learned</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Proficiency</span><span><span> </span>in SIEM query languages (e.g., SPL, KQL) and log analysis methodologies across various log sources</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Working knowledge of the MITRE ATT&amp;CK framework<span> </span></span><span>and its application to detection engineering and threat actor simulation</span><span><span> </span></span></span><span><span> </span></span><br /><span> </span></p></li></ul></div><div><p><b><span>Desired Qualifications: </span></b><span> </span></p></div><div><ul><li><p><span><span>Professional certifications in Cybersecurity, Digital Forensics, Information<span> </span></span><span>Assurance</span><span><span> </span>or related technical field (e.g.,<span> </span></span><span>CISSP, CCSP, Splunk Certified,<span> </span></span><span>GIAC</span><span>)</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Proven experience<span> </span></span><span>operating</span><span><span> </span>as an escalation path within a Security Operations or Incident Response function, including leading technical investigations over advanced threats, account compromise, malware intrusions, and cloud security incidents</span></span><span><span> </span></span></p></li></ul></div><div><ul><li><p><span><span>Experience<span> </span></span><span>operating</span><span><span> </span>within hybrid SOC delivery models that include managed service providers or outsourced Tier 1 monitoring functions</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Deep engineering<span> </span></span><span>expertise</span><span><span> </span>within Splunk Enterprise Security, including detection-as-code pipelines, SIEM optimization, data onboarding, and search performance tuning</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Experience conducting proactive threat hunting operations</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Experience presenting incident findings and detection maturity metrics to security leadership, auditors, and other interested stakeholders</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>Experience working within regulated environments such as Financial Services, Life Sciences / Pharmaceutical</span><span>,<span> </span></span><span>and Healthcare</span></span><span> </span></p></li></ul></div><div><ul><li><p><span><span>While not<span> </span></span><span>required</span><span>, having prior<span> </span></span><span>experience</span><span><span> </span>with the Microsoft<span> </span></span><span>security ecosystem is<span> </span></span><span>an added plus</span><span><span> </span>(e.g., Purview, Sentinel, Defender)</span></span><span> </span></p></li></ul></div></div><p style="text-align:inherit"></p><p style="text-align:left"><b>Date Posted</b></p>16-feb-2026<p style="text-align:inherit"></p><p style="text-align:left"><b>Closing Date</b></p>09-mar-2026<p></p><p></p><p>AstraZeneca embraces diversity and equality of opportunity.  We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills.  We believe that the more inclusive we are, the better our work will be.  We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics.  We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.</p>