Title:  Network Security Engineer

Are you driven to make a real difference in the lives of patients?

We're seeking passionate individuals who thrive in dynamic environments, embrace new ideas and aren't afraid to take intelligent risks. People who act with unwavering integrity and are deeply committed to making a tangible impact. 

Location

• This position is based in Mexico City and will require on-site work in a hybrid set up. 
• At Astellas we recognize the importance of work/life balance, and we are proud to offer a hybrid working solution allowing time to connect with colleagues at the office with the flexibility to also work from home. We believe this will optimize the most productive work environment for all employees to succeed and deliver. Hybrid work from certain locations may be permitted in accordance with Astellas’ Responsible Flexibility Guidelines.

Purpose and Scope

As a Network Security Engineer, you will play a critical role in protecting Astellas’ global network infrastructure and ensuring the security, availability, and resilience of networked systems. This position has arisen due to Astellas insourcing the responsibility for managing network security operations, enhancing visibility across hybrid environments, and advancing towards a ‘best in industry’ security posture.

The successful candidate will work collaboratively with the Security Operations Center (SOC), Network Engineering, and other Value Teams to proactively identify, mitigate, and respond to network-based threats and vulnerabilities across the enterprise.

Role and Responsibilities

Firewall and Perimeter Defense

• Administer and maintain enterprise firewall platforms
• Review firewall rules and policies following best practices
• Conduct periodic firewall audits and ensure compliance with internal security standards.

Network Threat Detection & Automation

• Develop and implement automated detection and response playbooks for network anomalies and suspicious traffic.
• Integrate network telemetry into SIEM/SOAR platforms (e.g., Microsoft Sentinel, Splunk, or QRadar).
• Work closely with SOC analysts to tune alerts and reduce false positives.
• Utilize scripting (Python, PowerShell, or similar) to streamline repetitive network security tasks.

Incident Response & Forensics

• Lead or support network-focused incident response activities, such as DDoS mitigation, lateral movement analysis, or command-and-control detection.
• Conduct network packet capture (PCAP) analysis and assist in forensic investigations.
• Provide root cause analysis for network security incidents and drive remediation efforts.

Proactive Threat Hunting

• Conduct proactive network threat hunting using flow data, DNS logs, and IDS signatures.
• Work with Red, Blue, and Purple teams to identify gaps in network defenses and enhance detection capabilities.

Reporting & Governance

• Develop dashboards and reports for network security metrics and executive visibility.
• Support governance of network security across hybrid and cloud environments (Azure, AWS).
• Contribute to continuous improvement of security operations through knowledge sharing and documentation.

Required Qualifications

• Bachelor’s degree in Computer Science, Information Technology, Cyber Security, or a related field.
• Proven experience in a Network Security role.
• Experience with cloud-based virtual Palo Alto firewall management, upgrades, and configuration.
• Experience with Algosec firewall auditing platform.
• Develop dashboards and reports for network security metrics and executive visibility.
• Support governance of network security across hybrid and cloud environments (Azure, AWS).
• Contribute to continuous improvement of security operations through knowledge sharing and documentation.
• Strong knowledge of security frameworks, threat modelling, and incident response methodologies.
• Awareness of infrastructure and network security features like firewall rules, event IDs, logging/detection, and managing assets in manufacturing / OT environments.
• Experience of working with cloud security and insourced capabilities, as well as MSPs.

Preferred Qualifications

• Security certification is an advantage.
• Experience in using Microsoft Sentinel & Defender / Crowdstrike EDR / Wizz Cloud Security. 
• Demonstrate knowledge of change management principles. Relevant certifications (e.g., Certified Information Systems Security Professional CISSP, Certified Ethical Hacker CEH or CompTIA Security+, etc.)
  Excellent analytical and problem-solving skills.
• Strong communication skills and the ability to work collaboratively in a small team environment where we share capacity and effort.
• International/global experience is an advantage.

What awaits you at Astellas?

• Global collaboration: Become part of a connected global business of like-minded life science leaders, all dedicated to improving patients' lives worldwide.
• Real-world patient impact: Contribute to transformative therapies that reach patients around the world, knowing your work makes a difference every day.
• Relentless Innovation: Join a company at the forefront of scientific breakthroughs, where you'll have the opportunity to shape the future of healthcare.
• A Culture of Growth: Chart your own course within a supportive environment that values your contributions, champions your development, and empowers you to pursue your passions.

Our Organizational Values and Behaviors

Values: Innovation, Integrity and Impact sit at the heart of what we do.

Behaviors: We come together as ‘One Astellas’, working with courage and a sense of urgency. We are outcome focused and consistently take accountability for our personal contribution.