Do you want to be part of an inclusive team that works to develop innovative therapies for patients? Every day, we are driven to develop and deliver innovative and effective new medicines to patients and physicians.  If you want to be part of this exciting work, you belong at Astellas! Astellas Pharma Inc. is a pharmaceutical company conducting business in more than 70 countries around the world. We are committed to turning innovative science into medical solutions that bring value and hope to patients and their families. Keeping our focus on addressing unmet medical needs and conducting our business with ethics and integrity enables us to improve the health of people throughout the world. For more information on Astellas, please visit our website at  www.astellas.com . Astellas’ Global Capability Centres (GCCs) are strategically located sites that give Astellas the ability to access talent across various functions in the value chain and to co-locate core capabilities that are currently dispersed. Our three GCCs are located in India, Poland and Mexico. The GCCs will enhance our operational efficiency, resilience and innovation potential, enabling a timely response to changing business demands. Our GCCs are an integral part of Astellas, guided by our shared values and behaviors, and are critical enablers of the company’s strategic priorities, sustainable growth, and commitment to turn innovative science into VALUE for patients **Purpose and Scope:** We are seeking a Cloud and Network Security Engineer to strengthen our cybersecurity posture across cloud and hybrid infrastructures supporting regulated pharmaceutical workloads. This role is responsible for implementing and managing cloud and network security controls, ensuring compliance with industry standards, and supporting secure connectivity and monitoring across the enterprise. The ideal candidate will have experience with cloud-native security tools, firewall technologies, and secure access platforms in highly regulated environments. **Responsibilities and Accountabilities:** + Architect and implement secure cloud environments (AWS, Azure) and hybrid networks. + Design and maintain network security controls, including segmentation, VPNs, firewalls, and zero-trust architectures. + Manage and monitor cloud security posture using tools such as CNAPP platforms to detect misconfigurations, vulnerabilities, and compliance risks. + Administer firewalls, enforce security policies, and optimize rule sets to protect on-prem and cloud workloads. + Support secure remote access and cloud application access using technologies such as Zscaler Internet Access (ZIA) and Private Access (ZPA). + Conduct vulnerability management activities and remediation coordination in alignment with compliance and risk management frameworks. + Develop and maintain security policies, standard operating procedures, runbooks, and network security diagrams. + Experience with AWS SCP policies and Azure Organization policies. + Participate in incident response efforts, risk assessments, and internal/external audits. + Collaborate with compliance, QA, DevOps, and infrastructure teams to ensure the security of regulated systems and data. **Required Qualifications:** + Strong proficiency in written and verbal English. + 5+ years of experience in network or cloud security engineering + Proven experience with securing cloud platforms (AWS, Azure), identity and access management, encryption, and secure configurations. + Strong knowledge of networking solutions (Cloud and Traditional), standards, and best practices. + Demonstrated experience in designing, implementing, and maintaining complex network infrastructure. + Strong working knowledge of network technologies, including firewalls, VPNs, and intrusion detection/prevention systems. **Preferred Qualifications:** + Experience with Wiz CNAPP for cloud security posture management, vulnerability detection, and compliance monitoring. + Hands-on experience with Palo Alto firewalls and Panorama for rule-based and threat prevention management. + Experience with Zscaler (ZIA/ZPA) for secure remote and SaaS access. + Security certifications such as CISSP, CCSP, AWS Security Specialty, Azure Security Engineer, or equivalent. + Proficiency with scripting languages (Python, PowerShell) and infrastructure-as-code tools (Terraform, Ansible). + Experience integrating security controls with SIEM, SOAR, and ticketing platforms (e.g., ServiceNow, Sentinel). Category Astellas is committed to equality of opportunity in all aspects of employment. EOE including Disability/Protected Veterans