Roche fosters diversity, equity and inclusion, representing the communities we serve. When dealing with healthcare on a global scale, diversity is an essential ingredient to success. We believe that inclusion is key to understanding people's varied healthcare needs. Together, we embrace individuality and share a passion for exceptional care. Join Roche, where every voice matters.
The Position
Cyber Security Expert
A healthier future. It's what drives us to innovate. To continuously advance science and ensure everyone has access to the healthcare they need today and for generations to come. Creating a world where we all have more time with the people we love.
That's what makes us Roche.
As a Cyber Security Expert, you will be part of the Roche Information Solutions Product Security and Privacy Operations (RIS PSOP), Product Support team.
We are seeking a highly motivated professional with experience in Security and Privacy to join our dynamic team. As a PSPO Product Support, you will be working directly with product development teams playing an essential role in establishing and implementing cyber defense controls to protect sensitive data in medical devices and decision support DIA products.
Your opportunities
Analyze and implement security and privacy patterns and standards for Roche medical devices and decision support products in the cloud and on-premises during all product development stages.
Contribute to the development, implementation and maintenance of product security and privacy risk control measures commensurate with changes in technology, regulations and customer needs.
Support security incident response and forensic activities working directly with the Roche Cyber Defense teams.
Integrate and manage SAST and DAST tools to the CI/CD pipelines.
Manage vulnerabilities at all technology layers during pre and post market.
Evangelize security and privacy, developing security skills and knowledge across departments involved in the product development and operations activities.
Generate security and privacy related documentation with high quality for internal and external compliance
Conduct planning and execution of 3rd party review activities (Verification & Validation) related to security and software architecture.
Who you are
Hold a Degree in Business, Information Systems, Computer Science or a relevant area of study
Have at least 5 years of related work experience in Security Engineering, security hardening, including work experience with SDLC (Software Development Life Cycle) and cloud environments (preferred experience in AWS cloud provisioning tools), application security and OWASP framework, and experience with vulnerability management.
Have experience working with Developers and DevOps Engineers and have demonstrated soft skills: problem solving, leadership, communication, teamwork, flexibility and adaptability.
Have experience supporting security and/or privacy audits
Possess in-depth experience in analyzing product threat landscape, threat modeling and defining adequate security and data privacy controls to mitigate risks
Possess the following certifications are a plus: SANS GIAC (GCIH, GPEN, GCIA, GCFA and others) , CEH, CISSP, CSSP, CISA, CISM, ISO27001 Lead Auditor.
As this position is a global role, international business travel will be required depending upon the business location of the successful candidate and ongoing business project activities.
Who we are
At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we've become one of the world's leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.
Roche is an Equal Opportunity Employer.
