Roche fosters diversity, equity and inclusion, representing the communities we serve. When dealing with healthcare on a global scale, diversity is an essential ingredient to success. We believe that inclusion is key to understanding people's varied healthcare needs. Together, we embrace individuality and share a passion for exceptional care. Join Roche, where every voice matters.
The Position
We are seeking a highly skilled DevSecOps Security Engineer to join our team and play a pivotal role in ensuring the security of our applications and infrastructure. You join the Product Development, Integration and Engineering Chapter, a global team of technical profiles, including Cloud DevOps Engineers, located around the world who are involved in various projects for all Roche divisions. The variety of the technical profiles in the Chapter allows you to grow and get support from virtually any technical angle. As a chapter member, you are assigned a durable product team, part of a product line that is focusing on supporting the business.
The Developer Platforms Product Line has been established to support the software development lifecycle across Roche with an experienced team and a tools library that allow Roche Product Teams to leverage industry best practices and Roche's enterprise platforms for their DevSecOps needs.
For this position which is designed to be assigned to the Embedded Security and Compliance Product, your focus will be on security, quality and compliance, but we expect the versatility of the common skill set of DevOps & Cloud Engineers as well.
You will be :
As a DevSecOps Security Engineer, you will be responsible for:
Security Leadership:
Provide technical leadership and mentorship to team members, fostering a security-first culture.Collaborate with security architects and teams to define and implement security strategies and best practices. Stay up-to-date with emerging security threats and trends, and recommend appropriate countermeasures.
Embedded Security Tool Expertise:
Be a hands-on expert in embedded security tools, such as SonarQube, Mend, Sysdig, IriusRisk, Defect Dojo, and Dependency Track. Configure, maintain, and optimize these tools to ensure effective security monitoring and analysis.
DevSecOps Integration:
Integrate security tools and processes into the DevSecOps pipeline, ensuring that security is considered throughout the development lifecycle. Collaborate with DevOps teams to automate security testing and remediation activities.
Security Training and Awareness:
Develop and deliver security training programs to educate team members and stakeholders about security best practices and threats.Promote a security-conscious culture within the organization.
Continuous Improvement:
Identify opportunities for improvement in security processes and tools.Drive continuous improvement initiatives to enhance the organization's security posture.
Documentation and Reporting:
Maintain comprehensive documentation of security policies, procedures, and standards. Prepare regular security reports and dashboards to inform stakeholders about the organization's security status.
Who you are :
Strong experience in DevSecOps methodologies and tools
Deep understanding of security principles, practices, and frameworks
Proficiency in security tools and technologies (e.g., vulnerability scanners, intrusion detection systems, encryption tools)
Experience with cloud platforms (e.g., AWS, Azure, GCP). Excellent communication and collaboration skills. Preferred certifications: CISSP, CISM, CEH
Collaboration : Demonstrate excellent communication skills Collaborate with external offshore vendors team to increase the value delivery. Collaborate with vendors like Mend, SonarQube, GitHub, or GitLab to renew or procure the permits/licenses, support etc. Collaborate with security teams.Driving alignment with Developer Platforms Product Line strategy
Understand and document the Developer Platforms Product Line leadership's vision and requirements. Build relationships with the appropriate customer Product Teams and stakeholders to understand their needs and requirements. Identify the gaps in toolset needs from the customer Product Team to what Developer Platforms Product Line offers. Define a vision for the Developer Platforms Product Line operating model and toolset service model.
Build a development, process, and strategy backlog (e.g., a formal backlog in JIRA) to achieve the Developer Platforms Product Line vision. Share and obtain approval for Service Model recommendations. Support delivery of the agreed-upon vision.
You will work in an agile, capacity-based model to continually prioritize project needs using traditional agile sprint reviews with Roche's Developer Platforms Product Line leadership, to review progress and align on upcoming priorities.
Who we are
At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we've become one of the world's leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.
Roche is an Equal Opportunity Employer.
