We believe it’s urgent to deliver medical solutions right now – even as we develop innovations for the future. We are passionate about transforming patients’ lives. We are courageous in both decision and action.
And we believe that good business means a better world.
That is why we come to work each day. We commit ourselves to scientific rigour, unassailable ethics, and access to medical innovations for all. We do this today to build a better tomorrow.
We are proud of who we are, what we do, and how we do it. We are many, working as one across functions, across companies, and across the world.
We are Roche.
Senior Security Engineer - Blue Team
At Roche, we believe every employee makes a difference. We are passionate about transforming patients’ lives. We are fearless in both decision and action; we believe that good business means a better world.
Are you looking for a new, meaningful opportunity, to develop your skills as a Senior Security Engineer? Then this position as an engaged Engineer, with a positive mindset might be the right one for you!
Roche launched its NAVIFY brand, demonstrating its commitment to provide healthcare professionals with digital decision support solutions and transform patient care. The existing portfolio will in the near future, evolve rapidly to include additional decision support applications and workflow products that address challenges faced by healthcare providers as well as research and development applications. Patient data security and privacy are of the highest priority for Roche.
In this context, Roche is building a very specialized team that builds and operates a cloud platform for its medical and clinical SaaS products. This team will be responsible for tackling the cybersecurity, compliance, development and operations challenges of the healthcare industry while enabling high-velocity product development. The Senior Security Engineer - Blue Team will be an integral part of this team, building the most advanced cyber defenses for the platform and continuously improving them according to the Red Team’s assessments and the latest threats while in operation.
- Evaluate and propose innovative security tools and strategies to keep a cutting edge cyber defense strategy
- Orchestrate application and infrastructure defense mechanisms to increase prevention, detectability and containment capabilities
- Incorporate defense and hardening mechanisms by design balancing performance and usability
- Deploy mechanisms responding to incidents and adapting to emerging threats
- Develop an effective vulnerability management strategy in collaboration with the Red Team to prioritize patching and mitigation controls.
Who you are
You’re someone who wants to influence your own development. You’re looking for a challenge where you have the opportunity to pursue your interests across functions and geographies. Where your passion for technology and security will impact the lives of patients fighting cancer and many other disease areas in the future.
You are a highly motivated self-starter and curiosity is what drives you. You embrace and value lean and agile principles to achieve positive outcomes. We are seeking for a great teammate with common sense and a good communicator that gets to the point quickly.
You have a university degree or equivalent in computer science, engineering or other related fields. Experience working in a multicultural environment and proven cultural awareness is a plus. We search for someone with a background in the diagnostics and pharmaceutical industry or other highly regulated industries like finance or insurance.
We are looking for someone with 10+ years experience and with strong communication skills. Technically, you have an understanding of perimeter protection tools: AWS native components/tools, NIDS, Web Application and Network Firewalls. You are proficient in using cloud provisioning tools CloudFormation and Terraform.
Your deep knowledge of host protection includes file integrity, next-generation antivirus, host intrusion detection and white-listing, as well as host vulnerability management.
Additional, you have expertise in hardening and OS image generation automation. Configuration management tools like Ansible, Salt, Chef and Puppet are your common use. You know how to work with host forensic.
You know desirable various developing languages, like Shell scripting, Python, and Ruby.
Furthermore, you bring:
- Deep understanding of application security architecture, lifecycle and knowledge of OWASP standard.
- Experience with threat modeling and risk management, as well as deploying active defense mechanisms.
- Knowledge of code vulnerability management and translating compliance, privacy and security requirements into product features.
- A deep knowledge of networking and cloud security and an ability to use operating systems: required Linux, desirable Windows, and OSX.
- Extensive experience with AWS services and network communication protocols.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Are you interested in this position but have additional questions? Feel free to contact our Recruiting Team Switzerland +41 61 682 25 50
Roche is an equal opportunity employer.