We believe it’s urgent to deliver medical solutions right now – even as we develop innovations for the future. We are passionate about transforming patients’ lives. We are courageous in both decision and action.
And we believe that good business means a better world.
That is why we come to work each day. We commit ourselves to scientific rigour, unassailable ethics, and access to medical innovations for all. We do this today to build a better tomorrow.
We are proud of who we are, what we do, and how we do it. We are many, working as one across functions, across companies, and across the world.
We are Roche.
Senior Security Engineer - Red Team
At Roche, we believe every employee makes a difference. We are passionate about transforming patients’ lives. We are fearless in both decision and action; we believe that good business means a better world.
Are you looking for a new, meaningful opportunity, to develop your skills as a Senior Security Engineer? Then this position as an Engineer, with a positive mindset might be the right one for you!
Roche launched its NAVIFY brand demonstrating its commitment to provide healthcare professionals with digital decision support solutions that transform patient care and therefore improve the life of patients. The existing portfolio will in the near future, evolve rapidly to include additional decision support applications and workflow products that address challenges faced by healthcare providers as well as research and development applications. Patient data security and privacy are of the highest priority for Roche.
In this context, Roche is constructing a very specialized team that builds and operates a cloud platform for its medical and clinical SaaS products. We develop this team to be responsible for tackling the cybersecurity, compliance, development and operations challenges of the healthcare industry while enabling high-velocity product development. The Red Team will be an integral part of this team and will continuously assess the vulnerabilities and compliance of critical platform components, collaborating directly with the Blue Team for an effective cyber defense strategy.
- Test the security posture of the platform and perform compliance assessments of cloud services and infrastructure
- Contribute to the development of penetration testing and incident response programs.
- Identify gaps in the hardening of applications and infrastructure and propose mitigation controls collaborating with the Blue Team.
- Develop in-depth threat models considering targeted attacks on services and infrastructure.
- Perform code and infrastructure design auditing for security flaws, as well as identify and handle security incidents and execute forensic tasks.
Who you are
You’re an engaged, positive person who wants to influence your own development. You’re urging for a challenge where you have the opportunity to pursue your interests across functions and geographies? Where your passion for technology and security will impact the lives of patients fighting cancer and many other disease areas in the future.
We search for a highly motivated self-starter and curiosity is what drives you. You embrace and value lean and agile principles to achieve positive outcomes. You are a great teammate with common sense and a good communicator that gets to the point quickly.
You have a university degree or equivalent in computer science, engineering or other related fields. Experience working in a multicultural environment and proven cultural awareness. Experience in the diagnostics and pharmaceutical industry or other highly regulated industries like finance or insurance seen as highly advantageous.
We are looking for someone with 10+ years experience and with strong communication skills.
Furthermore, you bring:
- Deep Experience with infiltrating testing and log centralization tools: SumoLogic or Splunk.
- Deep knowledge of IOCs (Indicators of Compromise) data correlation and meaningful alerting.
- Extensive experience in architecting, deploying and managing log centralization infrastructures.
- Experience handling security incident, threat intelligence and auditing code, features, and system designs.
- Knowledge of industry proven approached and standards: OWASP, NIST ISO27K, HITRUST, as well as healthcare regulations: HIPAA.
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status, veteran status, or disability status.
Are you interested in this position but have additional questions? Feel free to contact our Recruiting Team Switzerland +41 61 682 25 50
Roche is an equal opportunity employer.