Senior Expert - Vulnerability Management & Defensive Analytics

Would you like to combine the opportunities provided by a global company with the benefits of a family-owned business? Headquartered in Lachen near Zurich, Switzerland, the Octapharma Group is a leading company in the worldwide market for therapeutic human proteins. Working at Octapharma means having an opportunity to contribute to our common goal – developing lifesaving therapies to improve patients’ lives.

We are seeking a highly skilled and motivated Senior Expert in Vulnerability Management & Defensive Analytics to join our growing Cyber security team. This individual will take ownership of our enterprise vulnerability management program and lead efforts in the development of advanced threat detection and defensive analytics capabilities.
You will play a critical role in proactively identifying and mitigating security risks, ensuring the resilience of our global IT systems, and driving cyber maturity across the business.

What's the best thing about working with us?

• You help save lives - Every day is meaningful as we produce life-saving medicines
• Family values - Long-term perspective for employees and relationships
• Be rewarded with market-related salary and benefits package
• You will have a high level of influence where you can make a difference and leave your footprint
• Work with skilled and fun colleagues in a relatively informal organization
• Skills development - We offer various internal and external employee and leadership trainings, trainee programs and digital solutions

What will you be doing as Senior Expert – Vulnerability Management & Defensive Analytics? 

• Lead the Vulnerability Management Program: Drive vulnerability discovery, analysis, prioritization, remediation tracking, and reporting across Octapharma’s infrastructure and applications.
• Defensive Analytics & Threat Detection: Develop and tune detection use cases, threat models, and behavior-based analytics using SIEM, EDR, and other telemetry sources.
• Security Posture Improvement: Collaborate with infrastructure, development, and business teams to guide remediation, hardening and risk-reduction efforts.
• Threat & Risk Prioritization: Analyze vulnerability data in the context of threat intelligence, exploitability, asset criticality, and business risk.
• Automation & Efficiency: Integrate vulnerability data sources and analytics platforms with security automation and orchestration tools.
• Leadership & Mentorship: Provide guidance to junior analysts and act as a subject matter expert in defensive cyber operations.
• Metrics & Reporting: Define KPIs and produce executive-level dashboards to demonstrate program effectiveness and drive accountability

Who are you?

• University Degree in Information Security, IT or equivalent
• Desirable: Relevant security certifications such as from ISC2, ISACA, CREST CCTIM or CCIM, SANS and Vendor Certifications.
• 8+ years of professional work experience in IT with relevant roles such as systems developer, network engineering and operations, or security engineering.
• 3+ years of experience in vulnerability management, preferably in organizations which have manufacturing business operations.
• Strong knowledge of vulnerability scanning tools (e.g., Tenable, Qualys, Nexpose) and enterprise remediation workflows.
• Familiarity with MITRE ATT&CK framework, CVSS scoring, and threat modeling.
• Hands-on experience in scripting or automation (e.g., Python, PowerShell) to streamline detection and analysis tasks.
• Strong understanding of Windows, Linux, and network infrastructure vulnerabilities.
• Support Multiple environments: Apply vulnerability management and threat analysis skills across diverse and interconnected environments, including corporate IT, Cloud, and Operational Technology (OT), to ensure comprehensive risk visibility.
• Framework-Guided Hardening: Experience in using industry security benchmarks (such as CIS or NIST) as a reference to help measure security posture and contribute to the development of hardening standards that align with business risks.
• Excellent analytical and communication skills, with the ability to present technical findings to diverse audiences.
• Experience in highly regulated industries (e.g., pharmaceutical, healthcare).
• Exposure to cloud security (AWS, Azure), and container security practices.

The IT Department

You will report directly to the Group Director Information Security.
The Security team is responsible for the design and implementation of Octapharma’s group security strategy and program. As a privately owned company, we benefit from a stable organizational structure and a long-term strategic vision. This allows us to implement a security program that is genuinely focused on generating business value while protecting Octapharma.
Within our team, you’ll have the opportunity to engage in hands-on work, collaborate closely with internal IT teams and external partners, and develop strong business acumen through cross-functional initiatives.

"There isn't a more key role in Cyber that can orchestrate, conduct and derive a positive security effect from our various System Owners across the globe. In this role, the successful candidate can look forward to coaching the best Cyber performance out of teams."
- Richard Kearney, Group Director Information Security

Apply Today!

Please apply in English. If you have questions about the position, contact Ms. Claudia Vignau, Senior Expert Talent & Acquisition; +41 55 451 21 35.

If you proceed in the process

• We will endeavor to review your profile as quickly as possible and provide you with feedback
• The next step is to conduct a phone interview, which takes about 30 minutes.

Would you like to get to know us better? Learn more about us on our  website and follow us daily on LinkedIn!