Cloud Security Engineer

Roche fosters diversity, equity and inclusion, representing the communities we serve. When dealing with healthcare on a global scale, diversity is an essential ingredient to success. We believe that inclusion is key to understanding people’s varied healthcare needs. Together, we embrace individuality and share a passion for exceptional care. Join Roche, where every voice matters.

The Position

Key responsibilities:

• Collaborate with the team to enhance the security features and engineering capabilities of the Roche Cloud Platform, including automated deployment pipelines, secure controls, and abstraction layers to facilitate Cloud adoption.

• Utilize coding skills to implement automated security solutions and reduce manual operations.

• Participate in all stages of the software development lifecycle, from gathering requirements and discussing with the Product Owner/Customer to implementing and deploying security features using CI/CD.

• Serve as a security consultant and advocate for the Roche Cloud Platform.

• Contribute to software security architecture and provide insights for propositions, product designs, and service enhancements.

• Apply standard security frameworks for gap analysis and collaborate with the platform team and customers for resolution.

• Work with engineering teams to enhance security across the platform.

• Engage with the broader Security teams to continuously improve data protection within the platform.

• Assist the team in making decisions regarding technologies, development patterns, automation frameworks, and new approaches to enhance security adoption in the future.

• Let me know if there's anything else you need assistance with!

What you bring:

Required qualifications (Cloud, Security and Development):

• A minimum of one year of experience in security and cloud computing

• Practical experience with fundamental AWS cloud services such as networking, storage, database, and computing.

• Understanding of AWS security architecture design and the capability to develop reference implementations.

• Demonstrated hands-on experience in creating and implementing security features at a large scale in multi-tenant platforms using AWS native security services like GuardDuty, Security Hub, etc.

• Understanding of the software development lifecycle, including CI/CD for deploying security mechanisms.

• Proficiency in Git, Terraform, and Python, and familiarity with Jenkins and Rundeck.

• Excellent collaboration skills and the ability to collaborate with engineering teams to improve security practices.

• Problem-solving and decision-making skills.

• Experience with agile methodologies.

Nice to have:

• Familiarity with other clouds like GCP, Azure or Alicloud. 

• Experience in data analysis and using insights to drive decision-making.

• Experience in reviewing code for quality and security compliance.

• Experience in performing penetration testing activities.

• Experience developing infrastructure as code that is fully tested: unit/functional/smoke tests using inspec/pytest or similar tooling.

Mindset:

• Engineering skill set that is focused on security first philosophy.

• Passionate about Cloud Security and development.

• Inquisitive personality that’s curious and has a keen interest in learning and improving.

• Highly motivated and proactive individual that looks for identifying ways of improvement and proposing new ideas.

Who we are

At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we’ve become one of the world’s leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.

Roche is an Equal Opportunity Employer.