Senior Cybersecurity Analyst

Roche fosters diversity, equity and inclusion, representing the communities we serve. When dealing with healthcare on a global scale, diversity is an essential ingredient to success. We believe that inclusion is key to understanding people’s varied healthcare needs. Together, we embrace individuality and share a passion for exceptional care. Join Roche, where every voice matters.

The Position

Senior Cybersecurity Analyst

A healthier future. It’s what drives us to innovate. To continuously advance science and ensure everyone has access to the healthcare they need today and for generations to come. Creating a world where we all have more time with the people we love.  That’s what makes us Roche. 

The Opportunity

As a Senior Cybersecurity Analyst, you will be a critical and valued member of our Product Security team. You will work with vulnerability, security monitoring, incidents response, etc., for digital health and diagnostics to enable operational security for clouds and medical diagnostic products. You will leverage your cybersecurity experience to drive projects that will create unique and innovative security solutions for Roche for globally.

Responsibilities:

• Conduct vulnerability monitoring, vulnerability scanning and other security testing activities.

• Proactively identify flaws in Roche’s product security, assess patient safety and business risk, and advise product managers on remediation steps.

• Manage vulnerabilities at all technology layers, evaluating the criticality for an adequate prioritization and providing the most suitable remediation, working directly with the product teams as a trusted advisor.

• Analyze log files, alerts, binary data dumps, network packet captures and other artifacts/evidence to trace attack paths during incident response and provide forensic expertise to determine root cause of the breach.

• Gather Threat Intelligence to identify and prepare for cyber threats to Roche products and enhance security monitoring and breach detection.

• Drive security projects to develop and implement innovative security solutions.

Who You Are

• BS/MS degree in Business, Information Systems, Computer Science or a directly related discipline.

• A minimum of 5+ years of security or cybersecurity experience.

• Demonstrated experience in threat and vulnerability management, security testing, and incident response. 

• Demonstrated experience automating security controls (e.g. Shell scripting, Python, etc.).

• In-depth experience in managing information security and privacy risks and threat modeling.

• In-depth experience in system and cloud infrastructure hardening and monitoring.

• In-depth understanding of threat modeling, MITRE Attack, Kill Chain Analysis and other industry standard assessment methods

• In-depth specialist knowledge in one of the following or related fields:

  • Incident response and computer forensic analysis

  • Endpoint detection and response (EDR/XDR)

  • SIEM solutions administration and security monitoring

  • Network security and monitoring including Firewalls and IDS/IPS solutions

  • Threat Intelligence

• Understanding of applicable standards, laws and regulations, like ISO 27000 family, FDA Guidances, MDGC, HITRUST, GDPR, California Privacy Rights Act, and related. with experience in applying them in SOC environments

• Sound understanding of agile software development processes like Scrum or SAFe (Scaled Agile Framework) is highly preferred.

• Industry relevant certifications preferred: SANS GIAC (GCIH, GPEN, GCIA, GCFA and others), CEH, CISSP, CISA, CISM, LA ISO27001.

Relocation benefits are not available for this job position.

Who we are

At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we’ve become one of the world’s leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.

Roche Pharma Canada has its office in Mississauga, Ontario and employs over 850 employees. The Mississauga facility is bright, vibrant, fosters collaboration and teamwork, and is reflective of Roche's truly innovative culture.

As of January 4, 2022, Roche requires all new employees who work in Canada to be fully vaccinated against COVID-19 on the date they take office. This requirement is a condition of employment at Roche that applies regardless of whether the position is on a Roche campus or remotely. If you have a valid reason for not being fully immunized, which is limited to certain specific medical reasons or other valid reasons protected by applicable human rights laws, you may request an exemption and / or adaptation measures regarding this vaccination requirement.

Roche is an Equal Opportunity Employer.