isecjobs.com

DevSecOps Security Engineer - Embedded Security and Compliance

Pune DIA

Full Time USD 97K - 181K *
Roche logo

Roche

As a pioneer in healthcare, we have been committed to improving lives since the company was founded in 1896 in Basel, Switzerland. Today, Roche creates innovative medicines and diagnostic tests that help millions of patients globally.

View all jobs at Roche

Apply now Apply later

Roche fosters diversity, equity and inclusion, representing the communities we serve. When dealing with healthcare on a global scale, diversity is an essential ingredient to success. We believe that inclusion is key to understanding people’s varied healthcare needs. Together, we embrace individuality and share a passion for exceptional care. Join Roche, where every voice matters.

The Position

We are seeking a highly skilled DevSecOps Security Engineer to join our team and play a pivotal role in ensuring the security of our applications and infrastructure. You join the Product Development, Integration and Engineering Chapter, a global team of technical profiles, including Cloud DevOps Engineers, located around the world who are involved in various projects for all Roche divisions. The variety of the technical profiles in the Chapter allows you to grow and get support from virtually any technical angle. As a chapter member, you are assigned a durable  product team, part of a product line that is focusing on supporting the business.
 

The Developer Platforms Product Line has been established to support the software development lifecycle across Roche with an experienced team and a tools library that allow Roche Product Teams to leverage industry best practices and Roche’s enterprise platforms for their DevSecOps needs.


For this position which is designed to be assigned to the Embedded Security and Compliance Product, your focus will be on security, quality and compliance, but we expect the versatility of the common skill set of DevOps & Cloud Engineers as well.
 

You will be :


As a DevSecOps Security Engineer, you will be responsible for:

Security Leadership:

  • Provide technical leadership and mentorship to team members, fostering a security-first culture.Collaborate with security architects and teams to define and implement security strategies and best practices. Stay up-to-date with emerging security threats and trends, and recommend appropriate countermeasures.

Embedded Security Tool Expertise:

  • Be a hands-on expert in embedded security tools, such as SonarQube, Mend, Sysdig, IriusRisk, Defect Dojo, and Dependency Track. Configure, maintain, and optimize these tools to ensure effective security monitoring and analysis.
     

DevSecOps Integration:

  • Integrate security tools and processes into the DevSecOps pipeline, ensuring that security is considered throughout the development lifecycle. Collaborate with DevOps teams to automate security testing and remediation activities.
     

Security Training and Awareness:

  • Develop and deliver security training programs to educate team members and stakeholders about security best practices and threats.Promote a security-conscious culture within the organization.
     

Continuous Improvement:

  • Identify opportunities for improvement in security processes and tools.Drive continuous improvement initiatives to enhance the organization's security posture.
     

Documentation and Reporting:

  • Maintain comprehensive documentation of security policies, procedures, and standards. Prepare regular security reports and dashboards to inform stakeholders about the organization's security status.

Who you are :

  • Strong experience in DevSecOps methodologies and tools

  • Deep understanding of security principles, practices, and frameworks

  • Proficiency in security tools and technologies (e.g., vulnerability scanners, intrusion detection systems, encryption tools)

  • Experience with cloud platforms (e.g., AWS, Azure, GCP). Excellent communication and collaboration skills. Preferred certifications: CISSP, CISM, CEH
    Collaboration : Demonstrate excellent communication skills Collaborate with external offshore vendors team to increase the value delivery. Collaborate with vendors like Mend, SonarQube, GitHub, or GitLab to renew or procure the permits/licenses, support etc. Collaborate with security teams.Driving alignment with Developer Platforms Product Line strategy

  • Understand and document the Developer Platforms Product Line leadership’s vision and requirements. Build relationships with the appropriate customer Product Teams and stakeholders to understand their needs and requirements. Identify the gaps in toolset needs from the customer Product Team to what Developer Platforms Product Line offers. Define a vision for the Developer Platforms Product Line operating model and toolset service model.

  • Build a development, process, and strategy backlog (e.g., a formal backlog in JIRA) to achieve the Developer Platforms Product Line vision. Share and obtain approval for Service Model recommendations. Support delivery of the agreed-upon vision.

 

You will work in an agile, capacity-based model to continually prioritize project needs using traditional agile sprint reviews with Roche’s Developer Platforms Product Line leadership, to review progress and align on upcoming priorities.

Who we are

At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we’ve become one of the world’s leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.

Roche is an Equal Opportunity Employer.

Apply now Apply later
  • Share this job via
  • 𝕏
  • or

* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰

Job stats:  1  0  0
Categories: Compliance Jobs DevSecOps Jobs Security Engineering Jobs

Tags: Agile AWS Azure CEH CISM CISSP Cloud Compliance DevOps DevSecOps Encryption GCP GitHub GitLab Intrusion detection Jira Monitoring SDLC SonarQube Strategy

More jobs like this

« Back to job search To the top ↑

Explore more career opportunities

Find even more open roles below ordered by popularity of job title or skills/products/technologies used.

Security Operations Engineer jobsPenetration Tester jobsSenior Cybersecurity Engineer jobsSenior Cyber Security Engineer jobsInformation Security Officer jobsInformation Systems Security Officer jobsPrincipal Security Engineer jobsCloud Security Architect jobsSenior Network Security Engineer jobsInformation System Security Officer jobsChief Information Security Officer jobsSenior Penetration Tester jobsStaff Security Engineer jobsSecurity Specialist jobsSecurity Consultant jobsCyber Security Specialist jobsIT Security Engineer jobsSenior Information Security Analyst jobsCyber Security Architect jobsSecurity Operations Analyst jobsSenior Product Security Engineer jobsInformation System Security Officer (ISSO) jobsCybersecurity Consultant jobsThreat Intelligence Analyst jobsSenior Information Security Engineer jobs
SaaS jobsSDLC jobsMalware jobsEncryption jobsRMF jobsForensics jobsSQL jobsGDPR jobsIPS jobsSplunk jobsIDS jobsTop Secret jobsEDR jobsTerraform jobsFinance jobsDoDD 8570 jobsBash jobsITIL jobsOWASP jobsUNIX jobsCRISC jobsGIAC jobsDocker jobsIntrusion detection jobsCompTIA jobs
TCP/IP jobsThreat detection jobsBanking jobsActive Directory jobsData Analytics jobsSANS jobsPolygraph jobsCCSP jobsOSCP jobsClearance Required jobsVPN jobsCyber defense jobsAnsible jobsSOC 2 jobsIT infrastructure jobsJavaScript jobsSOAR jobsDNS jobsSOX jobsJira jobsGCIH jobsSecurity strategy jobsNIST 800-53 jobsOracle jobsCryptography jobs