Security Analyst (Vulnerability Management)

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections,  where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Position

The Global Security Monitoring and Incident Response (MIR) team at Roche strives to keep our networks and users safe from constantly evolving threats.  You drive the strategic direction and execution of penetration testing initiatives.  Leveraging your deep understanding of security assessments and the vulnerability management landscape, you will define and prioritize penetration testing activities as a Product Owner. Your expertise will ensure the ongoing safety of our networks, users, proprietary information, patient data, and computer systems and web applications against evolving threats.

Responsibilities:

• Define and prioritize penetration testing activities and requirements, acting as the Product Owner within an agile framework.

• Leverage your penetration testing expertise to inform the evaluation and prioritization of security issues identified through testing and bug bounty programs.

• Utilize enterprise vulnerability management tools in conjunction with penetration testing insights to pinpoint high-risk systems.

• Communicate identified risks effectively and collaborate with system owners and other teams to develop and track vulnerability mitigation plans.

• Enhance security vulnerability and incident response capabilities, informed by penetration testing outcomes.

• Contribute to security monitoring efforts within a global environment.

Minimum Qualifications:

• Associate’s degree in a relevant field or 5+ years of experience in information security with a strong foundation in penetration testing principles and methodologies.

• Proven understanding of web application, network, and computer security assessment concepts.

• Experience working within agile methodologies, with a demonstrated aptitude for product ownership or similar strategic roles.

Preferred Qualifications:

• Web application, network, and computer security assessments

• Attack surface management experience

• Cloud security assessment experience

• Programming experience (e.g. Python, Node.js, JavaScript)

• Demonstrated ability to analyze, triage, and escalate security vulnerabilities

• Familiarity with various defensive and offensive security tool sets

• Relevant Offensive security certifications such as OSCP and eCPPT.

• Familiarity with mobile security is a plus

• Experience working in a large, global, and complex environment

• Ability to communicate information security related risks, concepts, and situations to a technical and non-technical audience

• A passion for the field of computer and network security, with awareness of current penetration testing trends.

• Fluent English, other languages are a plus

A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let’s build a healthier future, together.

Roche is an Equal Opportunity Employer.