Cybersecurity Analyst

Job Description

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Position

Roche's expanding digital product portfolio demonstrates its commitment to provide healthcare professionals, laboratories, and patients with digital and digitally-enabled solutions that transform patient care. The existing product portfolio includes decision support systems, data management solutions, and workflow solutions. At the center of these diverse types of solutions is always patient data security and privacy as the highest priority for Roche.

In this context, Roche has built a global team that builds, secures, and operates infrastructure platforms (cloud and on-prem) for its digital products. This team is working with a high freedom to operate in a self-organized setup and is responsible for tackling the cybersecurity, compliance, and infrastructure challenges of the healthcare industry while enabling high-velocity product development.

In the position of Senior DevSecOps Engineer you will join the Digital Products and Enablement domain, CoDE Cybersecurity product

As a Security Engineer with good experience in monitoring and improving DevSecOps tools and processes, you will automate routine tasks and improve system reliability.

You will also play a critical role in providing technical support for day-to-day security operations, security tool integration, automation support, change management and business continuity programs.

As the Senior DevSecOps Engineer, you will:

- Evaluate, select, design and configure security infrastructure systems in a global environment.

- Identify, integrate, monitor and improve infosec controls by understanding business processes.

- Assist with complex projects and automation of day to day security operations to improve SLA

- Automate Incident response process using open source or industry standard tools and frameworks

- Roll-out of new cross-cutting technologies - container clusters and service mesh, secrets management, monitoring and logging solutions.

- Spend time with security ensuring that their needs are built into automated guardrails for developer resources

- Own and ensure that internal and external SLA's meet and exceed expectations, Security Engineering centric KPIs are continuously monitored and improved.

- Participate in on-call rotation to provide infrastructure support, incident management, and troubleshooting.

Ideally this position will be located in Pune (India).

You're looking for a challenge where you have the opportunity to pursue your interests across functions and geographies. Where your passion for technology, delivery, reliability, and operational excellence will impact the lives of patients fighting cancer and many other disease areas in the future.

You have a University degree in computer science, engineering, or other related fields, or equivalent experience. You bring experience working in a multicultural environment and proven cultural awareness.

You have moderate experience with automation in CI/CD tools, methods and processes, including development of multi-environment pipelines (e.g., Gitlab, Github, AWS CodePipeline), Feature toggles, and Containerization/Orchestration, including Docker & Kubernetes.

And you have a strong understanding of key security concepts like WAF, Application security, network security and Identity access management.

Job-related Experience

- 3+ years related technical experience in Platform Security Architecture or Engineering

- 5+ years of related work experience in cloud platforms: AWS (preferred)/Azure/GCP

- 3+ years experience in industry standard tools & Frameworks like, Splunk, Tenable, Mitre Att&ck etc

- Design, implement, support and evaluate security-focused tools, vulnerability management tools and services (cloud security services) and cloud agnostic ones

- Conduct periodic Vulnerability assessment. Participate in incident handling and other related duties to support the information security function.

- Demonstrated experience in one or more programming languages (preferably Java or Python)

- Experience with SOAR platform to automate security operations

Furthermore, you bring:

- Very good interpersonal skills, a team player attitude and mindset, and you like bringing others up to speed on technology

- Demonstrated ability to adapt to new technologies and learn quickly

- Effective at engaging with teams in various functions and across different levels

- Strong organizational skills and ability to prioritize and manage multiple projects simultaneously

- You have experience with automation for infrastructure deploy/manage - terraform, cloudformation, resource manager or similar

- Industry recognized certifications provided by GIAC, ISACA, ISC2

- Cloud Security Certifications like AWS Certified Security Specialty are preferred.

- Healthcare software experience preferred

- Experience with clinical workflow solutions or in a clinical environment is a plus.

Roche embraces diversity and equal opportunity in a serious way. We are committed to building a team that represents a variety of backgrounds, perspectives, and skills. The more inclusive we are, the better our work will be.

Who we are

A healthier future drives us to innovate. Together, more than 100'000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let's build a healthier future, together.

Roche is an Equal Opportunity Employer.