• Job Description

  Req#: 202408-120292

  Roche fosters diversity, equity and inclusion, representing the communities we serve. When dealing with healthcare on a global scale, diversity is an essential ingredient to success. We believe that inclusion is key to understanding people’s varied healthcare needs. Together, we embrace individuality and share a passion for exceptional care. Join Roche, where every voice matters.

  The Position

  Always innovating, we bring together dedicated people and diverse perspectives from across our global network, empowering each other to keep breaking new ground.

  Roche’s expanding digital product portfolio demonstrates its commitment to provide healthcare professionals, laboratories, and patients with digital and digitally-enabled solutions that transform patient care. The existing product portfolio includes decision support systems, data management solutions, and workflow solutions. At the center of these diverse types of solutions is always patient data security and privacy as the highest priority for Roche.

  In this context, Roche has built a global team that builds, secures, and operates infrastructure platforms (cloud and on-prem) for its digital products. This team is working with a high freedom to operate in a self-organized setup and is responsible for tackling the cybersecurity, compliance, and infrastructure challenges of the healthcare industry while enabling high-velocity product development.

  In the position of a senior security engineer you will join the security team in the CODE (Centre of Digital Enablement) product line in Informatics supporting the Digital Products and Enablement domain.

  As the senior you create and analyze security policies and procedures to determine weakness in infrastructure security and complete a thorough audit of existing measures.

  The Opportunity:

  You conduct technical analysis and triage based on triggered alerts to determine the severity, impact, scope and corresponding response actions. You anticipate data breaches by ethically hacking into the company's secure systems while determining future flaws and their prevention.

  • Utilize security tools to improve company's security posture and roactively search for Threats to prevent or minimize Cybersecurity attacks.

  • Monitor network traffic as an intrusion prevention specialist to detect possible threats and respond to threats immediately as they occur

  • Understand reverse engineering to have a thorough knowledge of malware analyzation and bug patching on various software platforms

  • Minimize negative impact of security breach by shifting security measures for future prevention and creating information assurance and firewalls

  • Analyze logs from SIEM and create meaningful alerts and dashboards

  • Have an understanding of inner Kubernetes workings (networking and storage stack, pod scheduling, kubernetes attack vectors)

  • In-depth understanding of the Linux operating system and how it interacts with container runtimes

  • Participate in on-call rotation to provide infrastructure support, incident management, and troubleshooting.

  Who you are

  You have experience with implementing MITRE ATT&CK framework using SOAR tools required. You have a strong shift left and security first mindset and you demonstrated knowledge of cloud security on leading cloud providers.

  • Minimum 8 years of related experience with an minimum Bachelors degree in computer science or related field. CISSP, GCIH, CISA, CISM, or other industry certifications preferred.

  • Strong Knowledge of host level forensic

  • Ensuring that the needs of security are built into automated guardrails for developer resources

  • Experience creating meaningful alerts to detect security incidents.

  • Basic Understanding of perimeter protection tools: AWS native components/tools, NIDS, Web Application and Network Firewalls.

  • Knowledge of shell scripting, Python (desirable)

  • Have an understanding of inner Kubernetes workings (networking and storage stack, pod scheduling, kubernetes attack vectors)

  • Basic knowledge of operating systems: required Linux and docker fundamentals

  • Knowledge of OWASP standard.

  • Understanding of host protection concepts like file integrity, next-generation antivirus, host intrusion detection, whitelisting.

  Relocation benefits are not available for this job posting.

  Who we are

  At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we’ve become one of the world’s leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.

  Roche Pharma Canada has its office in Mississauga, Ontario and employs over 850 employees. The Mississauga facility is bright, vibrant, fosters collaboration and teamwork, and is reflective of Roche's truly innovative culture.

  As of January 4, 2022, Roche requires all new employees who work in Canada to be fully vaccinated against COVID-19 on the date they take office. This requirement is a condition of employment at Roche that applies regardless of whether the position is on a Roche campus or remotely. If you have a valid reason for not being fully immunized, which is limited to certain specific medical reasons or other valid reasons protected by applicable human rights laws, you may request an exemption and / or adaptation measures regarding this vaccination requirement.

  Roche is an Equal Opportunity Employer.

• About the company

  606018 F. Hoffmann-La Roche AG is a Swiss multinational healthcare company that operates worldwide under two divisions: Pharmaceuticals and Diagnostics.

Notice