Roche fosters diversity, equity and inclusion, representing the communities we serve. When dealing with healthcare on a global scale, diversity is an essential ingredient to success. We believe that inclusion is key to understanding people’s varied healthcare needs. Together, we embrace individuality and share a passion for exceptional care. Join Roche, where every voice matters.
We are seeking a highly skilled DevSecOps Security Engineer to join our team and play a pivotal role in ensuring the security of our applications and infrastructure.
As a DevSecOps Security Engineer, you will be responsible for:
Security Leadership:
Provide technical leadership and mentorship to team members, fostering a security-first culture.
Collaborate with security architects and teams to define and implement security strategies and best practices.
Stay up-to-date with emerging security threats and trends, and recommend appropriate countermeasures.
Embedded Security Tool Expertise:
Be a hands-on expert in embedded security tools, such as SonarQube, Mend, Sysdig, IriusRisk, Defect Dojo, and Dependency Track.
Configure, maintain, and optimize these tools to ensure effective security monitoring and analysis.
DevSecOps Integration:
Integrate security tools and processes into the DevSecOps pipeline, ensuring that security is considered throughout the development lifecycle.
Collaborate with DevOps teams to automate security testing and remediation activities.
Security Training and Awareness:
Develop and deliver security training programs to educate team members and stakeholders about security best practices and threats.
Promote a security-conscious culture within the organization.
Continuous Improvement:
Identify opportunities for improvement in security processes and tools.
Drive continuous improvement initiatives to enhance the organization's security posture.
Documentation and Reporting:
Maintain comprehensive documentation of security policies, procedures, and standards.
Prepare regular security reports and dashboards to inform stakeholders about the organization's security status.
Qualifications
Strong experience in DevSecOps methodologies and tools
Deep understanding of security principles, practices, and frameworks
Proficiency in security tools and technologies (e.g., vulnerability scanners, intrusion detection systems, encryption tools)
Experience with cloud platforms (e.g., AWS, Azure, GCP)
Excellent communication and collaboration skills
Preferred certifications: CISSP, CISM, CEH
Collaboration
Demonstrate excellent communication skills.
Collaborate with external offshore vendors team to increase the value delivery.
Collaborate with vendors like Mend, SonarQube, GitHub, or GitLab to renew or procure the permits/licenses, support etc.
Collaborate with security teams.
Driving alignment with Developer Platforms Product Line strategy
Understand and document the Developer Platforms Product Line leadership’s vision and requirements.
Build relationships with the appropriate customer Product Teams and stakeholders to understand their needs and requirements.
Identify the gaps in toolset needs from the customer Product Team to what Developer Platforms Product Line offers.
Define a vision for the Developer Platforms Product Line operating model and toolset service model.
Build a development, process, and strategy backlog (e.g., a formal backlog in JIRA) to achieve the Developer Platforms Product Line vision.
Share and obtain approval for Service Model recommendations.
Support delivery of the agreed-upon vision.
You will work in an agile, capacity-based model to continually prioritize project needs using traditional agile sprint reviews with Roche’s Developer Platforms Product Line leadership, to review progress and align on upcoming priorities.
At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we’ve become one of the world’s leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.
Roche is an Equal Opportunity Employer.