Cybersecurity Analyst (Penetration Tester)

Roche fosters diversity, equity and inclusion, representing the communities we serve. When dealing with healthcare on a global scale, diversity is an essential ingredient to success. We believe that inclusion is key to understanding people’s varied healthcare needs. Together, we embrace individuality and share a passion for exceptional care. Join Roche, where every voice matters.

A healthier future. It’s what drives us to innovate. To continuously advance science and ensure everyone has access to the healthcare they need today and for generations to come. Creating a world where we all have more time with the people we love.

That’s what makes us Roche.

As a skilled and experienced Cybersecurity Analyst with strong expertise and experience in penetration testing, you will be responsible for conducting comprehensive internal security assessments, identifying vulnerabilities, and recommending remediation measures to protect our organization’s digital assets.

Your Opportunity:

• Perform penetration testing on web applications, networks, and systems to identify security vulnerabilities and weaknesses using both manual and automated tools
• Conduct in-depth analysis of security findings, prioritize risks, and provide detailed recommendations for remediation.
• Develop and execute penetration testing plans, methodologies, and tools in accordance with industry best practices and standards.
• Collaborate with cross-functional teams to implement security controls, mitigate risks, and enhance the overall security posture.
• Document and report security assessment findings, including vulnerabilities, exploitation techniques, and recommended countermeasures.
• Stay abreast of emerging threats, vulnerabilities, and security trends to proactively identify and address potential risks.
• Provide technical expertise and guidance to support incident response activities and security awareness training programs.
• Participating in security monitoring for existing and emerging vulnerabilities in a global environment.

Who you are:

• Possess a Bachelor’s degree in Computer Science, Information Technology, or related field; or at least four years of equivalent work experience.
• Have a certificate in Certified Information Systems Security Professional (CISSP), Offensive Security Certified Professional (OSCP), or other relevant certifications preferred.
• Have proven experience in performing penetration testing and vulnerability assessments across a variety of platforms, operating systems,web application frameworks, networks, and cloud environments. Mobile app experience is a plus. Proficient in using penetration testing tools such as Metasploit, Burp Suite, Nmap, and Kali Linux.
• Have a strong understanding of common security vulnerabilities and attack vectors, as well as mitigation strategies and best practices.
• Proficient with scripting or programming languages such as Python, Powershell/C#, Bash, and Java. Familiarity with assembly is a plus.
• Knowledge of and demonstrated ability to work within security frameworks and methodologies such as ATT&CK, OWASP, and NIST.
• Effective writing and communication skills, with the ability to clearly articulate technical findings and recommendations to both technical and non-technical stakeholders.

At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we’ve become one of the world’s leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.

Roche is an Equal Opportunity Employer.