Cybersecurity Analyst (Vulnerability Management)

Roche fosters diversity, equity and inclusion, representing the communities we serve. When dealing with healthcare on a global scale, diversity is an essential ingredient to success. We believe that inclusion is key to understanding people’s varied healthcare needs. Together, we embrace individuality and share a passion for exceptional care. Join Roche, where every voice matters.

The Position

Cybersecurity Analyst (Vulnerability Management)

A healthier future. It’s what drives us to innovate. To continuously advance science and ensure everyone has access to the healthcare they need today and for generations to come.Creating a world where we all have more time with the people we love.

That’s what makes us Roche.

The Cybersecurity - Vulnerability Management Team is part of Roche Global Information Security. Our mission is to safeguard Roche systems and information by prioritizing the resolution of identified IT security risks. We assess the urgency of deploying security updates for infrastructure components through risk ratings and maintain constant vigilance over Roche IT assets for known vulnerabilities.

Our team is dedicated to developing and implementing robust security controls, defenses, and countermeasures to prevent both internal and external attacks on company email, data, e-commerce, and web-based systems. As part of our commitment to staying ahead, our Vulnerability Management Team actively monitors specialized sources for emerging vulnerabilities or weaknesses that could potentially impact Roche.

We are seeking a skilled and experienced Cybersecurity Analyst with expertise in vulnerability management and web application security assessments to join our cybersecurity team. In this role, you will be responsible for keeping our networks and users safe from constantly evolving threats. As a Vulnerability Management Security Analyst, you will help protect proprietary information, patient data, keep computer systems and web applications secure, and provide a safe information environment for our users.

The Opportunity

• You are assessing company web applications using automated and manual tools.

• You are evaluating and prioritizing security issues submitted via a bug-bounty program.

• You are using enterprise vulnerability management tools to identify high-risk systems.

• You are communicating risk and collaborating with system owners and other teams to address security vulnerabilities.

• You are enhancing response capabilities for security vulnerabilities and incidents through tool building, scripting, and training.

• You are actively involved in security monitoring for a global environment.

Who you are

• You hold a Bachelor's degree (Information Technology and Information Security preferred).

• You have 3+ years of experience in the information security field.

• You demonstrate expertise in web application, network, and computer security, utilizing Vulnerability Scanning tools and utilizing/writing Splunk SPL.

• You have experience in attack surface management and a proven ability to analyze, triage, and escalate security vulnerabilities.

• You possess familiarity with various defensive and offensive security tool sets.

Preferred

• You have experience with cloud platforms and understanding security and controls.

• You hold certifications such as OSCP or similar.

• You have programming experience in scripting languages such as Python or PowerShell, and familiarity with JavaScript and mobile security.

• You have the ability to effectively communicate information security-related risks, concepts, and situations to a non-technical audience.

• You have experience working in a large, global, and complex environment.

Relocation benefits are not available for this posting

Who we are

At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we’ve become one of the world’s leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.

Roche Pharma Canada has its office in Mississauga, Ontario and employs over 850 employees. The Mississauga facility is bright, vibrant, fosters collaboration and teamwork, and is reflective of Roche's truly innovative culture.

As of January 4, 2022, Roche requires all new employees who work in Canada to be fully vaccinated against COVID-19 on the date they take office. This requirement is a condition of employment at Roche that applies regardless of whether the position is on a Roche campus or remotely. If you have a valid reason for not being fully immunized, which is limited to certain specific medical reasons or other valid reasons protected by applicable human rights laws, you may request an exemption and / or adaptation measures regarding this vaccination requirement.

Roche is an Equal Opportunity Employer.