Job Description

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Position

Let’s build a healthier future, together.
By combining our unique strengths, we’re redefining healthcare through sustainable action and innovation. Discover what it’s like to work at Roche.

The Opportunity

The Global Security Monitoring and Incident Response (MIR) team at Roche strives to keep our networks and users safe from constantly evolving threats. As a Security Engineer on the Vulnerability and Exposure Management Team, you will help protect sensitive data and defend computer systems and web applications from existing and emerging threats. You will not just be managing scanner output. You will help manage and reduce existing risks, assess and evaluate the weaponization of emerging risks, and act as a core builder of our future capabilities.

Responsibilities

• Triage, investigate, and respond to critical vulnerabilities affecting Roche

• Evaluate and prioritize vulnerabilities found through our tools, including our bug-bounty program

• Research emerging vulnerabilities and develop methods to confirm exploitability against our attack surface

• Communicate risk and work with system owners and other stakeholders to mitigate security vulnerabilities

• Assess company systems and web applications using both automated and manual tools

• Maintain, improve, and engineer our scanning, detection, and automation solutions

• Participating in security monitoring for a global environment

Who you are

• Associate degree in relevant field or 5+ years in information security and fluent English.

• Programming experience (Python, Node.js, JavaScript) and ability to write custom detection logic, scripts, and templates

• Demonstrated ability to triage, analyze, and escalate vulnerabilities; experience validating vulnerabilities and basic exploit development in large global environments

• Focus on web application, network, and computer security; cloud security experience; familiarity with attack surface management and AI-assisted development tools

• Strong communication skills explaining complex risks to non-technical audiences; comfort balancing operational tasks with research; passion for security

• Industry certifications in offensive security (OSCP, GWAPT, OSWE); open-source security project contributions

Relocation benefits are not available for this job posting.

Who we are

A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let’s build a healthier future, together.

Roche is an Equal Opportunity Employer.