Security Analyst (Vulnerability Management)

As a member of the Global Security Monitoring and Incident Response (MIR) team at Roche, you will play a crucial role in ensuring the safety of our networks and users from evolving threats. Your expertise in penetration testing will be instrumental in defining and prioritizing security activities to safeguard our proprietary information, patient data, and computer systems. Here is a summary of the key responsibilities and qualifications for the position: Responsibilities: - Define and prioritize penetration testing activities and requirements as the Product Owner within an agile framework. - Use your penetration testing knowledge to evaluate and prioritize security issues identified through testing and bug bounty programs. - Utilize enterprise vulnerability management tools in conjunction with penetration testing insights to identify high-risk systems. - Effectively communicate identified risks and collaborate with system owners and teams to develop and track vulnerability mitigation plans. - Enhance security vulnerability and incident response capabilities based on penetration testing outcomes. - Contribute to security monitoring efforts in a global environment. Minimum Qualifications: - Associates degree in a relevant field or 5+ years of experience in information security with a strong foundation in penetration testing principles and methodologies. - Understanding of web application, network, and computer security assessment concepts. - Experience working within agile methodologies and demonstrated aptitude for product ownership or similar strategic roles. Preferred Qualifications: - Experience in web application, network, and computer security assessments. - Knowledge of attack surface management and cloud security assessments. - Proficiency in programming languages such as Python, Node.js, and JavaScript. - Ability to analyze, triage, and escalate security vulnerabilities. - Familiarity with defensive and offensive security tool sets. - Relevant Offensive security certifications like OSCP and eCPPT. - Familiarity with mobile security is a plus. - Experience in a large, global, and complex environment. - Effective communication of information security risks to both technical and non-technical audiences. - Passion for computer and network security with awareness of current penetration testing trends. - Proficiency in English, knowledge of other languages is an advantage. At Roche, you will be part of a diverse and inclusive culture that values personal expression, open dialogue, and genuine connections. With a focus on innovation, over 100,000 employees worldwide are committed to advancing science and ensuring global access to healthcare. Join us in building a healthier future together. Roche is an equal opportunity employer.,