Security Engineer - Monitoring & Incident Response
Job Description
At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.
The Position
Let’s build a healthier future, together.
By combining our unique strengths, we’re redefining healthcare through sustainable action and innovation. Discover what it’s like to work at Roche.
The Opportunity
The Global Security Monitoring and Incident Response (MIR) team at Roche strives to keep our networks and users safe from constantly evolving threats. As a Security Engineer on the Vulnerability and Exposure Management Team, you will help protect sensitive data and defend computer systems and web applications from existing and emerging threats. You will not just be managing scanner output. You will help manage and reduce existing risks, assess and evaluate the weaponization of emerging risks, and act as a core builder of our future capabilities.
Responsibilities
Triage, investigate, and respond to critical vulnerabilities affecting Roche
Evaluate and prioritize vulnerabilities found through our tools, including our bug-bounty program
Research emerging vulnerabilities and develop methods to confirm exploitability against our attack surface
Communicate risk and work with system owners and other stakeholders to mitigate security vulnerabilities
Assess company systems and web applications using both automated and manual tools
Maintain, improve, and engineer our scanning, detection, and automation solutions
Participating in security monitoring for a global environment
Who you are
Associate degree in relevant field or 5+ years in information security and fluent English.
Programming experience (Python, Node.js, JavaScript) and ability to write custom detection logic, scripts, and templates
Demonstrated ability to triage, analyze, and escalate vulnerabilities; experience validating vulnerabilities and basic exploit development in large global environments
Focus on web application, network, and computer security; cloud security experience; familiarity with attack surface management and AI-assisted development tools
Strong communication skills explaining complex risks to non-technical audiences; comfort balancing operational tasks with research; passion for security
Industry certifications in offensive security (OSCP, GWAPT, OSWE); open-source security project contributions
Relocation benefits are not available for this job posting.
Who we are
A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.
Let’s build a healthier future, together.
Roche is an Equal Opportunity Employer.