Bei Roche kannst du ganz du selbst sein und wirst für deine einzigartigen Qualitäten geschätzt. Unsere Kultur fördert persönlichen Ausdruck, offenen Dialog und echte Verbindungen. Hier wirst du für das, was du bist, wertgeschätzt, akzeptiert und respektiert. Dies schafft ein Umfeld, in dem du sowohl persönlich als auch beruflich wachsen kannst. Gemeinsam wollen wir Krankheiten vorbeugen, stoppen und heilen und sicherstellen, dass jeder Zugang zur Gesundheitsversorgung hat – heute und in Zukunft. Werde Teil von Roche, wo jede Stimme zählt.
Die Position
The Senior Security Engineer plays a vital role in protecting Roche Manufacturing systems and networks against cybersecurity threats. This role is responsible for local architecture and engineering support, helping system owners and administrators in keeping their manufacturing environment up to date with the latest Roche Manufacturing Cybersecurity standards, baselines and industry best practices. Some of this role’s responsibilities are:
- Taking part in technical design reviews, integration, testing, and documentation activities concerning new OT systems and/or changes to existing manufacturing system or infrastructure
- Supporting development of Manufacturing Cybersecurity standards and baselines OT Cybersecurity Advisor during OT System planning phase and OT System Risk Assessment process
- Advising System Owners in selecting appropriate security measures to mitigate risk
- Coordinating of OT services and activities delivered by Vendors
- Reviewing local technical designs as part of Manufacturing Cybersecurity Requests (in ServiceNow)
- Designing and sustaining OT Security Monitoring (IIDS) at the Manufacturing Site
- Providing technical support during Incident Response process including steps to minimize the impact, conducting a technical and forensic investigation into how the breach happened and the extent of the damage
- Working closely with System Owners, Cybersecurity Site Representative and is a catalyst for cross-site collaboration on topics related to Manufacturing Cybersecurity
The Senior Security Engineer is a member of the Manufacturing Cybersecurity Engineering team led by the Head of Manufacturing Cybersecurity Engineering and part of the Security Platforms subfunction in the Information Security function at Roche.
Job Responsibilities
- Independently manages end-to-end security analysis tasks across various capabilities and contributes to more complex problems
- Mentors more junior team members and contributes to the development of security best practices
- Stakeholder Management
- Identifies a diverse range of security stakeholders across functional areas and effectively manages relationships to build reliance through deep business and technical understanding, acting as a trusted advisor
- Acts as a strategic influencer, defining and driving stakeholder engagement strategies for complex initiatives, facilitating workshops, resolving conflicts, and proactively shaping stakeholder perspectives to align with project goals
- Impact/Strategy
- Demonstrates strong and consistent performance across diverse products, with an impact that typically extends to a specific product, initiative, or cluster
- Translates requirements into strategic implementation plans that align with overall business objectives, and takes a proactive role in shaping team processes Complexity
- Manages business analysis activities on more complex projects or across multiple products within a domain
- Capable of handling ambiguous requirements, navigating intricate stakeholder environments, and evaluating solution impacts considering both immediate and longer-term implications within the domain
- Business/Technical ability
- Demonstrates a strong understanding of the business domain, related technologies, and their interdependencies
- Can independently apply tools, principles, concepts, and techniques related to requirements, data, usability, and process analysis, effectively managing interconnections to improve overall efficiency and effectiveness
Qualifications
Education / Experience
- Experience independently managing end-to-end security analysis tasks and leading the analysis of moderately complex cybersecurity incidents or vulnerabilities
- Demonstrated ability to effectively manage relationships with a diverse range of cross-functional stakeholders on medium to large-sized engagements, acting as a trusted advisor
- Proven track record of championing accountability by example, such as successfully taking on security incident lead and/or security project owner roles
- Bachelor’s degree in Computing Engineering, Automation Engineering or similar is an asset.
Technical Skills
- Minimum 5 years of experience in the IT Security field
- Very good knowledge about local manufacturing and automation systems in use according to the current industry standards is an asset
- Strong proficiency in independently applying tools, principles, and concepts related to requirements, data, usability, and process analysis within the security domain
- Ability to analyze technology fit and propose effective, strategically aligned cybersecurity solutions and controls
Additional Qualifications
The following skills and/or qualifications are an asset:
- Expertise in anti-virus software, intrusion detection, firewalls and content filtering in OT
- Knowledge of risk assessment tools, technologies and methods
- Expertise in designing secure networks, systems and application architectures
- Disaster recovery, computer forensic tools, technologies and methods
- System administration, supporting multiple platforms and applications
- Endpoint security solutions, including file integrity monitoring
- Deep understanding of cybersecurity terms and principles (defense-in-depth, network segmentation, security monitoring and incident response, access management, OT patch management, secure remote access, anti-malware protection etc.)
- Advanced knowledge on networking (LAN/WAN) and industrial networking including significant low-level networking experience with the TCP/IP (Transmission Control Protocol/Internet Protocol)
- Solid knowledge on IT and OT infrastructure, including PLC security and protection
- Current knowledge of technology capabilities and trends; types, and techniques of hacking
- attacks
- Java, Net, C++, Python, bash, power shell
- One of five potential security-related certifications (Certified Ethical Hacker (CEH), CompTIA Security+, Certified Information System Security Professional (CISSP), ISA/IEC 62443 Cybersecurity Specialist certification, Global Industrial Cyber Security Professional (GICSP))
- Solid knowledge on IT infrastructure and service deployment model within Roche
- Good knowledge of the Roche IT Security Standards
Wer wir sind
Eine gesündere Zukunft treibt uns zur Innovation an. Mehr als 100.000 Mitarbeiter weltweit arbeiten gemeinsam daran, wissenschaftliche Fortschritte zu erzielen und sicherzustellen, dass jeder Zugang zur Gesundheitsversorgung hat – heute und für zukünftige Generationen. Durch unser Engagement werden über 26 Millionen Menschen mit unseren Medikamenten behandelt und mehr als 30 Milliarden Tests mit unseren Diagnostik-Produkten durchgeführt. Wir ermutigen uns gegenseitig, neue Möglichkeiten zu erkunden, Kreativität zu fördern und hohe Ziele zu setzen, um lebensverändernde Gesundheitslösungen zu liefern.
Gemeinsam können wir eine gesündere Zukunft gestalten.
Roche ist ein Arbeitgeber, der die Chancengleichheit fördert.
