At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections,  where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Position

Security Analyst - Penetration Testing

Exp- 4 to 7 yers

Location- Pune

Position Overview

We are seeking an experienced Security Analyst to join our cybersecurity team. In this role, you will conduct comprehensive penetration testing and vulnerability assessments across our diverse technology landscape, identifying and documenting security risks to strengthen our overall security posture.

Primary Responsibilities

• Conduct thorough penetration testing of  web applications, mobile applications, and AI/LLM system using industry-standard tools and methodologies

• Perform hands-on security assessments and identify vulnerabilities in web-based systems and APIs

• Execute practical penetration tests against target systems, documenting real-world findings and exploitation methods

• Develop and execute custom exploitation payloads and attack scenarios

• Analyze application logic, authentication mechanisms, and access control implementations

• Collaborate with development and infrastructure teams to define scope, validate findings and track remediation efforts

• Maintain detailed testing documentation, evidence of assessments, and proof of concept demonstrations

• Participate in security reviews and contribute to threat modeling exercises

• Stay current with emerging web application security threats and attack vectors

• Quickly adapt to new tools, technologies, and emerging security challenges in the threat landscape

Required Qualifications

Certifications (Mandatory - at least one of the following)

• OSCP (Offensive Security Certified Professional) or

• CPTS (Certified Penetration Testing Specialist) or

• OSCE (Offensive Security Certified Expert) or

• Equivalent recognized penetration testing certification

Experience & Technical Skills

Primary Expertise (Web Application and LLM - Hands-On Required):

• 3+ years of demonstrated hands-on experience in web application penetration testing

• Proven ability to identify and exploit real-world vulnerabilities in production and pre-production environments

• Practical expertise with OWASP Top 10 vulnerabilities, including SQL Injection, XSS, CSRF, authentication bypass, and API security flaws

• Proficiency with web security testing tools (Burp Suite, OWASP ZAP, Postman, etc.)

• Experience bypassing security controls and WAF implementations

• Hands-on experience with API penetration testing (REST, GraphQL, SOAP)

• Practical expertise with LLM security assessments, including prompt injection, model manipulation, and output validation weaknesses.

• Understanding of LLM vulnerabilities including prompt injection, jailbreaking, data leakage, and model poisoning attacks

• Experience evaluating guardrails, content filters, and safety mechanisms in AI systems 

• Proficiency with LLM security testing frameworks (e.g., OWASP Top 10 for LLM Applications)

• Familiarity with LLM penetration testing tools (e.g., Claud CLI, PRFU, Garak, promptfoo, etc.)

Required Secondary Skills (Hands-On Demonstrated):

• Mobile Penetration Testing: Practical hands-on experience testing iOS and Android applications, including runtime analysis, reverse engineering, and security assessment of mobile APIs

• Cloud Security: Hands-on experience conducting security assessments on public cloud environments (e.g., AWS, Azure, GCP), including services like EC2, S3, Lambda, IAM, RDS, and cloud misconfiguration identification.

Core Competencies:

• Strong understanding of networking, encryption, authentication, and authorization mechanisms

• Analyze and understand complex system architectures to develop targeted penetration testing methodologies and identify underlying vulnerabilities

• Ability to write clear, professional penetration test reports with actionable remediation guidance

• Excellent communication skills for presenting findings to both technical and non-technical stakeholders

• Attention to detail and strong analytical mindset

• Ethical hacking mindset with commitment to responsible disclosure

• Quick learner with demonstrated ability to rapidly master new tools and technologies

• Adaptive mindset with readiness to learn emerging security domains and evolving attack methodologies

Preferred Qualifications

• Bachelor's degree in Computer Science, Cybersecurity, Information Security, or equivalent hands-on experience

• Hands-on practical experience with thick client application penetration testing (binary analysis, memory manipulation, process injection)

• Additional security certifications (CEH, GWAPT, GPEN, GIAC Security Essentials, etc.)

• Hands-on experience with containerization security (Docker, Kubernetes)

• Practical experience with CI/CD pipeline security assessments

• Experience in compliance-driven penetration testing (PCI-DSS, HIPAA, SOC 2)

• Active or past participation in legitimate bug bounty programs with demonstrated results

• Experience developing custom exploitation tools and scripts

• Proven track record of self-directed learning and skill development in security domains

• Experience adapting existing tools and methodologies to novel security challenges

Required Technical Proficiencies

• Penetration testing frameworks and methodologies (NIST, OWASP, PTES)

• Advanced network analysis and packet inspection tools

• Vulnerability scanning, assessment, and exploitation tools

• Python scripting for exploitation and tool development

• Linux/Unix command-line proficiency and bash scripting

• Practical knowledge of common security vulnerabilities and real-world exploitation techniques

• Burp Suite (or equivalent) advanced usage and configuration

• Mobile debugging tools and frameworks

• Cloud security assessment tools and techniques

Soft Skills

• Problem-solving and critical thinking with hands-on troubleshooting ability

• Strong written and verbal communication (English)

• Ability to work collaboratively in a global team environment

• Time management and ability to handle multiple concurrent assessments

• Professional judgment and ethical responsibility

• Quick learner with ability to acquire and apply new technical knowledge rapidly

• Adaptability and flexibility in approaching diverse security challenges

• Proactive self-learner with initiative to stay ahead of emerging security threats and technologies

• Curiosity-driven approach to exploring new attack vectors and security domains

Who we are

A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let’s build a healthier future, together.

Roche is an Equal Opportunity Employer.