At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections,  where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Position

The Global Security Monitoring and Incident Response (MIR) team at Roche strives to keep our networks and users safe from constantly evolving threats. As a Security Engineer on the Vulnerability and Exposure Management Team, you will help protect sensitive data and defend computer systems and web applications from existing and emerging threats. You will not just be managing scanner output. You will help manage and reduce existing risks, assess and evaluate the weaponization of emerging risks, and act as a core builder of our future capabilities.

The Opportunity

As an integrated part of the Vulnerability and Exposure Management team, your main responsibilities include:

• Triage, investigate, and respond to critical vulnerabilities affecting Roche.

• Evaluate and prioritize vulnerabilities found through our tools, including our bug-bounty program.

• Research emerging vulnerabilities and develop methods to confirm exploitability against our attack surface.

• Communicate risk and work with system owners and other stakeholders to mitigate security vulnerabilities.

• Assess company systems and web applications using both automated and manual tools.

• Maintain, improve, and engineer our scanning, detection, and automation solutions.

• Participating in security monitoring for a global environment.

Who you are

• You hold an Associate Degree in a relevant field or 5+ years of experience in the information security field.

• You possess a demonstrated ability to triage, analyze, and escalate security vulnerabilities.

• You have experience with attack surface management in a large and global environment.

• You bring programming experience (e.g., Python, Node.js, JavaScript) combined with a familiarity with modern, AI-assisted code development and engineering workflows.

• You display a strong emphasis on web application, network, and computer security, along with experience validating vulnerabilities and basic exploit development.

• You have a track record of contributing to open-source security projects and writing custom detection logic/templates/scripts.

• You have hands-on cloud security experience and a genuine passion for the field of computer and network security.

• You exhibit strong communication skills with the ability to explain complex risks to non-technical audiences, balancing operational tasks with research projects.

• You are fluent in English.

Preferred

• Industry certifications in the field of offensive security (e.g., OSCP, GWAPT, OSWE).

Relocation benefits are not available for this posting.

Who we are

A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let’s build a healthier future, together.

Roche is an Equal Opportunity Employer.