1. Home
  2. IT development
  3. Product Cyber Security Expert

Offers “Roche”

Expires soon
Roche

Product Cyber Security Expert

  • Sant Cugat Del Vallès, SPAIN
  • IT development
Apply Now

Job description



·  Job facts

Your main responsibilities will include:

• Coordinate and drive the necessary initiatives within the Diagnostic Division to achieve the integration of Cyber Security aspects in the development of new products and in the update/upgrade, maintenance and support of existing products.

• Define and propagate processes in the area of Product Cyber Security to enable continuous compliance of product development and maintenance processes.

• Provide service for Cyber Security related Product Risk Management activities, including risk identification, risk rating, selection and verification of risk mitigation and assessment of residual risks.

• Initiate Cyber Security Architecture and Design for secure products. Conduct Cyber Security Architecture- and Design Reviews to identify associated risks and improvement potential. Participate in Quality Attribute- and ATAM workshops to ensure coverage of security scenarios.

• Monitoring vulnerability feeds and other relevant sources for Vulnerability Information, analyze the potential impact of identified vulnerabilities on monitored Roche Diagnostics products, and inform affected product teams

• Enable Product Teams to handle Cyber Security Vulnerabilities and Incidents, by providing technical support for the investigation of Cyber Security Vulnerabilities and Incidents in the product context.

• Develop and automate technical workflows for investigations and assessments for cyber security vulnerabilities and drive onboarding of new products in Vulnerability Monitoring, and provide Trainings to relevant stakeholders in the organization regarding Vulnerability Handling and Incident Response

• Conduct planning and execution of 3rd party review activities (Verification & Validation) related to Cyber Security and Software Architecture.

• Provide trainings and consulting in the domain of Cyber Security and Open Source License Compliance to enable business partners in delivering compliant products.

• Advise Product Teams to plan and implement adequate Cyber Security Maintenance activities throughout the product's lifecycle.

• Develop, maintain and continuously optimize tools and templates for Threat modelling, Cyber Security risk assessment, Security Testing with penetration testing tools, like Kali Linux, Nessus and others.

For this role you will need to have:

• Solid understanding and knowledge of security principles including but not limited to secure software development, secure-by-design, architecture, threat and vulnerability management, infrastructure platforms, tools and technologies.

• Deep technical expertise in technologies like encryption, network protocols, scripting, embedded systems security, malware protection technology, forensic analysis, event correlation etc will be a bonus.

• Sound understanding of cloud technologies, architecture and proven experience with AWS, Azure and Google cloud in regards to security architecture and data privacy concerns.

• Background and understanding in Artificial Intelligence (AI), Machine learning and data science are necessary to consult project teams is an advantage.

• Proven background in software development and software DevOps to consult and support development teams in secure software build and deployment processes.

• Sound understanding of agile software development processes like SCRUM or SAFe (Scaled Agile Framework).

• Strong ability to effectively communicate and articulate security risk to various stakeholders with differing levels of technical knowledge will be advantageous along with presentation, stakeholder and relationship management skills.

• Good awareness of legal and regulatory landscape relating to information and cyber security around the world.

• A good understanding and awareness of areas related to security e.g. privacy and data protection.

• Strong academic or professional background. Industry certifications like CISSP, CEH, CREST, AWS, CISM, CISA, CCNA/P, GIAC, SANS etc.

• Medical device / embedded systems / software-as-a-medical device experience will be beneficial but not essential as would experience in healthcare/life sciences.

Additional tasks:

• Drive Innovations for Product Cyber Security and bring passion to support the Product LifeCycle Services of the department.

• Measure KPIs during Cyber Security Operations and support reporting to relevant stakeholders.

• Research latest, cutting edge security technology and provide actionable insights to our Senior Management, Product Owners and DevOps Teams.

·  Who we are

At Roche, 94,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we've become one of the world's leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.

Roche is an equal opportunity employer.

Make every future a success.
  • Job directory
  • Business directory
    •