DevSecOps Architect en Barcelona

At Roche, we are passionate about transforming patients’ lives and we are fearless in both decision and action - we believe that good business means a better world. That is why we come to work each day. We commit ourselves to scientific rigor, unassailable ethics, and access to medical innovations for all. We do this today to build a better tomorrow.

As a DevSecOps Architect you will be part of the RIS PSPO, DevSecOps team under devsecops at roche.com.

We are seeking a highly motivated professional with experience in Security and Privacy to join our dynamic team. As a PSPO DevSecOps architect, you will help with threat modeling, application security posture management, security orchestration, vulnerability & weakness assessments to improve resilience of the organization and its product portfolio.

Your main responsibilities will include:

• Develop security-as-code & policy-as-code pipelines

• Manage vulnerabilities (3rd party) and weaknesses (1st party) in Roche products, evaluating the criticality for an adequate prioritization and providing the most suitable remediation, working directly with the product teams as a trusted advisor

• Conduct vulnerability monitoring, (on-demand) vulnerability scanning and other security testing activities

• Provide expertise to product teams and Affiliates to answer inquiries, pre-sales requests, contract negotiations and other cybersecurity-related customer support

• Contribute to initiatives within the Diagnostic Division to achieve the integration of defense capabilities into the development of new products and in the update/upgrade, maintenance and support of existing products in collaboration with Product Support teams.

• Develop and automate technical workflows for investigations and assessments for cyber security vulnerabilities and drive onboarding of new products in Vulnerability Monitoring, and provide training to relevant stakeholders in the organization regarding Vulnerability Handling and Incident Response.

• Develop, maintain and continuously optimize processes, playbooks and tools for Vulnerability Monitoring, Vulnerability Management, Incident Response, Threat Intelligence and Security Testing.

• Evangelize security and privacy developing Security Champions across departments involved in the product development and operations

• Maintain the product security controls and awareness supporting other PSPO Chapters (Solution Architecture, Product Support and Compliance/Privacy).

• Mentor and coach teamwider chapter members.

Requirements:

• Minimum 3 years of related work experience in SDLC & cloud ops

• Demonstrated soft skills: problem solving, leadership, communication, teamwork, flexibility and adaptability.

• Team player, proactive, self-driven, self-motivated, solution-oriented, hands-on.

• Demonstrated experience in Cloud computing technologies, full stack deployments etc.

• Demonstrated experience in K8S, AWS or GCP, Docker and other cloud native tools

• Demonstrated experience in Jenkins/ArgoCD/Tekton or another common CI/CD tool chain

• Demonstrated skills in Sigstore, SBOM, SLSA and secure software supply chain management.

• Ability to develop Terraform, K8S manifests or other forms of infrastructure as code

• Ability to codify Rego or Cedar policies

• Demonstrated experience in SAST & DAST tools (Checkmarx, Snyk, Mayhem, BurpSuite, ZAP etc)

• Demonstrated experience automating security controls (eg shell scripting, python)

• In-depth experience in managing information security and privacy risks and threat modeling.

• In-depth experience in vulnerability handling pre and post-market launch

• In-depth experience in system and cloud infrastructure hardening

• Strong understanding of industry standards: ISO 27000 family and HITRUST

• BA/BS in Business, Information Systems, Computer Science or a related relevant area of study is a plus

• Certifications are a plus: SANS GIAC (GCIH, GPEN, GCIA, GCFA and others) , CEH, CISSP, CISA, CISM, LA ISO27001.

Mindset

We@RocheDiagnostics is the mindset and culture we as Diagnostics colleagues strive to adopt to help achieve our vision and realize our strategy. The dimensions are:

●     We are passionate about our customers and patients

●     We radically simplify

●     We trust, collaborate & have fun

●     We ALL lead

●     We experiment & learn

You are expected to demonstrate the We@RocheDiagnostics dimensions and help evolve the functions culture beliefs, bringing it to life as part of the TransformD journey.

Locations:

The role will be based in Sant Cugat, Spain or based in Pune, India.

As this position is a global role, international business travel will be required depending upon the business location of the successful candidate and ongoing business project activities.

Roche is strongly committed to a diverse and inclusive workplace. We strive to build teams that represent a range of backgrounds, perspectives, and skills. Embracing diversity enables us to create a great place to work and to innovate for patients.

Roche is an equal opportunity employer.

Who we are

At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we’ve become one of the world’s leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.

Roche is an Equal Opportunity Employer.