Product Cybersecurity Expert

Beschreibung

For our international medical partner, Roche Diagnostics Int Ltd based in Rotkreuz, we are looking for a qualified and motivated Product Cybersecurity Expert for one year with option for extension.

At Roche, we are passionate about transforming patients’ lives and we are fearless in both decision and action - we believe that good business means a better world. That is why we come to work each day. We commit ourselves to scientific rigor, unassailable ethics, and access to medical innovations for all. We do this today to build a better tomorrow.

As a Product Cybersecurity Expert you will be part of the Product Security & Privacy Operations department in the Product Security Engineering team. The main goal of PSPO is to deliver product security and privacy that our regulators require, customers expect and our patients deserve.

Tasks

• End-to-end activities that belong to the secure software development lifecycle for Roche products. Defining adequate cyber security mitigations, identifying threats, assessing risks, definition of security testing methods and scope, and track remediation actions of security findings during development
• Conduct planning and execution of 3rd party review activities (Verification & Validation) related to Cybersecurity and Software Architecture
• Proactively identify flaws in Roche’s product security, assess patient safety and business risk, and advise product managers on remediation steps
• Advice product teams to plan and implement adequate cybersecurity maintenance activities throughout the product's lifecycle
• Support development and maintenance of processes and tools for threat modeling, cybersecurity risk assessment, security testing with penetration testing tools, like Kali Linux, OWASP ZAP, Nessus and others

Must Haves

• Minimum 5 years of related work experience in product security, with demonstrated experiences in areas such as:
  • SDLC in Software Development, Network technology, Cryptography, Cloud computing technologies, DevSecOps methodologies etc. threat modeling, attack surface analysis, risk management, security testing, penetration testing and remediation activities.
  • Security by design and default concepts, OS hardening
  • System and cloud infrastructure hardening and monitoring
• Preferable certifications: CISSP
• Working knowledge of security controls, guidelines and standards (e.g.ISO27000 series, OWASP, CSA CCM, CIS 20 Critical Security Controls, SOC 2, and NIST)
• Good understanding of privacy and data protection regulations (e.g., HIPAA, EU GDPR)
• Demonstrated soft skills: problem solving, leadership, communication, teamwork,

  flexibility and adaptability

• Strong communication skills in English (min. C1 Level), German would be a plus

Nice to Have

• Experience in a medical device company

Are you interested? Do not hesitate and submit your complete application documents online today.

We also process applications by post, but will not return them for administrative reasons. We look forward to hearing from you!