Principal Security Analyst - Product IT Center of Enablement in Diagnostics IT
Who We Are
Roche’s expanding digital product portfolio demonstrates its commitment to provide healthcare professionals, laboratories, and patients with digital and digitally-enabled solutions that transform patient care. The existing product portfolio includes decision support systems, data management solutions, and workflow solutions. At the center of these diverse types of solutions is always patient data security and privacy as the highest priority for Roche.
In this context, Roche has built a global team that builds, secures, and operates infrastructure platforms (cloud and on-prem) for its digital products. This team is working with a high freedom to operate in a self-organized setup and is responsible for tackling the cybersecurity, compliance, and infrastructure challenges of the healthcare industry while enabling high-velocity product development.
In the position of Principal Security Analyst you will join the Diagnostic Product IT Center of Enablement team and will be part of the Edge security team.
As the Principal Security Analyst for Product IT Center of Enablement, you create and analyze security policies and procedures to determine weakness in infrastructure security and complete a thorough audit of existing measures.
You conduct technical analysis and triage based on triggered alerts to determine the severity, impact, scope and corresponding response actions. And you anticipate data breaches by ethically hacking into the company's secure systems while determining future flaws and their prevention.
In addition, you will:
- Utilize security tools to improve company's security posture
- Monitor network traffic as an intrusion prevention specialist to detect possible threats and respond to threats immediately as they occur
- Document playbooks and runbooks for security incidents
- Understand reverse engineering to have a thorough knowledge of malware analyzation and bug patching on various software platforms
- Minimize negative impact of security breach by shifting security measures for future prevention and creating information assurance and firewalls
- Analyze logs from SIEM and create meaningful alerts and dashboards
- Proactively search for Threats to prevent or minimize Cybersecurity attacks
- Have In-depth understanding of inner Kubernetes workings (networking and storage stack, pod scheduling)
- In-depth understanding of the Linux operating system and how it interacts with container runtimes
- Knowledge of PKI management
- High level understanding of edge devices running on customer premises, encryption of data at rest and in transit
- Be on call and part of security operations team
This position will be located in Mississauga, Ontario, (Canada).
Who You Are
You have experience with implementing MITRE ATT&CK framework using SOAR tools required. You have a strong shift left and security first mindset and you demonstrated knowledge of bug bounties, cross-site scripting, broken authentication, cross-site request forgery, and web application scanning.
You have a University degree in computer science, engineering, or other related fields, or equivalent experience. You bring experience working in a multicultural environment and proven cultural awareness.
Furthermore, you bring:
- Very good interpersonal skills, a team player attitude and mindset, and you like bringing others up to speed on technology
- Strong communication skills, both written and spoken
- Strong Knowledge of host level forensic
- Experience creating meaningful alerts to detect security incidents
- Basic Understanding of perimeter protection tools: AWS native components/tools, NIDS, Web Application and Network Firewalls
- Knowledge of shell scripting, Python (desirable)
- Basic knowledge of operating systems: required Linux and docker fundamentals
- Knowledge of OWASP standard
- Understanding of host protection concepts like file integrity, next-generation antivirus, host intrusion detection, whitelisting
- CISSP, GCIH, CISA, CISM, or other industry certifications preferred
- Nice to have Hands-on experience in forensic science, data analysis, intelligence analysis, malware reversing, network and endpoint security, adversary tracking, and other security-related tasks
What we offer at Roche Canada:
- Stable working environment with attractive compensation and rewards package
- Annual bonus payment based on performance
- Emphasis on continuous personal and professional self-development supported by a dedicated training budget (training, certifications, conferences, diversified career paths etc.)
- Experienced and professional colleagues and workplace that supports innovation and new ideas
- Roche Connect stock purchase options
- Company’s emphasis on employees’ wellness and work-life balance
- Generous vacation and Roche Days for time off work
- Flexible options allowing you to accommodateyour daily schedule
- Modern and collaborative open space working environment with comfortable facilities
- Hybrid working model;
- Visit our website to check out benefits: - https://myrochebenefits.roche.com/public/welcome
Who we are
At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we’ve become one of the world’s leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.
Roche Pharma Canada has its office in Mississauga, Ontario and employs over 850 employees. The Mississauga facility is bright, vibrant, fosters collaboration and teamwork, and is reflective of Roche's truly innovative culture.
As of January 4, 2022, Roche requires all new employees who work in Canada to be fully vaccinated against COVID-19 on the date they take office. This requirement is a condition of employment at Roche that applies regardless of whether the position is on a Roche campus or remotely. If you have a valid reason for not being fully immunized, which is limited to certain specific medical reasons or other valid reasons protected by applicable human rights laws, you may request an exemption and / or adaptation measures regarding this vaccination requirement.
Roche is an Equal Opportunity Employer.