At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.
The Cybersecurity Analyst investigates security incidents, performs vulnerability assessments, and contributes to improving security operations
You will be capable of independent work on defined tasks, independently handling less complex tasks and contributing to various stages of the analysis lifecycle
By taking ownership of delivering well-defined requirements and supporting the design of feasible security solutions, you will proactively identify solution-level issues and maintain a mindset of continuous improvement within the security domain
Description of the area
Job Responsibilities
Scope
Lead Privileged Access tools CyberArk SelfHosted & SaaS feature implementation, integration and automation. Provide consultations with stakeholders to identify security requirements, provide systems integrations, record and develop roadmap and implementation plans for strategic initiatives.
Actively work in an enterprise environment as part of the Privileged Access Management (PAM) team to collectively manage, automate and improve the PAM capabilities for business users and security staff.
Promptly respond to product needs and customer requests, implementing changes and enhancements.
Support and provide evidence for audits and compliance reviews teams.
Actively focus on self-development and create actionable plans to grow.
Occasional international travel is required.
Independently handles less complex tasks and provides input to solution design by defining and managing requirements for small-scale problem areas
Focuses on understanding the problem domain, recommending solution options, and proactively identifying solution-level issues, gaps, or inefficiencies to improve products or processes
Accountability/Problem Solving
Participate and lead troubleshooting efforts as part of 2nd or 3rd level support duties.
Provide 24x7 on-call support for major and critical issues, demonstrating flexibility regarding working hours.
Takes ownership of delivering well-defined requirements and supporting the design of feasible solutions for specific features or components
Independently analyzes less complex security technical problems, defines problem scope, contributes to identifying root causes, and provides solutions to a broad range of difficult problems
Evaluates change and technology impacts with increasing accuracy, diagnoses gaps, and applies analytical and logical reasoning independently to identify discrepancies and challenge assumptions
Stakeholder Management
Identifies key business, technical, and security stakeholders for assigned tasks, analyzing their needs and interests regarding security posture and risk
Primarily interacts within security product teams/squads and across Security Operations functions, while establishing rapport and managing realistic security expectations
Develops and delivers tailored communication for security tasks and incident updates, facilitates meetings, and proactively engages with stakeholders to elicit, clarify, and validate security requirements
Impact/Strategy
Contributes to projects or workgroups by providing well-analyzed requirements and supporting the design of solutions that align with business objectives within their specified area
Demonstrates growing autonomy and expertise within their specific domain by translating requirements into a strategic plan with supervision, and may identify opportunities for minor process improvements within their immediate scope
Complexity
Works on a product or larger contexts, handling requirements and analysis for specific features or components
Can navigate moderate levels of complexity in requirements and stakeholder landscapes
Begins to understand sources of influence and analyze business problems/opportunities within this product context, starting to map basic interconnections
Business/Technical ability
Stay up-to-date with the latest security tools and techniques and make recommendations for improvements, better design or best practices.
Understand, implement, and follow relevant concepts of ITIL, GxP, Product Management and Agile Methodologies. These include Request Management, Incident Management, Change Management, Problem Management, Document Management, Qualification and Validation and Product Management.
Maintain infrastructure using CI/CD methodologies.
Possesses a working knowledge of the relevant business domain and supporting technologies
Understands sources of influence, comprehending internal and external factors affecting the problem space, and is capable of identifying and analyzing basic business problems or opportunities holistically
Qualifications
Education / Experience
Robust experience working in a major global organization, preferably in a regulated industry. Bachelor’s Degree in computer science, engineering or related discipline or recognition of prior working experience, which is equivalent to industry accredited certification.
Process & ITIL: Solid understanding of enterprise security processes built around ITIL principles, including Incident, Problem, Change, and Request Management.
Working knowledge of relevant business domains and supporting cybersecurity technologies
Experience in conducting stakeholder interviews, synthesizing requirements, and mapping/analyzing current processes
Demonstrated ability to independently handle less complex tasks and contribute to various stages of the security and business analysis lifecycle
Technical Skills
Core Technical Skills: Strong hands-on technical skills with a development background, featuring a strong focus on Privileged Access Management and Secrets Management technologies—specifically CyberArk SaaS, Conjur, or HashiCorp Vault.
Scripting & Automation: Experience with RestAPI’s usage, Scripting with Python, PowerShell, Ansible and YAML as well as Docker usage.
Cloud & DevOps: Experience with DevOps and ability to provide IAC toolchain support. General knowledge in Cloud IAM (AWS, Azure and GCP) and Cloud Secrets Management experience will be an advantage.
Security Expertise: Deep expertise in secure development practices, with knowledge of Zero Trust principles and common web vulnerabilities (OWASP Top Ten). Technical IAM experience with robust hands-on skills in debugging and problem-solving across complex security workflows.
Network Security: Proficient in advanced network security concepts, including SSL/TLS protocols, cryptography, key exchanges, cipher suites, and trust validation.
Ability to apply tools, principles, concepts, and techniques related to requirements, data, usability, and process analysis in practical scenarios
Experience investigating security incidents, performing vulnerability assessments, and managing requirements for small-scale problem areas
Skill in evaluating change and technology impacts with increasing accuracy, and breaking down complex technical concepts with minimal guidance
Additional Qualifications
Communication & Mentorship: Effective communicator who can clearly articulate technical concepts to diverse audiences, including developers, cloud engineers, architects, and business stakeholders. You inspire and mentor a collaborative, security-first culture within the team, driving excellence at every level.
Innovation & Delivery: You champion secure, automated solutions that enhance developer efficiency and align with global security goals. You proactively identify and adopt emerging technologies to protect the enterprise against evolving cybersecurity threats. You consistently deliver high-impact results while thriving in a fast-paced, cross-functional environment, and have a proven ability to balance strong customer focus with a dedication to operational excellence.
A mindset of continuous improvement with a proactive approach to identifying solution-level issues, gaps, or inefficiencies
Strong analytical and logical reasoning skills to identify discrepancies, challenge assumptions, and confidently present solutions
A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.
Let’s build a healthier future, together.
Roche is an Equal Opportunity Employer.