Security Engineer - Vulnerability & Exposure Management

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Position

The Global Security Monitoring & Incident Response (MIR) team at Roche is dedicated to protecting our networks, systems, applications, and users from constantly evolving cyber threats. As a Security Engineer within the Vulnerability & Exposure Management team, you will play a critical role in identifying, assessing, prioritizing, and reducing cybersecurity risks across Roche’s global environment.

This role goes beyond reviewing scanner outputs. You will help investigate critical vulnerabilities, assess exploitability, improve security tooling and automation capabilities, and partner with stakeholders globally to strengthen Roche’s security posture.

You will join a collaborative and highly technical cybersecurity team that values innovation, curiosity, continuous learning, and proactive risk reduction.

Your Opportunity

In this role, you will

•

Triage, investigate, and respond to critical vulnerabilities impacting Roche systems and applications

•

Evaluate and prioritize vulnerabilities identified through security tools and external programs, including bug bounty initiatives

•

Research emerging threats and assess exploitability against Roche’s attack surface

•

Collaborate with infrastructure, cloud, application, and security teams to drive remediation activities

•

Assess company systems and web applications using automated and manual testing approaches

•

Engineer and enhance vulnerability scanning, detection, automation, and monitoring capabilities

•

Contribute to security monitoring and incident response activities within a global environment

•

Develop scripts, detection logic, templates, and automation workflows to improve operational efficiency

•

Support continuous improvement initiatives across vulnerability and exposure management processes

Who you are

You bring a strong cybersecurity foundation combined with analytical thinking, technical curiosity, and a proactive approach to solving complex security challenges.

You also bring

•

Associate Degree in a relevant field or 5+ years of professional experience in information security, with demonstrated experience triaging, analyzing, and escalating security vulnerabilities

•

Strong understanding of web application, network, endpoint, and cloud security concepts, including vulnerability management or attack surface management within complex enterprise environments

•

Hands-on scripting or programming experience using languages such as Python, JavaScript, or Node.js, with familiarity in security tooling, detection logic, automation, or custom scripting

•

Experience validating vulnerabilities, assessing exploitability, and supporting security monitoring or incident response activities

•

Ability to communicate technical risks effectively to both technical and non-technical stakeholders, while balancing operational priorities and research initiatives

•

Passion for cybersecurity, continuous learning, and emerging security trends, with exposure to open-source security projects or modern AI-assisted engineering workflows considered advantageous

•

Professional fluency in English, with industry certifications related to offensive or application security (e.g., OSCP, GWAPT, OSWE) and enterprise cloud security experience viewed as strong assets

Who we are

A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let’s build a healthier future, together.

Roche is an Equal Opportunity Employer.