Cybersecurity Security Analyst (Incident Response)

Roche fosters diversity, equity and inclusion, representing the communities we serve. When dealing with healthcare on a global scale, diversity is an essential ingredient to success. We believe that inclusion is key to understanding people’s varied healthcare needs. Together, we embrace individuality and share a passion for exceptional care. Join Roche, where every voice matters.

The Position

The Global Security Monitoring and Incident Response (MIR) team at Roche strives to keep our networks and users safe from constantly evolving threats. As a CyberSecurity Analyst, you will help protect proprietary information, patient data, keep computer systems clean, and provide a safe information environment for our users. Combing through massive amounts of signals, you will have to identify signs of abuse or compromise of on-premise as well as cloud resources. All team members share a set of core responsibilities, handling incidents, requests from experts, as well as enquiries from end users. CyberSecurity Analysts are responsible for monitoring security information, identifying threats, and showing initiative to defend all Roche information systems.

As an incident responder, you are expected to take part in an on-call rotation during weekends and can be mobilized during major incidents.

Responsibilities:

• Monitoring and Incident Response for a global environment. Take decisions, often under pressure, given partial information. Further develop threat hunting capabilities across a global team.
• Forensic analysis of artifacts, including malware. Identify and jointly implement hardening of systems.
• Continuously improve the security posture of the enterprise through partnering with respective product owners. Further organize detection engineering activities across a global team.
• Brief team members and leadership on relevant threats to the Roche group. Communicate information security concepts and situations to senior management.
• Expand the detection and response capabilities of the team through integration or by creating tools. Mentor newer team members.

Minimum Qualifications:

• 7+ years in the information security field, from which at least 3 years interacting with a SOC/CERT/CSIRT. Familiarity with TLP and information sharing best practices.
• Ability to communicate information security-related concepts and situations to a non-technical audience. Demonstrated ability to analyze, triage, and escalate information security incidents.
• Knowledge of detection engineering and threat-hunting concepts. Scripting and programming skills (Python, Javascript, Go, Rust, …).
• Demonstrated knowledge of operating systems (Windows, Linux, macOS). Excellent organization and communication skills; fluent spoken and written English.

Preferred Qualifications:

• Network and Endpoint security monitoring experience in a large complex environment. Prior exposure to privacy frameworks in the context of IT security monitoring.
• Knowledge of modern IAM controls and concepts (Zero Trust, Identity Aware Proxies, Active Directory Security, …). Knowledge of Cloud security concepts (multi-cloud environments, CSPM, …).
• A passion for the field of computer and network security. Familiarity with various defensive AND offensive security toolsets.
• Public speaking or mentoring experience.

Who we are

At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we’ve become one of the world’s leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.

The Roche Services & Solutions as well as People Support Solutions organisations located in Kuala Lumpur provide end-to-end business solutions for Finance, Procurement, IT, Communications, People & Culture (Human Resources) and beyond to our Roche colleagues across the APAC region. Today Roche employs altogether around 1100 employees in Malaysia.

Roche is an Equal Opportunity Employer.