Cybersecurity Senior Penetration Tester bei Roche

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections,  where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Position

🔐 Senior Penetration Tester (Cyber Security – PSPO)

Who We Are
At Roche, we are passionate about transforming patients’ lives through innovation.
We act boldly — because we believe that good business means a better world. Every day, we commit to scientific rigor, unshakable ethics, and broad access to medical breakthroughs. Together, we’re building a better tomorrow, today.
We’re also deeply committed to diversity, equity, and inclusion. By bringing together people with a wide range of backgrounds, perspectives, and skills, we create an environment where innovation thrives, creativity flourishes, and everyone belongs.

The Opportunity
We’re looking for a Senior Penetration Tester to join our Product Security & Privacy Organization (PSPO) — a dynamic global team ensuring the resilience and trustworthiness of Roche’s products and digital solutions.
In this hands-on role, you’ll lead vulnerability assessments and penetration testing activities across our physical and cloud-based products. You’ll collaborate with engineering, product, and architecture teams to strengthen Roche’s cyber defenses and ensure that innovation in diagnostics goes hand in hand with security and patient safety.
Your work will directly influence the security of next-generation healthcare technologies used worldwide.

What You’ll Do
Design, prioritize, and lead internal penetration testing activities across our diverse product portfolio, including digital solutions, cloud applications, and medical devices.
Proactively identify and assess vulnerabilities, and collaborate with product teams to prioritize and fix them throughout the product lifecycle.
Provide technical support and security knowledge to product teams during the design and development phases to ensure security by design.
Mentor and coach junior and mid-level pentesters in advanced testing techniques and strategic thinking.
Collaborate with the team to contribute to, utilize, and help maintain the central repository of testing methods and tools, supporting our goal of reusability across the business.
Support the Incident Response team with technical analysis and forensics during security incidents.
Execute red team exercises to assess product and solution resilience.
Prepare and present clear security reports with risk assessments and actionable recommendations.
Contribute to integrating defense and security-by-design principles across product lines.
Continuously optimize processes, playbooks, and tools for scalable product security.

Who You Are

• You are a technically strong, curious, and impact-driven professional who thrives in complex, fast-moving environments. You enjoy uncovering vulnerabilities and turning insights into stronger, safer products.

Your profile includes:

• Proven senior-level experience (5+ years) in offensive security, encompassing strategic planning and hands-on execution across diverse environments (cloud, web, APIs, and specialized devices).

• Bachelor’s degree in Computer Science, Information Systems, or a related field preferred.

• Solid Background in vulnerability assessment and penetration testing.

• Solid knowledge of common attack vectors, security best practices (e.g., OWASP Top 10), and Secure Development Lifecycle (SDLC) methodologies.

• Experience automating security controls (e.g., shell scripting, Python).

• In-depth understanding of information security and privacy risks.

• Experience with incident response and forensics (a plus).

• Strong ability to communicate complex vulnerabilities, their impact, and required mitigation steps clearly to technical and non-technical stakeholders.

• Strong problem-solving, communication, teamwork, and leadership skills.

• Proactive, collaborative, and self-driven, focused on continuous learning and sharing knowledge within a diverse global team.

• Proactive, self-driven, hands-on, and solution-oriented mindset.

• Relevant industry certifications such as SANS GIAC (GCIH, GPEN, GXPEN, GCIA, GCFA, GSE), OSCP, OSEP, OSCE, OSWE, CISSP, CISA, CISM, or ISO27001 Lead Auditor are highly valued.

• You share Roche’s core values: Customer Empathy, Trust, Ownership, Bias for Action, Curiosity, Optimism, Collaboration, and Data-driven Decision-Making.

Why Join Us?

This is more than a job — it’s an opportunity to shape the future of healthcare technology, strengthen the security of life-saving solutions, and directly protect patient trust.

At Roche, your expertise matters every day. You’ll collaborate with world-class teams, tackle meaningful challenges, and grow in a global environment that values learning, integrity, and innovation.

Together, we make technology safe for better health — everywhere.

🧭 Ready to Secure What’s Next?

Join us and help redefine how security powers trust in healthcare.

👉 Apply now and be part of the team protecting the future of diagnostics.

Who we are

A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let’s build a healthier future, together.

Roche is an Equal Opportunity Employer.