Cybersecurity Senior Penetration Tester
Role details
Job location
Tech stack
Job description
We're looking for a Senior Penetration Tester to join our Product Security & Privacy Organization (PSPO) - a dynamic global team ensuring the resilience and trustworthiness of Roche's products and digital solutions. In this hands-on role, you'll lead vulnerability assessments and penetration testing activities across our physical and cloud-based products. You'll collaborate with engineering, product, and architecture teams to strengthen Roche's cyber defenses and ensure that innovation in diagnostics goes hand in hand with security and patient safety. Your work will directly influence the security of next-generation healthcare technologies used worldwide.
What You'll Do Design, prioritize, and lead internal penetration testing activities across our diverse product portfolio, including digital solutions, cloud applications, and medical devices. Proactively identify and assess vulnerabilities, and collaborate with product teams to prioritize and fix them throughout the product lifecycle. Provide technical support and security knowledge to product teams during the design and development phases to ensure security by design. Mentor and coach junior and mid-level pentesters in advanced testing techniques and strategic thinking. Collaborate with the team to contribute to, utilize, and help maintain the central repository of testing methods and tools, supporting our goal of reusability across the business. Support the Incident Response team with technical analysis and forensics during security incidents. Execute red team exercises to assess product and solution resilience. Prepare and present clear security reports with risk assessments and actionable recommendations. Contribute to integrating defense and security-by-design principles across product lines. Continuously optimize processes, playbooks, and tools for scalable product security.
Who You Are
- You are a technically strong, curious, and impact-driven professional who thrives in complex, fast-moving environments. You enjoy uncovering vulnerabilities and turning insights into stronger, safer products.
Requirements
Do you have experience in Shell Scripting?, Do you have a Bachelor's degree?, * Proven senior-level experience (5+ years) in offensive security, encompassing strategic planning and hands-on execution across diverse environments (cloud, web, APIs, and specialized devices).
- Bachelor's degree in Computer Science, Information Systems, or a related field preferred.
- Solid Background in vulnerability assessment and penetration testing.
- Solid knowledge of common attack vectors, security best practices (e.g., OWASP Top 10), and Secure Development Lifecycle (SDLC) methodologies.
- Experience automating security controls (e.g., shell scripting, Python).
- In-depth understanding of information security and privacy risks.
- Experience with incident response and forensics (a plus).
- Strong ability to communicate complex vulnerabilities, their impact, and required mitigation steps clearly to technical and non-technical stakeholders.
- Strong problem-solving, communication, teamwork, and leadership skills.
- Proactive, collaborative, and self-driven, focused on continuous learning and sharing knowledge within a diverse global team.
- Proactive, self-driven, hands-on, and solution-oriented mindset.
- Relevant industry certifications such as SANS GIAC (GCIH, GPEN, GXPEN, GCIA, GCFA, GSE), OSCP, OSEP, OSCE, OSWE, CISSP, CISA, CISM, or ISO27001 Lead Auditor are highly valued.
- You share Roche's core values: Customer Empathy, Trust, Ownership, Bias for Action, Curiosity, Optimism, Collaboration, and Data-driven Decision-Making.
