Cybersecurity Senior Penetration Tester
Role details
Job location
Tech stack
Job description
At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters. The Position ? Senior Penetration Tester (Cyber Security - PSPO) Who We Are At Roche, we are passionate about transforming patients' lives through innovation. We act boldly - because we believe that good business means a better world. Every day, we commit to scientific rigor, unshakable ethics, and broad access to medical breakthroughs. Together, we're building a better tomorrow, today. We're also deeply committed to diversity, equity, and inclusion. By bringing together people with a wide range of backgrounds, perspectives, and skills, we create an environment where innovation thrives, creativity flourishes, and everyone belongs. The Opportunity We're looking for a Senior Penetration Tester to join our Product Security & Privacy Organization (PSPO) - a dynamic global team ensuring the resilience and trustworthiness of Roche's products and digital solutions. In this hands-on role, you'll lead vulnerability assessments and penetration testing activities across our physical and cloud-based products. You'll collaborate with engineering, product, and architecture teams to strengthen Roche's cyber defenses and ensure that innovation in diagnostics goes hand in hand with security and patient safety. Your work will directly influence the security of next-generation healthcare technologies used worldwide. What You'll Do Design, prioritize, and lead internal penetration testing activities across our diverse product portfolio, including digital solutions, cloud applications, and medical devices. Proactively identify and assess vulnerabilities, and collaborate with product teams to prioritize and fix them throughout the product lifecycle. Provide technical support and security knowledge to product teams during the design and development phases to ensure security by design. Mentor and coach junior and mid-level pentesters in advanced testing techniques and strategic thinking. Collaborate with the team to contribute to, utilize, and help maintain the central repository of testing methods and tools, supporting our goal of reusability across the business. Support the Incident Response team with technical analysis and forensics during security incidents. Execute red team exercises to assess product and solution resilience. Prepare and present clear security reports with risk assessments and actionable recommendations. Contribute to integrating defense and security-by-design principles across product lines. Continuously optimize processes, playbooks, and tools for scalable product security. Who You Are * You are
Requirements
a technically strong, curious, and impact-driven professional who thrives in complex, fast-moving environments. You enjoy uncovering vulnerabilities and turning insights into stronger, safer products. Your profile includes: * Proven senior-level experience (5+ years) in offensive security, encompassing strategic planning and hands-on execution across diverse environments (cloud, web, APIs, and specialized devices). * Bachelor's degree in Computer Science, Information Systems, or a related field preferred. * Solid Background in vulnerability assessment and penetration testing. * Solid knowledge of common attack vectors, security best practices (e.g., OWASP Top 10), and Secure Development Lifecycle (SDLC) methodologies. * Experience automating security controls (e.g., shell scripting, Python). * In-depth understanding of information security and privacy risks. * Experience with incident response and forensics (a plus). * Strong, ability to communicate complex
