Senior Cloud Security Engineer

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.The PositionWe are a high-performing cybersecurity team tasked with protecting the organization's computing environments. While our historical stronghold has been managing enterprise Endpoint Detection and Response (EDR), Application Control, and Secure Data Erasure, we are now expanding our focus to secure our dynamic, cloud-native environments. We are looking for aCloud Security Engineer specializing in Cloud Workload Protection. You will be responsible for securing IaaS, PaaS, containers, and serverless architectures. Working alongside your senior endpoint security colleagues, you will bridge the gap between traditional endpoint defense and modern cloud infrastructure, ensuring our threat detection and application governance standards are seamlessly extended to the cloud.Job ResponsibilitiesCloud Workload Protection (CWPP): Architect, deploy, and manage Cloud Workload Protection Platforms (e.g., Prisma Cloud, Microsoft Defender for Cloud, Wiz, or Aqua) across our multi-cloud environment (AWS, Azure, and/or GCP).Container & Kubernetes Security: Implement runtime defense, vulnerability scanning, and configuration hardening for containerized applications and orchestration platforms (EKS, AKS, GKE).Extending Core Services to the Cloud: Adapt our existing strategies for EDR and Application Control to function effectively in ephemeral, cloud-native workloads without degrading performance.DevSecOps Integration: Embed security controls directly into CI/CD pipelines (Shift-Left), ensuring images, registries, and Infrastructure as Code (IaC) templates are scanned and secured before deployment.Automated Remediation: Develop automated response playbooks for cloud misconfigurations and workload alerts using serverless functions and native cloud APIs.QualificationsBachelor's degree in Computer Science, Software Engineering, Cybersecurity, or equivalent practical experience.3+ years of dedicated experience securing public cloud workloads, with a strong understanding of the shared responsibility model.Deep technical knowledge of Docker, Kubernetes, and container orchestration. You should know how to secure a pod, restrict container privileges, and manage network policies.Proven, hands-on experience deploying and tuning commercial or open-source cloud security platforms (CWPP / CNAPP).Strong grasp of cloud-native networking (VPCs, Security Groups) and Identity and Access Management (least-privilege roles, service accounts).Proficiency in written and spoken English (C1 or above level).Additional QualificationsBridge Builder: Ability to collaborate closely with DevOps and Cloud Engineering teams, acting as an enabler rather than a roadblock.Strategic Thinker: Capacity to look at our existing on-premise security policies and intelligently adapt them for ephemeral cloud environments.Adaptable: Comfortable working in a highly dynamic cybersecurity environment where priorities can shift based on emerging needs.Team Player: Ability to collaborate effectively with internal and external team mates and stakeholders.Mentorship: Willingness to cross-train our existing senior endpoint engineers on cloud-native security concepts, while learning from their deep endpoint telemetry expertise.Compensation & BenefitsThis position also offers an attractive benefits package. Learn more about how we reward our employees at Roche.Roche is an Equal Opportunity Employer.#J-*****-Ljbffr

Bachelor's degree in Computer Science, Software Engineering, Cybersecurity, or equivalent practical experience. 3+ years of dedicated experience securing public cloud workloads, with a strong understanding of the shared responsibility model. Deep technical knowledge of Docker, Kubernetes, and container orchestration. You should know how to secure a pod, restrict container privileges, and manage network policies. Proven, hands-on experience deploying and tuning commercial or open-source cloud security platforms (CWPP / CNAPP). Strong grasp of cloud-native networking (VPCs, Security Groups) and Identity and Access Management (least-privilege roles, service accounts). Proficiency in written and spoken English (C1 or above level). Additional Qualifications Bridge Builder: Ability to collaborate closely with DevOps and Cloud Engineering teams, acting as an enabler rather than a roadblock. Strategic Thinker: Capacity to look at our existing on-premise security policies and intelligently adapt them for ephemeral cloud environments. Adaptable: Comfortable working in a highly dynamic cybersecurity environment where priorities can shift based on emerging needs. Team Player: Ability to collaborate effectively with internal and external team mates and stakeholders. Mentorship: Willingness to cross-train our existing senior endpoint engineers on cloud-native security concepts, while learning from their deep endpoint telemetry expertise.

This position also offers an attractive benefits package. Learn more about how we reward our employees at Roche. Roche is an Equal Opportunity Employer. #J-*****-Ljbffr