Roche is building a very specialized hands-on security team to face the cyber security challenges on the Healthcare industry. The Blue Team Senior Security Engineer will be building the most advanced cyber defenses around critical medical devices and platforms during the development and after its final release improving them according to the Red Team assessments and the latest threats.
Evaluate and propose innovative security tools and strategies to keep a cutting edge cyber defense strategy
Orchestrate application and infrastructure defense mechanisms to increase prevention, detectability and containment capabilities
Incorporate defense and hardening mechanisms by design balancing performance and usability
Deploy defense and hardening mechanisms responding to incidents and adapting to emerging threats
Develop an effective vulnerability management strategy in collaboration with the Red Team to prioritize patching and mitigation controls.
Deep understanding of application security architecture and lifecycle
Knowledge of OWASP standard
Experience with threat modeling and risk management
Knowledge of code vulnerability management
Experience deploying active defense mechanisms
Knowledge of translate the compliance, privacy and security requirements to product features
Deep understanding of networking and cloud security
Extensive experience with AWS components stack and desirable knowledge of Google Cloud and Microsoft Azure
Extensive experience with network communication protocols
Understanding of perimeter protection tools: AWS native components/tools, NIDS, Web Application and Network Firewalls
Understanding of cloud provisioning tools CloudFormation and Terraform
Deep knowledge of operating systems: required Linux, desirable Windows and OSX
Deep knowledge of host protection: file integrity, next generation antivirus, host intrusion detection, whitelisting
Deep knowledge of host vulnerability management
Knowledge of hardening and OS image generation automation
Knowledge of host forensic
Knowledge of configuration management tools: Ansible, Salt, Chef, Puppet.
Desirable developing languages: Shell scripting, Python, Ruby.
Strong communication skills, both written and spoken.