Roche fosters diversity, equity and inclusion, representing the communities we serve. When dealing with healthcare on a global scale, diversity is an essential ingredient to success. We believe that inclusion is key to understanding people’s varied healthcare needs. Together, we embrace individuality and share a passion for exceptional care. Join Roche, where every voice matters.

The Position

The Opportunity

In the position of Principal DevSecOps Engineer you will join the China Digital Platform team and will be part of the Cloud security team.

As a Cloud Security Engineer with good experience in monitoring and improving DevSecOps tools and processes, you will automate routine tasks and improve system reliability.

You will also play a critical role in providing technical support for day-to-day security operations, security tool integration, automation support, change management and business continuity programs.

You will:

1.Ali Cloud topology and Security Services:

• Demonstrated expertise and working knowledge of the Alibaba Cloud and its security services.
• Ability to understand and navigate the various security features and controls offered by Alibaba Cloud.

2.Security and Compliance Requirements:

• Collaborate with the team to define and implement security and compliance requirements for our Ali Cloud landing zone and organization.
• Ensure adherence to industry standards and best practices while considering the specific needs of operating in China.
• Stay updated with the latest security trends and technologies in the Alibaba Cloud ecosystem.

3.Security Event Capturing and Management:

• Architect and implement a robust security event capturing and log management system (SIEM).
• Monitor logs, security vulnerabilities, and threats to proactively identify and respond to potential security incidents.
• Develop processes to generate timely and accurate security alerts for effective incident response.

4.Automation and Collaboration:

• Automate the process of sending security alerts to Security Champions of each product.
• Collaborate with cross-functional teams to ensure prompt and coordinated response to security incidents.

5.Tool Evaluation and Implementation:

• Identify, define, conduct Proof of Concept (PoC), and enable/implement tools to secure Alibaba Cloud accounts.
• Evaluate and recommend appropriate security tools and technologies based on specific requirements.

6.Identify, integrate, monitor and improve infosec controls by understanding business processes.

7.Assist with complex projects and automation of day to day security operations to improve SLA

8.Experience with container and container orchestration technologies Docker and Kubernetes

Who you are

You’re looking for a challenge where you have the opportunity to pursue your interests across functions and geographies. Where your passion for technology, delivery, reliability, and operational excellence will impact the lives of patients fighting cancer and many other disease areas in the future.

You have a degree in computer science, engineering, or other related fields, or equivalent experience. You bring experience working in a multicultural environment and proven cultural awareness.

You have extensive experience with automation in CI/CD tools, methods and processes, including development of multi-environment pipelines (e.g., Jenkins, GitLab CI/CD,...), and Containerization/Orchestration, including Docker & Kubernetes.

And you have a strong understanding of key security concepts like WAF, Application security, network security and Identity access management.

Job-related Experience

• 3+ years related technical experience in Product Security Architecture or Engineering
• 5+ years of related work experience in cloud platforms: Ali Cloud
• Design, implement, support and evaluate security-focused tools, vulnerability management tools and services.
• Demonstrated experience in one or more programming languages (preferably Python)
• Conduct periodic Vulnerability assessment. Participate in incident handling and other related duties to support the information security function.
• Nice to have experience in industry standard tools like Splunk, jFrog, GitLab, Prisma, HashiCorp Vault, Tenable (Nessus scanner)

Furthermore, you bring:

• Very good interpersonal skills, a team player attitude and mindset, and you like bringing others up to speed on technology
• Demonstrated ability to adapt to new technologies and learn quickly
• Effective at engaging with teams in various functions and across different levels
• Strong organizational skills and ability to prioritize and manage multiple projects simultaneously
• You have experience with automation for infrastructure deploy/manage - terraform, cloudformation, resource manager or similar
• Industry recognized certifications provided by GIAC, ISACA, ISC2
• Cloud Security Certifications relevant to Ali Cloud Security certifications would be ideal.
• Healthcare software experience preferred
• Experience with clinical workflow solutions or in a clinical environment is a plus.

Following technical will be an asset:

• Python design patterns, OO programming
• Experience in Cloud Security and Serverless Architectures
• Experience in developing command-line and standalone applications
• Infrastructure-as-Code and related tools (CDK / Terraform / Terragrunt / CI / CD )
• SDLC and Agile methodologies

Who we are

At Roche, more than 100,000 people across 100 countries are pushing back the frontiers of healthcare. Working together, we’ve become one of the world’s leading research-focused healthcare groups. Our success is built on innovation, curiosity and diversity.

Roche is an Equal Opportunity Employer.