Principal Security Product Specialist - Personalized HealthCare Informatics (PHC IX)
The power of data at scale has transformed almost every industry, personalizing experiences in many aspects of our lives. Yet in healthcare we've only scratched the surface. At Genentech and Roche, we are accelerating the use of data insights and digital technologies to make significant strides to reach the full potential of personalized healthcare. We are seeking mission-driven, ardent, self-starting, creative individuals to join us in this effort.
The Principal Security Product Specialist will have the responsibility for design and development of the end-end security related solutions for deployment of PHC Applications in the cloud and on-premises. This role will be part of the Pharma PHC IX/Technology Team that provides global technology solutions to enable the Pharma PHC Vision and Strategy. The Principal Security Product Specialist will partner with stakeholders in multiple groups to design and develop the security solutions for PHC Infrastructure for Roche/Genentech's current and future PHC needs. The goal will be to build and support most reliable and scalable security solutions to support PHC Solutions and applications meeting compliance with regulatory requirements. The PHC Platform will support applications in the areas of Advanced Analytics, Digital Health, Imaging and Data management for Exploratory to Clinical Trials to Clinical Settings. This person will work very closely with key stakeholders within the PHC Center of Excellence and other cross functional teams in GIS to build Information Technology security strategy with the PHC COE strategy and portfolio.
We expect the Principal Security Product Specialist to be a passionate business and product advocate within IT, with proven analytical capabilities. The Principal Security Product Specialist must be an effective negotiator, leader and communicator in working with Roche/Genentech's IT cross-functional teams as well as other stakeholders and vendors. The ideal candidate will be a self-starter with a passion for innovative technologies, a high level of flexibility, and commitment. The Principal Security Product Specialist will join our diverse community of smart, fun, wholehearted, and engaged informatics professionals from various functional areas. This person will share our community values of passion, courage, integrity, and gratitude -- all in-service of our mission, "doing now what patients need next."
As Principal Security Product Specialist in PHC Pharma IT/Technology team, you will:
Partner closely with key stakeholders from PHC Center of Excellence and corresponding Pharma IT Groups and Global Infrastructure and Solutions(GIS) to prototype, design and implement security solutions to accelerate the fulfillment of the business strategic vision and protect Roche assets from all types of threats and adversaries.
Be able to source and identify emerging security technology trends from multiple internal and external sources and assess relevance. Translate and implement trends into short-term and long term security capabilities.
Oversee and facilitate the evaluation and selection of security technology and product standards, and the design of security standard configurations/implementation patterns
Work with IT Quality, IT Security and Governance other Business partners to ensure that the application infrastructure is designed to comply with pharmaceutical regulations and GxP requirements.
Security product specialist will build and secure systems from external, internal threat feeds, build behavior analysis trends and develop security analytic systems to track down, stop and/or prevent malicious activities, security violations, vulnerabilities and other threats.
Ensure that Roche PHC assets information assets are secured. Security producty specialist will work with security teams including infrastructure, engineering, operations, product development and incident response team to ensure that deployed security solutions are uptodate and meet Roche security standards.
Design and build security monitoring solutions for detection, protection and response include IDS/IPS, malware sandbox, packet capture, netflow tools, Web Application firewalls, Real Time Application Protection systems, Antivirus, log management, SIEM, Enterprise Detection and Response and Next Generation Antivirus
Research emerging technologies and maintain awareness of current security risks in support of security enhancement and development efforts.
Lead initiatives to develop and build security utilities and tools that will enable others to operate more efficiently and securely in cloud environments
BA/BS in Business, Information Systems, Computer Science or a relevant area of study required
Minimum 8 years of related work experience in Security Engineering, Privacy & Risk Management
Understand products and security services available from multiple Cloud Providers such as AWS, AZURE, GCP and other vendors to map those products and services to address IT and Security needs
Demonstrated experience automating security controls (desired languages: Shell scripting, Python)
Demonstrated experience supporting security and/or privacy audits
In-depth experience in managing information security and privacy risks and threat modeling
In-depth experience in vulnerability handling pre and post-market
In-depth experience in system and cloud infrastructure hardening
Experience hardening the services and products available from various cloud providers and partners e.g. Teradata, SageMaker, ECS, EKS, GKE, Palo Alto, Imperva, Redshift, Dataguise, ClamAV etc. and ability to propose fit-for-purpose services to meet requirements
Hands-on experience in designing infrastructure as Code, building DevSecOps pipelines and automation using CI/CD toolsets such as GIT, BitBucket, Jenkins, Ansible, Terraform etc. and Container platforms such as Docker, Kubernetes.
Good understanding of the application landscapes used in Research environments such as as Imaging Solutions, Advanced Analytics Tools, Data Lakes, Landing Zones including High speed Data Ingestion from Internal and external data sources
Strong background in working with various operating systems including various flavors of Linux (RedHat, Ubuntu, CentOS, SuSE) and MicroSoft Windows Servers
Good understanding of Regulatory and GxP requirements for working in Healthcare sector including HIPAA, GDPR, HITRUST, ISO-27001 etc.
Certifications are a plus: SANS GIAC (GCIH, GPEN, GCIA, GCFA and others), CEH, CISSP, CISA, CISM, LAISO27001
Implementation of SaaS based solutions to achieve continuous compliance and Policy enforcements thru BOTs, Security and vulnerability monitoring, log aggregation etc. with good understanding of tools such as Splunk, Dome9, Qualys etc.
Strong business knowledge in the Pharma/Biotech industry and associated processes is preferred.
Roche is an equal opportunity employer.
Information Technology, Information Technology > IT Infrastructure and End-User Services
Hoffmann-La Roche Inc.