Full-Time
Product Cybersecurity Expert
Posted on 8/1/2025
Roche
1-10 employees
Global pharmaceuticals and diagnostics company
No salary listed
Sant Cugat del Vallès, Barcelona, Spain
In Person
 IT & Security (1) |
|---|
- BA/BS in Engineering, Computer Science or relevant area of study required.
- Security industry certifications such as SANS GIAC (GCIH, GPEN, GCIA, GCFA, etc.), CEH, CISSP, CSSP, CISA, etc.
- Minimum of 7+ years of related work experience in security engineering, security operations, vulnerability management or application security.
- Demonstrated experience working with product software development and cloud platform teams, preferably in international companies in the healthcare or regulated industries.
- In-depth experience in analyzing product security posture, threat and risk landscape, performing threat modeling and defining adequate security and data privacy controls to mitigate risks.
- Excellent interpersonal skills with high cross-cultural sensitivity; ability to collaborate and communicate across multiple international teams; commitment to working as a team player across Business Areas and Divisions.
- Defining security and privacy requirements for Roche products, medical devices or health/clinical solutions both in the cloud and on-premises during all product software development lifecycle.
- Contributing to the development and support implementation of security and privacy risk management framework across the product lifecycle.
- Supporting in the definition, implementation and maintenance of product security and privacy control measures for a product or platform, considering changes in technology, regulations and customer needs.
- Managing vulnerabilities at all technology layers during pre and post market activities of the product or platform, making sure they are fixed in a timely manner.
- Supporting the security testing activities (SCA, SAST, DAST, IAC, etc.) for a given product, helping to automate execution and deliverables and support on the remediation activities.
- Conducting planning and coordination of external security testing activities (verification & validation) and remediation plans (e.g. pentest).
- Supporting security incident response and forensic activities working directly with the Roche Intelligence and Defense teams.
Roche is a global leader in pharmaceuticals and diagnostics. It develops medicines and diagnostic tools that help detect, monitor, and treat diseases, using research and biotechnology to drive new therapies and tests. Roche combines drug development with in-house diagnostic products to support personalized medicine, where treatments are tailored to individual patients based on test results. Its approach differs from many peers by integrating drug discovery with diagnostic capabilities and by expanding its research through strategic acquisitions (like Genentech) to strengthen its biotechnology and R&D capabilities. The company’s goal is to improve patient outcomes and healthcare worldwide by delivering reliable medicines, accurate diagnostic tests, and data-driven care.
Company Size
1-10
Company Stage
IPO
Headquarters
Basel, Switzerland
Founded
1896
Simplify's Take
What believers are saying
- CT-388 targets double-digit share in obesity market alongside Novo Nordisk and Lilly.
- PathAI $750M acquisition scales AI digital pathology globally by late 2026.
- Elecsys pTau217 Alzheimer's blood test launches in CE markets from July 2026.
What critics are saying
- Rituxan patent expiry lets Sandoz biosimilars slash 40% lymphoma share in 6-12 months.
- Swiss franc 12% rise compresses US 55% revenues as hedges expire in 6-18 months.
- US IRA forces 60-80% discounts on Herceptin, Avastin from 2028, cutting $4B cashflow.
What makes Roche unique
- Roche integrates pharmaceuticals and diagnostics via 1991 PCR acquisition from Cetus.
- 1990 Genentech majority stake pioneered oncology antibodies like Herceptin and Rituxan.
- Personalized healthcare strategy couples diagnostics to targeted therapies since 2009 full acquisition.
Help us improve and share your feedback! Did you find this helpful?
Benefits
Performance Bonus
Company News
SAGA, providing cancer companion diagnostic testing of tissue and non-invasive monitoring of circulating tumor dna (ctdna). Here you'll find information about their funding, investors and team.
Roche has received CE mark approval for its Elecsys Neurofilament Light Chain blood test to detect neuroinflammation in adults with relapsing remitting multiple sclerosis. The test measures NfL, a protein released during nerve cell injury, providing insight into neuroaxonal damage associated with the disease. Multiple sclerosis affects over 2.9 million people worldwide. Whilst early and regular monitoring is critical, patients often struggle to access routine MRI scans. The minimally invasive blood test offers a more accessible alternative, complementing clinical assessments and potentially enabling earlier intervention. The test runs on Roche's widely available cobas instruments, delivering standardised results and requiring only a simple blood sample. This reduces the need for patients to travel to specialist centres, making frequent monitoring more practical where traditional testing faces geographic, financial or logistical barriers.
Roche has partnered with C4 Therapeutics to develop degrader-antibody conjugates (DACs), marking a $20 million upfront payment with potential milestone payments exceeding $1 billion. The collaboration targets cancer therapeutics using C4's Torpedo platform. DACs represent a next-generation approach to antibody-drug conjugates (ADCs). Whilst ADCs attach cytotoxic drugs to antibodies, DACs use targeted protein degradation payloads to selectively eliminate specific proteins within cancer cells, potentially reducing toxicity and drug resistance whilst accessing previously difficult targets. Amongst Korean listed companies, Orum Therapeutics leads DAC development, having licensed ORM-6151 to Bristol Myers Squibb in 2023. Y-Biologics partnered with Ubix Therapeutics, whilst Oscotec is developing three DAC pipelines through subsidiary Genosco, targeting technology transfers after 2028.
Roche has received FDA 510(k) clearance for its cobas c703 and cobas ISE neo analytical units, designed to enhance laboratory efficiency through increased automation and testing capacity. The units are part of Roche's cobas pro integrated solutions platform. The cobas c703 delivers up to 2,000 tests per hour with 70 reagent positions, doubling clinical chemistry throughput whilst reducing reagent reloads. The cobas ISE neo provides up to 1,800 tests per hour with automated maintenance, reducing hands-on time and plastic waste compared to previous systems. Both units feature monthly operator maintenance to improve uptime and help laboratories address staffing shortages and growing test volumes. Roche has over 4,000 cobas analysers installed across the United States.
Roche has launched the cobas MPX-E assay, a four-in-one donor screening test that simultaneously detects HIV, Hepatitis C, B and E viruses. The test is now available in countries accepting the CE mark. The assay consolidates detection of four major viral targets into a single workflow, improving laboratory efficiency and reducing costs. It features dual-target detection for HIV-1 and enhanced sensitivity for Hepatitis E, which causes an estimated 20 million infections and 70,000 deaths annually worldwide. The test runs on Roche's fully automated cobas x800 systems, which process over 10 million tests monthly across laboratories globally. The ready-to-load reagents enable up to eight hours of walk-away time. The nucleic acid testing blood screening market is valued at approximately 800 million Swiss francs globally, with an expected annual growth rate of 2% through 2029.