Security Engineer – Vulnerability & Exposure Management

About the role

The Global Security Monitoring and Incident Response (MIR) team at Roche is seeking a Security Engineer to join the Vulnerability and Exposure Management team. You will protect sensitive data, defend systems and web applications, and help build future security capabilities.

Key responsibilities

• Triage, investigate, and respond to critical vulnerabilities affecting Roche.
• Evaluate and prioritize vulnerabilities discovered through scanning tools and the bug‑bounty program.
• Research emerging vulnerabilities and develop methods to confirm exploitability against our attack surface.
• Communicate risk and collaborate with system owners and stakeholders to mitigate security issues.
• Assess company systems and web applications using both automated and manual techniques.
• Maintain, improve, and engineer scanning, detection, and automation solutions.
• Participate in security monitoring for a global environment.

Required profile

• Associate degree in a relevant field or 5+ years of experience in information security.
• Proven ability to triage, analyze, and escalate security vulnerabilities.
• Experience with attack surface management in a large, global environment.
• Programming experience with Python, Node.js, and JavaScript, plus familiarity with AI‑assisted code development.
• Strong focus on web application, network, and computer security, including basic exploit development.
• Contributions to open‑source security projects and custom detection logic.
• Hands‑on cloud security experience.
• Excellent communication skills and fluency in English.
• Preferred certifications: OSCP, GWAPT, OSWE.

Required skills

• Python
• Node.js
• JavaScript
• Attack surface management
• Vulnerability scanning tools
• Bug‑bounty program handling
• Cloud security
• Automation and detection engineering
• Web application security
• Network security
• Exploit validation