Senior Cybersecurity Analyst - Policy Based Access
Roche
This listing was originally posted on Roche's careers page. Formulate is an equal opportunity job aggregator and is not involved in the hiring process. Where salary information is estimated, it is derived from BLS industry benchmarks and may differ from actual compensation.
Upgrade to Pro to access the AI-generated 'Read before applying' briefing and other premium pharma intelligence.
Upgrade to Pro — $25/moAt Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.
Senior Cybersecurity Analyst - Policy Based Access
As part of Roche Digital Technology (RDT), our Identity and Access Management (IAM) team protects the organization’s global digital assets by developing and operating sophisticated security platforms. We work at the forefront of identity governance, fine-grained authorization, and hybrid cloud security to support users and business-critical systems in a highly regulated global healthcare ecosystem.
As a Senior Cybersecurity Analyst - Policy Based Access, you will be part of a global team responsible for the design, implementation, and lifecycle management of our Policy Based Access Control (PBAC) infrastructure. You will play a critical role in protecting our information and assets by moving beyond traditional access models toward a dynamic, fine-grained authorization framework that supports our global Zero Trust strategy. In this role, you will act as a trusted advisor to global application owners, ensuring that our security policies are scalable, resilient, and deployed seamlessly through automated code pipelines.
The Opportunity
Architect PBAC Infrastructure: Serve as the technical owner of core PBAC components (PDP/PEP) across a hybrid global landscape, ensuring high availability and peak performance.
Drive Strategic Implementation: Lead the enterprise transition from initial access use cases to global adoption, defining organization-wide standards for policy-based authorization.
Consult on Integration Pathways: Act as the primary technical consultant for application and data owners, integrating critical systems via RESTful APIs, SQL/JDBC, and LDAP.
Pioneer Policy as Code (PaC): Drive the shift to PaC by designing automated pipelines for versioning, testing, and deploying authorization logic like modern software.
Manage Platform Lifecycles: Own the tactical lifecycle of the authorization platforms, including version upgrades, continuous performance tuning, and security patching.
Lead Incident Analysis: Conduct deep-dive analytical investigations and root cause analysis into moderately complex cybersecurity incidents, threat patterns, and vulnerabilities.
Streamline Asset Onboarding: Optimize and accelerate onboarding processes for new digital assets while ensuring strict alignment with international data privacy regulations like GDPR.
Collaborate Across Product Squads: Partner closely with product managers, developers, and global stakeholders to build secure, user-friendly, and friction-free PBAC workflows.
Who you are
Experienced Security Professional: You bring 4–9 years of professional experience in IT Security, including 3+ years specifically focused on IAM and PBAC/ABAC in large enterprise environments.
Technical Security Master: You possess advanced, deep-level knowledge of XACML, decentralized policy management, and Zero Trust frameworks (RBAC and ABAC).
Identity Foundations Expert: You are highly proficient in core identity standards, including SAML, OAuth, OIDC, Single Sign-On (SSO), and Identity Governance and Administration (IGA).
DevOps & Integration Developer: You are skilled in Java or Python for custom integrations, with practical experience utilizing Git and CI/CD pipelines for secure code deployment.
Educated Professional: You hold a Bachelor’s or Advanced degree in Computer Science, Cyber Security, Information Technology, or a related field (or equivalent professional experience).
Analytical Problem Solver: You have advanced logical reasoning skills to identify security discrepancies, analyze technology fit, and propose strategically aligned controls.
Global Collaborator & Mentor: You are fluent in English, experienced in working within Agile matrixed global environments, and skilled at mentoring colleagues and managing Managed Service Providers (MSPs).
Ready to bring your unique qualities to Roche and make an impact? Apply now and join us in our mission to shape the future of healthcare.
#RDT2026
A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.
Let’s build a healthier future, together.
Roche is an Equal Opportunity Employer.
Explore related positions you might be interested in
We'll notify you when matching roles are posted.
Interviewed at Roche?
Help others prepare — share your experience anonymously.
PHARMACEUTICAL
Small Molecules & Diagnostics
Upgrade to Pro to access AI interview prep brief and other premium pharma intelligence.
Upgrade to Pro — $25/mo