罗氏促进多元化、公平性和包容性，代表我们所服务的社区。在全球范围内处理医疗保健问题时，多元化是成功的关键因素。我们认为，包容性是理解人们不同医疗保健需求的关键。我们共同拥抱个性，共同抱持对卓越护理的热情。加入罗氏，每个声音都会得到重视。

职位

The Opportunity

In the position of Principal DevSecOps Engineer you will join the China Digital Platform team and will be part of the Cloud security team.

As a Cloud Security Engineer with good experience in monitoring and improving DevSecOps tools and processes, you will automate routine tasks and improve system reliability.

You will also play a critical role in providing technical support for day-to-day security operations, security tool integration, automation support, change management and business continuity programs.

You will:

1.Ali Cloud topology and Security Services:

*
Demonstrated expertise and working knowledge of the Alibaba Cloud and its security services.

*
Ability to understand and navigate the various security features and controls offered by Alibaba Cloud.

2.Security and Compliance Requirements:

*
Collaborate with the team to define and implement security and compliance requirements for our Ali Cloud landing zone and organization.

*
Ensure adherence to industry standards and best practices while considering the specific needs of operating in China.

*
Stay updated with the latest security trends and technologies in the Alibaba Cloud ecosystem.

3.Security Event Capturing and Management:

*
Architect and implement a robust security event capturing and log management system (SIEM).

*
Monitor logs, security vulnerabilities, and threats to proactively identify and respond to potential security incidents.

*
Develop processes to generate timely and accurate security alerts for effective incident response.

4.Automation and Collaboration:

*
Automate the process of sending security alerts to Security Champions of each product.

*
Collaborate with cross-functional teams to ensure prompt and coordinated response to security incidents.

5.Tool Evaluation and Implementation:

*
Identify, define, conduct Proof of Concept (PoC), and enable/implement tools to secure Alibaba Cloud accounts.

*
Evaluate and recommend appropriate security tools and technologies based on specific requirements.

6.Identify, integrate, monitor and improve infosec controls by understanding business processes.

7.Assist with complex projects and automation of day to day security operations to improve SLA

8.Experience with container and container orchestration technologies Docker and Kubernetes

Who you are

You’re looking for a challenge where you have the opportunity to pursue your interests across functions and geographies. Where your passion for technology, delivery, reliability, and operational excellence will impact the lives of patients fighting cancer and many other disease areas in the future.

You have a degree in computer science, engineering, or other related fields, or equivalent experience. You bring experience working in a multicultural environment and proven cultural awareness.

You have extensive experience with automation in CI/CD tools, methods and processes, including development of multi-environment pipelines (e.g., Jenkins, GitLab CI/CD,...), and Containerization/Orchestration, including Docker & Kubernetes.

And you have a strong understanding of key security concepts like WAF, Application security, network security and Identity access management.

Job-related Experience

*
3+ years related technical experience in Product Security Architecture or Engineering

*
5+ years of related work experience in cloud platforms: Ali Cloud

*
Design, implement, support and evaluate security-focused tools, vulnerability management tools and services.

*
Demonstrated experience in one or more programming languages (preferably Python)

*
Conduct periodic Vulnerability assessment. Participate in incident handling and other related duties to support the information security function.

*
Nice to have experience in industry standard tools like Splunk, jFrog, GitLab, Prisma, HashiCorp Vault, Tenable (Nessus scanner)

Furthermore, you bring:

*
Very good interpersonal skills, a team player attitude and mindset, and you like bringing others up to speed on technology

*
Demonstrated ability to adapt to new technologies and learn quickly

*
Effective at engaging with teams in various functions and across different levels

*
Strong organizational skills and ability to prioritize and manage multiple projects simultaneously

*
You have experience with automation for infrastructure deploy/manage - terraform, cloudformation, resource manager or similar

*
Industry recognized certifications provided by GIAC, ISACA, ISC2

*
Cloud Security Certifications relevant to Ali Cloud Security certifications would be ideal.

*
Healthcare software experience preferred

*
Experience with clinical workflow solutions or in a clinical environment is a plus.

Following technical will be an asset:

*
Python design patterns, OO programming

*
Experience in Cloud Security and Serverless Architectures

*
Experience in developing command-line and standalone applications

*
Infrastructure-as-Code and related tools (CDK / Terraform / Terragrunt / CI / CD )

*
SDLC and Agile methodologies

我们是谁

在罗氏，来自100个国家的100，000名员工不断推动着健康医疗行业的进步。我们一同工作，使罗氏成为了世界领先的以研发为基础的健康医疗集团。我们的成功源于创新、求知和多元化，也源于我们把相互间的差异作为一种优势。为了革新医疗健康领域，罗氏设定了远大的计划，坚持学习和发展，并不断寻找与之志同道合的伙伴。

罗氏提供平等的职业发展机会。

其他信息

行业要求：全部行业
所属部门：--请选择部门--