Cybersecurity Engineer for Edge Network Security

At Roche you can show up as yourself embraced for the unique qualities you bring. Our culture encourages personal expression open dialogue and genuine connections where you are valued accepted and respected for who you are allowing you to thrive both personally and professionally. This is how we aim to prevent stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche where every voice matters.

The Position

Description of the area

The Network & Perimeter Security product makes Roches connectivity accessible and secure through actionable policy-driven processes. The capabilities we provide enable Roche to identify inspect and mitigate network-based risks manage regulatory compliance and oversee egress/ingress traffic across all layers. Our solutions are primarily instantiated through leading-edge security platforms and automated orchestration. We work closely with Cloud Infrastructure and Incident Response teams to provide enterprise visibility into Roches network security posture.

Youll be working within the Network Security Product area. This area is accountable for the end-to-end delivery of solutionsdesigning building and maintaining the technologies that protect Roche networks and the Internet whether on-prem or cloud-based. This includes continuous improvement of capabilities like Internet Security Stack DDoS Protection Site-to-Site Connectivity (VPN) Network Access Control and Deep Packet Inspection to stay ahead of an ever-evolving threat landscape.

Job description

As a Senior Cybersecurity Engineer (Edge Defense) you will play a pivotal role in the end-to-end lifecycle of our perimeter and cloud security products. Your primary focus will be the global engineering adoption and optimization of our Edge security stack including Next-Generation Firewalls (NGFW) DDoS mitigation and Zero Trust Network Access (ZTNA). You are a technical implementer responsible for designing robust high-availability architectures that protect our global network from external threats while enabling secure seamless access to multi-cloud environments. By leveraging an Automation-First mindset you will transform traditional perimeter controls into scalable code-driven security services ensuring Roches digital boundaries remain resilient in an evolving threat landscape.

Job responsibilities

1. Edge Architecture & Engineering

• Perimeter Defense Mastery: Lead the end-to-end deployment configuration and maintenance of Next-Generation Firewalls (Palo Alto Fortinet) ensuring high availability (Active/Active & Active/Passive) and optimal inspection performance across global entry points.

• Zero Trust Transition: Architect and implement ZTNA solutions to move beyond legacy VPNs focusing on granular application-level access and identity-aware security policies.

• Multi-Cloud Network Security: Engineer and manage cloud-native security controls within AWS Azure and GCP ensuring consistent security posture across hybrid and multi-cloud environments.

• DDoS & Threat Mitigation: Design and refine DDoS protection strategies and automated threat prevention policies (SSL decryption IPS/IDS) to shield critical infrastructure from sophisticated external attacks.

2. Product Lifecycle & Evolution

• Lifecycle Governance: Oversee the delivery of Edge solutions from initial design through build global rollout and continuous optimization ensuring that all security controls are reliable scalable and documented.

• Edge Innovation: Proactively identify emerging trends in Edge computing and SASE (Secure Access Service Edge) to inform the product roadmap and maintain a competitive advantage in network defense.

3. Operational Excellence & Visibility

• Technical Subject Matter Expertise: Serve as the lead engineer for complex network security escalations performing deep-packet analysis and root-cause investigations to implement long-term architectural fixes.

• Security Observability: Develop advanced monitoring dashboards and telemetry to provide real-time visibility into edge traffic patterns attack surfaces and the health of the security stack.

• Automation & Orchestration: Manage security policies as code while continuously improving automation workflows and cross-platform orchestration to eliminate manual friction reduce operational overhead and ensure consistent high-speed security enforcement.

• Self-Service & Enablement: Build and maintain automated workflows and APIs that allow internal dev teams to consume edge security services (e.g. automated firewall rule requests) autonomously and securely.

• On-Call Readiness: Available for on-call support on a rotating schedule to ensure the continuous availability and integrity of global edge security services.

Qualifications

Education / Experience

• Educational Background: Bachelors degree in Computer Science Software Engineering Information Security or a related technical field.

• Perimeter Security Mastery: 5 years of hands-on experience in designing and managing enterprise-grade Firewall environments (specifically Palo Alto and/or Fortinet).

• Cloud Security Expertise: Proven track record of implementing network security controls in at least two major cloud providers (AWS Azure or GCP).

• Perimeter & Inspection Expertise: Proven track record in configuring and maintaining Palo Alto Next-Generation Firewalls (NGFW) including TLS inspection User identification WildFire Threat Prevention URL Filtering and GlobalProtect.

• Automation Engineering: Proven experience using Ansible Terraform or Python to manage network security infrastructure at scale.

• Large-Scale Infrastructure: Experience managing security controls in complex global environments involving thousands of diverse device profiles (IoT Medical Corporate).

• Regulated Industry: Experience working in highly regulated environments (e.g. Pharmaceuticals Healthcare or Finance) is a significant plus.

Technical Skills

• NGFW Expert: Expert-level knowledge of Palo Alto and/or Fortinet platforms including advanced threat prevention SSL decryption and high-availability design.

• DDoS Mitigation: Experience managing specialized DDoS protection services (e.g. Akamai Cloudflare or F5).

• ZTNA & Remote Access: Proficiency in modern Zero Trust architectures and SASE frameworks (e.g. Zscaler Prisma Access).

• Multi-Cloud Networking: Strong understanding of cloud networking components (VPCs VNETs Transit Gateways Cloud Firewalls).

• Network Foundations: Deep understanding of core protocols (BGP OSPF DNS TLS/SSL) and how they intersect with security enforcement.

Skills below will be considered a plus:

• Vendor certifications: Fortinet NSE or Palo Alto Networks PCNSA

• PCNSE or Cisco CCNP Security

• Cybersecurity certification: CISSP

• Infrastructure as Code (IaC): Proficiency in Terraform and GitHub to maintain version-controlled reproducible security configurations.

• Scripting & Integration: Strong skills in Python or Go to build custom API integrations between security platforms and internal orchestration tools.

• DDoS Mitigation: Experience managing specialized DDoS protection services (e.g. Akamai Cloudflare or F5).

• Governance Frameworks: Familiarity with NIST ISO 27001 and FAIR data principles.

Leadership Skills

• Communication: Strong ability to build trust with network and infrastructure experts and explain complex security policy concepts to non-technical stakeholders.

• Innovation & Curiosity: A relentless passion for staying ahead of threat actors by researching emerging network security trends and automated enforcement techniques.

• Thriving in Ambiguity: Ability to navigate global complexity and drive clarity when translating high-level security requirements into functional network policies.

• Self-Starter: Proven ability to manage technical workstreams from concept to production with minimal supervision taking full ownership of the Edge Defense product lifecycle.

Additional Qualifications

• Demonstrated ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices and analysis techniques

• Strong facilitation communication and conflict resolution skills to ensure alignment across multiple product squads and complex stakeholder networks

• Demonstrated interpersonal collaborative and commitment to operational excellence skills

Who we are

A healthier future drives us to innovate. Together more than 100000 employees across the globe are dedicated to advance science ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities foster creativity and keep our ambitions high so we can deliver life-changing healthcare solutions that make a global impact.

Lets build a healthier future together.

Roche is an Equal Opportunity Employer.