At Roche you can show up as yourself embraced for the unique qualities you bring. Our culture encourages personal expression open dialogue and genuine connections where you are valued accepted and respected for who you are allowing you to thrive both personally and professionally. This is how we aim to prevent stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche where every voice matters.

The Position

The Network Security product makes Roches connectivity accessible and secure through actionable policy-driven processes. The capabilities we provide enable Roche to identify inspect and mitigate network-based risks manage regulatory compliance and oversee egress/ingress traffic across all layers. Our solutions are primarily instantiated through leading-edge security platforms and automated orchestration. We work closely with Cloud Infrastructure and Incident Response teams to provide enterprise visibility into Roches network security posture.

Youll be working within the Network Security Product area. This area is accountable for the end-to-end delivery of solutionsdesigning building and maintaining the technologies that protect Roche networks and the Internet whether on-prem or cloud-based. This includes continuous improvement of capabilities like Internet Security Stack DDoS Protection Site-to-Site Connectivity (VPN) Network Access Control and Deep Packet Inspection to stay ahead of an ever-evolving threat landscape.

As a Cybersecurity Engineer for Cloud & Edge Defense you will be the primary architect and engineer responsible for the security of our global digital boundaries and multi-cloud ecosystems. Your mission is to secure our front door by designing and implementing high-performance traffic inspection solutions across AWS GCP and Azure using Palo Alto VM-Series as the central pillar. This is a technical implementer role where you will architect design build and operate cloud network security infrastructure. You will bridge the gap between traditional network security and cloud-native architectures leveraging Terraform and Python to deploy security as code. Your goal is to ensure that our global cloud expansion remains resilient compliant and protected against machine-speed threats.

Responsibilities

1. Architecture & Design

• Multi-Cloud Infrastructure Design: Design and develop robust cloud network infrastructure across AWS GCP and Azure leveraging Palo Alto instances as the central solution for deep traffic inspection.

• Solution Blueprints: Create detailed cloud network diagrams design documents and implementation plans for new cloud-native and hybrid security architectures.

• Architectural Collaboration: Partner closely with network and cloud architects to integrate firewall solutions seamlessly into the existing global network fabric.

2. Product Lifecycle & Evolution

• Advanced Palo Alto Engineering: Execute advanced configuration and management of Palo Alto solutions (VM-Series Panorama) including complex upgrades and migrations in production environments.

• Cloud Programming: Leverage a deep understanding of cloud vendor network infrastructures to configure program and deploy security solutions via automated pipelines.

• Feature Enforcement: Implement and manage App-ID User-ID WildFire Threat Prevention SSL Decryption and GlobalProtect to enforce a Zero Trust posture.

3. Operational Excellence & Visibility

• Technical Subject Matter Expertise: Troubleshoot complex network and security issues related to cloud-native routing load balancing and firewall inspection within multi-cloud environments.

• Automation & Orchestration: Manage security policies as code while continuously improving automation workflows and cross-platform orchestration to eliminate manual friction reduce operational overhead and ensure consistent high-speed security enforcement.

• Continuous Evolution: Stay current with emerging threats cloud-specific vulnerabilities and evolving security technologies to proactively refine our defense-in-depth strategy.

• On-Call Readiness: Available for on-call support on a rotating schedule to ensure the continuous availability and integrity of global edge security services.

Qualifications

Education / Experience

• Educational Background: Bachelors degree in Computer Science Software Engineering Information Security or a related technical field.

• Cloud Security Expertise: Proven track record of implementing network security controls in at least two major cloud providers (AWS Azure or GCP).

• Security Foundation: 3 years of experience in designing deploying and supporting Next-Generation Firewalls (NGFW) with a strong networking background.

• Perimeter & Inspection Expertise: Proven track record in configuring and maintaining Palo Alto Next-Generation Firewalls (NGFW) including TLS inspection User identification WildFire Threat Prevention URL Filtering and GlobalProtect.

• Automation Engineering: Proven experience using Ansible Terraform or Python to manage network security infrastructure at scale.

• Large-Scale Infrastructure: Experience managing security controls in complex global environments involving thousands of diverse device profiles (IoT Medical Corporate).

• Regulated Industry: Experience working in highly regulated environments (e.g. Pharmaceuticals Healthcare or Finance) is a significant plus.

Technical Skills

• NGFW Expert: Expert-level knowledge of Palo Alto and/or Fortinet platforms including advanced threat prevention TLS inspection and high-availability design.

• Multi-Cloud native skills: Proficient in configuring cloud-specific network components (VPCs VNETs Transit Gateways Load Balancers) across AWS Azure and GCP.

• Network Foundations: Deep understanding of core protocols (BGP OSPF DNS TLS/SSL) and how they intersect with security enforcement.

• Foundational Security: Solid understanding of security concepts trends and best practices with experience operating in validated (GxP) environments.

Skills below will be considered a plus:

• Vendor certifications: Palo Alto Networks PCNSE AWS Certified Security Azure Security Engineer Associate.

• Cybersecurity certification: CISSP

• Infrastructure as Code (IaC): Proficiency in Terraform and GitHub to maintain version-controlled reproducible security configurations.

• Scripting & Integration: Strong skills in Python or Go to build custom API integrations between security platforms and internal orchestration tools.

Leadership Skills

• Communication: Strong ability to build trust with network and infrastructure experts and explain complex security policy concepts to non-technical stakeholders.

• Innovation & Curiosity: A relentless passion for staying ahead of threat actors by researching emerging network security trends and automated enforcement techniques.

• Thriving in Ambiguity: Ability to navigate global complexity and drive clarity when translating high-level security requirements into functional network policies.

• Self-Starter: Proven ability to manage technical workstreams from concept to production with minimal supervision taking full ownership of the Edge Defense product lifecycle.

Additional Qualifications

• Demonstrated ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices and analysis techniques

• Strong facilitation communication and conflict resolution skills to ensure alignment across multiple product squads and complex stakeholder networks

• Demonstrated interpersonal collaborative and commitment to operational excellence skills.

Who we are

A healthier future drives us to innovate. Together more than 100000 employees across the globe are dedicated to advance science ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities foster creativity and keep our ambitions high so we can deliver life-changing healthcare solutions that make a global impact.

Lets build a healthier future together.

Roche is an Equal Opportunity Employer.