Cybersecurity Engineer for Internal Network Defense

At Roche you can show up as yourself embraced for the unique qualities you bring. Our culture encourages personal expression open dialogue and genuine connections where you are valued accepted and respected for who you are allowing you to thrive both personally and professionally. This is how we aim to prevent stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche where every voice matters.

The Position

The Network & Perimeter Security product makes Roches connectivity accessible and secure through actionable policy-driven processes. The capabilities we provide enable Roche to identify inspect and mitigate network-based risks manage regulatory compliance and oversee egress/ingress traffic across all layers. Our solutions are primarily instantiated through leading-edge security platforms and automated orchestration. We work closely with Cloud Infrastructure and Incident Response teams to provide enterprise visibility into Roches network security posture.

Youll be working within the Network Security Product area. This area is accountable for the end-to-end delivery of solutionsdesigning building and maintaining the technologies that protect Roche networks and the Internet whether on-prem or cloud-based. This includes continuous improvement of capabilities like Internet Security Stack DDoS Protection Site-to-Site Connectivity (VPN) Network Access Control and Deep Packet Inspection to stay ahead of an ever-evolving threat landscape.

Job description

As a Senior Cybersecurity Engineer for Internal Network Defense you will be the primary guardian of our internal environment protecting our most sensitive segmentsfrom manufacturing plants and research labs to warehouses and corporate offices. Your mission is to architect and enforce robust East-West segmentation preventing lateral movement and securing the diverse environments that drive our core business. This is a technical implementer role where you will architect design build and operate high-performance security boundaries using a dual-vendor strategy (Palo Alto and Fortinet). Beyond traditional enforcement you will champion the adoption of AI-driven insights to identify latent risks and define the safe boundaries for automated security workflows ensuring our internal network is resilient compliant and prepared for machine-speed threats.

Job responsibilities

Architecture Design & AI Ambition

• Segmentation Strategy: Design develop and document robust network segmentation architectures leveraging Fortinet and Palo Alto firewalls to meet complex business and security requirements.

• AI-Driven Risk Discovery: Actively explore and integrate AI opportunities to analyze internal traffic patterns and identify emerging security risks within complex Manufacturing and Lab environments.

• Automated Guardrails: Define and establish clear boundaries and governance for automated workflows ensuring that machine-driven policy changes remain within safe predictable parameters.

• Solution Blueprints: Create detailed network diagrams technical design documents and implementation plans for new segmentation environments (Labs Manufacturing Research).

Implementation & Deployment

• Firewall Engineering: Configure deploy and manage Palo Alto Networks (PA-Series VM-Series) and Fortinet FortiGate firewalls at scale.

• Centralized Management: Utilize Panorama and FortiManager to enforce consistent security policies NAT rules VPNs (IPSec/SSL) and advanced routing features.

• Infrastructure Evolution: Lead the migration and upgrade of existing internal firewall infrastructure ensuring zero-downtime transitions in critical environments.

3. Operational Excellence & Visibility

• Technical Subject Matter Expertise: Serve as the lead engineer for complex network security escalations performing deep-packet analysis and root-cause investigations to implement long-term architectural fixes.

• Validated Environments: Apply security best practices within validated (GxP) environments ensuring compliance with manufacturing and healthcare regulations.

• Continuous Improvement: Stay current with emerging threats vulnerabilities and security technologies to proactively refine internal defenses.

• Automation & Orchestration: Manage security policies as code while continuously improving automation workflows and cross-platform orchestration to eliminate manual friction reduce operational overhead and ensure consistent high-speed security enforcement.

• On-Call Readiness: Available for on-call support on a rotating schedule to ensure the continuous availability and integrity of global edge security services.

Qualifications

Education / Experience

• Educational Background: Bachelors degree in Computer Science Software Engineering Information Security or a related technical field.

• Professional Experience: 3 years of experience in designing deploying and supporting Next-Generation Firewalls (NGFW) in large enterprise environments.

• Automation Engineering: Proven experience using Ansible Terraform or Python to manage network security infrastructure at scale.

• Large-Scale Infrastructure: Experience managing security controls in complex global environments involving thousands of diverse device profiles (IoT Medical Corporate).

• Regulated Industry: Experience working in highly regulated environments (e.g. Pharmaceuticals Healthcare or Finance) is highly preferred.

Technical Skills

• Palo Alto Mastery: Deep knowledge of PA-Series Panorama App-ID User-ID WildFire and Threat Prevention.

• Fortinet Expertise: Extensive hands-on experience with FortiGate FortiManager FortiAnalyzer and the Fortinet Security Fabric.

• Security Foundations: Solid understanding of security concepts trends and best practices specifically for Defense in Depth within internal networks.

• Networking Depth: Strong foundation in core routing/switching VPN architectures and network protocols.

Skills below will be considered a plus:

• Vendor certifications: Fortinet NSE 4-8 or Palo Alto Networks: PCNSA PCNSE Cisco CCNP

• Cybersecurity certification: CISSP

• Infrastructure as Code (IaC): Proficiency in Terraform and GitHub to maintain version-controlled reproducible security configurations.

• Scripting & Integration: Strong skills in Python or Go to build custom API integrations between security platforms and internal orchestration tools.

• Governance Frameworks: Familiarity with NIST IEC 62443 ISO 27001 and FAIR data principles.

Leadership Skills

• Communication: Strong ability to build trust with network and infrastructure experts and explain complex security policy concepts to non-technical stakeholders.

• Innovation & Curiosity: A relentless passion for staying ahead of threat actors by researching emerging network security trends and automated enforcement techniques.

• Thriving in Ambiguity: Ability to navigate global complexity and drive clarity when translating high-level security requirements into functional network policies.

• Self-Starter: Proven ability to manage technical workstreams from concept to production with minimal supervision taking full ownership of the Edge Defense product lifecycle.

Additional Qualifications

• Demonstrated ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices and analysis techniques

• Strong facilitation communication and conflict resolution skills to ensure alignment across multiple product squads and complex stakeholder networks

• Demonstrated interpersonal collaborative and commitment to operational excellence skills.

Who we are

A healthier future drives us to innovate. Together more than 100000 employees across the globe are dedicated to advance science ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities foster creativity and keep our ambitions high so we can deliver life-changing healthcare solutions that make a global impact.

Lets build a healthier future together.

Roche is an Equal Opportunity Employer.