Cybersecurity Engineer for Network Security

At Roche you can show up as yourself embraced for the unique qualities you bring. Our culture encourages personal expression open dialogue and genuine connections where you are valued accepted and respected for who you are allowing you to thrive both personally and professionally. This is how we aim to prevent stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche where every voice matters.

The Position

The Network Security product makes Roches connectivity accessible and secure through actionable policy-driven processes. The capabilities we provide enable Roche to identify inspect and mitigate network-based risks manage regulatory compliance and oversee egress/ingress traffic across all layers. Our solutions are primarily instantiated through leading-edge security platforms and automated orchestration. We work closely with Cloud Infrastructure and Incident Response teams to provide enterprise visibility into Roches network security posture.

Youll be working within the Network Security Product area. This area is accountable for the end-to-end delivery of solutionsdesigning building and maintaining the technologies that protect Roche networks and the Internet whether on-prem or cloud-based. This includes continuous improvement of capabilities like Internet Security Stack DDoS Protection Site-to-Site Connectivity (VPN) Network Access Control and Deep Packet Inspection to stay ahead of an ever-evolving threat landscape.

As the Subject Matter Expert (SME) for Network Security you will lead the Design Build and Improvement of critical security infrastructures specifically focusing on Cisco ISE Wired Access Control (WAC) and Palo Alto Networks. This is a dual-impact role: you are the technical authority for the secure access layer while simultaneously leading the engineering of a custom observability framework. You will develop the front-end back-end and integration logic required to provide deep visibility into the security product health and asset inventory.

Job Responsibilities

1. SME:

Secure Access (ISE WAC Palo Alto)

• Design & Architecture: Lead the high-level and low-level design (HLD/LLD) for global Cisco ISE deployments and Wired Access Control (WAC) strategies to ensure seamless identity-based security.

• Palo Alto SME: Serve as the primary engineer for Palo Alto NGFW architectures including advanced threat prevention decryption and secure egress/ingress traffic management.

• Continuous Improvement: Proactively identify gaps in the current security posture and implement technical enhancements to NAC policies SGT (TrustSec) propagation and firewall rule-sets.

• Build & Implementation: Act as the lead implementer for complex global migrations and new feature rollouts across the network security stack.

2. Observability Framework Engineering

• Full-Stack Development: Architect and develop a custom framework (front-end and back-end) to provide a single pane of glass for infrastructure health.

• Inventory & Integration: Build automated integrations with external data sources (CMDB IPAM etc.) to maintain a real-time dynamic inventory of all network assets and security nodes.

• Telemetry Logic: Design custom logic to ingest and visualize telemetry from ISE WAC and Palo Alto using APIs SNMP and Syslog.

3. Operational Excellence & Visibility

• Technical Subject Matter Expertise: Serve as the lead engineer for complex network security escalations providing root-cause analysis and implementing long-term automated architectural fixes.

• Security Observability: Develop dashboards and reporting to provide real-time visibility into the connected landscape identifying insecure nodes or unauthorized devices before they can affect the network.

• Automation & Orchestration: Manage security policies as code while continuously improving automation workflows and cross-platform orchestration to eliminate manual friction reduce operational overhead and ensure consistent high-speed security enforcement.

• Self-Service & Enablement: Design and build self-service capabilities that empower internal teams to consume network security controls autonomously and securely.

Qualifications

Education / Experience

• Educational Background: Bachelors degree in Computer Science Software Engineering Information Security or a related technical field.

• Network Access Control Mastery: 3 years of hands-on experience in designing implementing and managing enterprise-grade NAC solutions specifically Cisco ISE.

• Perimeter & Inspection Expertise: Proven track record in configuring and maintaining Palo Alto Next-Generation Firewalls (NGFW) including SSL decryption and threat prevention.

• Automation Engineering: Proven experience using Ansible Terraform or Python to manage network security infrastructure at scale.

• Large-Scale Infrastructure: Experience managing security controls in complex global environments involving thousands of diverse device profiles (IoT Medical Corporate).

• Regulated Industry: Experience working in highly regulated environments (e.g. Pharmaceuticals Healthcare or Finance) is a significant plus.

Technical Skills

• Cisco ISE Specialist: Expert-level knowledge of Cisco ISE including hands-on experience with TrustSec Dot1x MAB and Profiling.

• Coding & Integration: Strong scripting skills in Python PowerShell or Bash to develop self-service tools and custom API integrations between security platforms. API integrations between security platforms.

• API & Integration: Deep experience with REST APIs for integrating security platforms with external information sources.

• Segmentation Technologies: Proficiency in network virtualization and segmentation techniques (such as TrustSec SGTs or VRFs) applied to security use cases.

• Palo Alto Mastery: Proven track record in deploying and troubleshooting Palo Alto Firewalls in complex HA environments (Active/Active and Active/Passive).

• Network Foundations: Deep understanding of RADIUS TACACS and core routing/switching as they relate to security enforcement.

• Monitoring Stack: Advanced knowledge of LogicMonitor Splunk or similar tools specifically for creating custom DataSources and Dashboards.

• Architectural Mindset: Ability to design Defense in Depth flows that connect device identity to granular network permissions.

• Skills below will be considered a plus:

• Infrastructure as Code (IaC): Proficiency in Terraform and GitHub to design and manage reproducible version-controlled network security configurations.

• Engineering & Orchestration: Proven ability to build CI/CD pipelines and automated workflows that streamline cross-platform security operations and eliminate manual friction.

• Enterprise Networking: Solid foundation in enterprise networking (L2/L3) including advanced knowledge of routing protocols (BGP OSPF) and switching (VLANs VXLAN) to ensure seamless security policy integration.

Leadership Skills

• Communication: Strong ability to build trust with network and infrastructure experts and explain complex security policy concepts to non-technical stakeholders.

• Innovation & Curiosity: A relentless passion for staying ahead of threat actors by researching emerging network security trends and automated enforcement techniques.

• Thriving in Ambiguity: Ability to navigate global complexity and drive clarity when translating high-level security requirements into functional network policies.

• Self-Starter: Proven ability to manage technical workstreams from concept to production with minimal supervision taking full ownership of the NAC product lifecycle.

Additional Qualifications

• Demonstrated ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices and analysis techniques

• Strong facilitation communication and conflict resolution skills to ensure alignment across multiple product squads and complex stakeholder networks

• Demonstrated interpersonal collaborative and commitment to operational excellence skills.

Who we are

A healthier future drives us to innovate. Together more than 100000 employees across the globe are dedicated to advance science ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities foster creativity and keep our ambitions high so we can deliver life-changing healthcare solutions that make a global impact.

Lets build a healthier future together.

Roche is an Equal Opportunity Employer.