Roche
Pharmaceuticals
CybersecurityEngineerforInternalNetworkDefense
Neural analysis suggests this role is
optimal for Senior candidates.
“Cybersecurity Engineer for Internal Network Defense at Roche. Skills: Palo Alto, Fortinet, Network Security, Automation. Design, develop and document network segmentation architectures. Explore and integrate AI opportunities”
What You'll Achieve.
Prevent lateral movement; Secure diverse environments; Ensure internal network is resilient, compliant, and prepared for machine-speed threats; Meet complex business and security requirements; Identify emerging security risks; Ensure machine-driven policy changes remain within safe, predictable parameters; Ensure zero-downtime transitions in critical environments; Implement long-term architectural fixes; Ensure compliance with manufacturing and healthcare regulations; Proactively refine internal defenses; Eliminate manual friction; Reduce operational overhead; Ensure consistent, high-speed security enforcement; Provide enterprise visibility into Roche’s network security posture; Identify, inspect, and mitigate network-based risks; Manage regulatory compliance; Oversee egress/ingress traffic across all layers; Protect Roche networks and the Internet; Continuous improvement of capabilities
Industry & Context.
Identify latent risks; Perform deep-packet analysis; Root-cause investigations; Translate high-level security requirements into functional network policies
On-call support on a rotating schedule
What They're Looking For.
Must Have
3+ years of experience in designing, deploying, and supporting Next-Generation Firewalls (NGFW) in large enterprise environments., Proven experience using Ansible, Terraform, or Python to manage network security infrastructure at scale., Experience managing security controls in complex, global environments involving thousands of diverse device profiles (IoT, Medical, Corporate)., Deep knowledge of PA-Series, Panorama, App-ID, User-ID, WildFire, and Threat Prevention., Extensive hands-on experience with FortiGate, FortiManager, FortiAnalyzer, and the Fortinet Security Fabric., Solid understanding of security concepts, trends, and best practices, specifically for "Defense in Depth" within internal networks., Foundation in core routing/switching, VPN architectures, and network protocols.
Nice to Have
Experience working in highly regulated environments (e. g. , Pharmaceuticals, Healthcare, or Finance)., Fortinet NSE 4-8 or Palo Alto Networks: PCNSA PCNSE, Cisco CCNP, CISSP, Proficiency in Terraform and GitHub to maintain version-controlled, reproducible security configurations., Skills in Python or Go to build custom API integrations between security platforms and internal orchestration tools., Familiarity with NIST, IEC 62443, ISO 27001, and FAIR data principles., Demonstrated ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices and analysis techniques, Facilitation, communication, and conflict resolution skills to ensure alignment across multiple product squads and complex stakeholder networks, Demonstrated interpersonal, collaborative and commitment to operational excellence skills.
What You'll Do.
develop and document network segmentation architectures
Explore and integrate AI opportunities
Define and establish boundaries for automated workflows
Create network diagrams and design documents
Utilize Panorama and FortiManager
Lead migration and upgrade of firewall infrastructure
Serve as lead engineer for escalations
Apply security best practices in GxP environments
Stay current with emerging threats
Manage security policies as code
Improve automation workflows and orchestration
Ensure continuous availability and integrity of security services
How You'll Work.
Team & Collaboration
Work closely with Cloud, Infrastructure, and Incident Response teams; Build trust with network and infrastructure experts; Ensure alignment across multiple product squads and complex stakeholder networks
Communication Scope
Ability to explain complex security policy concepts to non-technical stakeholders; Facilitation skills; Communication skills
Process & Methodology
Manage technical workstreams from concept to production
Full Job Description
At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters. ### ### The Position The******Network & Perimeter Security****** product makes Roche’s connectivity accessible and secure through actionable, policy-driven processes. The capabilities we provide enable Roche to identify, inspect, and mitigate network-based risks, manage regulatory compliance, and oversee egress/ingress traffic across all layers. Our solutions are primarily instantiated through leading-edge security platforms and automated orchestration. We work closely with Cloud, Infrastructure, and Incident Response teams to provide enterprise visibility into Roche’s network security posture. You’ll be working within the **Network Security Product** area. This area is accountable for the end-to-end delivery of solutions—designing, building, and maintaining the technologies that protect Roche networks and the Internet, whether on-prem or cloud-based. This includes continuous improvement of capabilities like Internet Security Stack, **DDoS Protection , Site-to-Site Connectivity (VPN)**, Network Access Control and******Deep Packet Inspection****** to stay ahead of an ever-evolving threat landscape. **Job description** As a Senior Cybersecurity Engineer for Internal Network Defense, you will be the primary guardian of our internal environment, protecting our most sensitive segments—from manufacturing plants and research labs to warehouses and corporate offices. Your mission is to architect and enforce robust "East-West" segmentation, preventing lateral movement and securing the diverse environments that drive our co
Applying for this Cybersecurity Engineer for Internal Network Defense role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about Roche?
Real rants from real employees. Read before you apply.