Roche
Pharmaceuticals
CybersecurityEngineerforNetworkSecurity
Neural analysis suggests this role is
optimal for Mid candidates.
“Cybersecurity Engineer for Network Security at Roche. Skills: Cisco ISE, Palo Alto Networks, Automation Engineering, Observability Framework. Lead high-level and low-level design for Cisco ISE deployments. Lead high-level and low-level design for Wired Access Control strategies”
What You'll Achieve.
Provide enterprise visibility into Roche’s network security posture; Identify, inspect, and mitigate network-based risks; Manage regulatory compliance; Oversee egress/ingress traffic across all layers; Protect Roche networks and the Internet; Stay ahead of an ever-evolving threat landscape; Provide a 'single pane of glass' for infrastructure health; Maintain a real-time, dynamic inventory of all network assets and security nodes; Provide real-time visibility into the 'connected landscape'; Identify insecure nodes or unauthorized devices before they can affect the network; Eliminate manual friction; Reduce operational overhead; Ensure consistent, high-speed security enforcement; Empower internal teams to consume network security controls autonomously and securely
Industry & Context.
Root-cause analysis; Implementing long-term, automated architectural fixes; Identifying gaps in the current security posture
What They're Looking For.
Must Have
Bachelor’s degree in Computer Science, Software Engineering, Information Security, or a related technical field, 3+ years of hands-on experience in designing, implementing, and managing enterprise-grade NAC solutions, specifically Cisco ISE, Proven track record in configuring and maintaining Palo Alto Next-Generation Firewalls (NGFW), including SSL decryption and threat prevention, Proven experience using Ansible, Terraform, or Python to manage network security infrastructure at scale, Experience managing security controls in complex, global environments involving thousands of diverse device profiles (IoT, Medical, Corporate)
Nice to Have
Experience working in highly regulated environments (e.g., Pharmaceuticals, Healthcare, or Finance) is a significant plus, Proficiency in Terraform and GitHub to design and manage reproducible, version-controlled network security configurations, Proven ability to build CI/CD pipelines and automated workflows that streamline cross-platform security operations and eliminate manual friction, Solid foundation in enterprise networking (L2/L3), including advanced knowledge of routing protocols (BGP, OSPF) and switching (VLANs, VXLAN) to ensure seamless security policy integration, Demonstrated ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices and analysis techniques, Facilitation, communication, and conflict resolution skills to ensure alignment across multiple product squads and complex stakeholder networks, Demonstrated interpersonal, collaborative and commitment to operational excellence skills
What You'll Do.
Lead high-level and low-level design for Cisco ISE deployments
Lead high-level and low-level design for Wired Access Control strategies
Serve as primary engineer for Palo Alto NGFW architectures
Implement technical enhancements to NAC policies
Implement technical enhancements to SGT propagation
Implement technical enhancements to firewall rule-sets
Act as lead implementer for global migrations
Act as lead implementer for new feature rollouts
Architect and develop custom observability framework
Build automated integrations with external data sources
Design custom logic to ingest and visualize telemetry
Serve as lead engineer for network security escalations
Provide root-cause analysis
Implement automated architectural fixes
Develop dashboards and reporting for security observability
Manage security policies as code
Improve automation workflows
Improve cross-platform orchestration
Design and build self-service capabilities
How You'll Work.
Team & Collaboration
Work closely with Cloud, Infrastructure, and Incident Response teams; Build trust with network and infrastructure experts; Explain complex security policy concepts to non-technical stakeholders; Ensure alignment across multiple product squads and complex stakeholder networks
Communication Scope
Ability to build trust with network and infrastructure experts; Explain complex security policy concepts to non-technical stakeholders; Facilitation skills; Conflict resolution skills
Process & Methodology
Manage technical workstreams from concept to production with minimal supervision, Taking full ownership of the NAC product lifecycle
Full Job Description
At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters. ### ### The Position The Network Security product makes Roche’s connectivity accessible and secure through actionable, policy-driven processes. The capabilities we provide enable Roche to identify, inspect, and mitigate network-based risks, manage regulatory compliance, and oversee egress/ingress traffic across all layers. Our solutions are primarily instantiated through leading-edge security platforms and automated orchestration. We work closely with Cloud, Infrastructure, and Incident Response teams to provide enterprise visibility into Roche’s network security posture. You’ll be working within the Network Security Product area. This area is accountable for the end-to-end delivery of solutions—designing, building, and maintaining the technologies that protect Roche networks and the Internet, whether on-prem or cloud-based. This includes continuous improvement of capabilities like Internet Security Stack, DDoS Protection, Site-to-Site Connectivity (VPN), Network Access Control and Deep Packet Inspection to stay ahead of an ever-evolving threat landscape. As the Subject Matter Expert (SME) for Network Security, you will lead the Design, Build, and Improvement of critical security infrastructures, specifically focusing on Cisco ISE, Wired Access Control (WAC), and Palo Alto Networks. This is a dual-impact role: you are the technical authority for the secure access layer, while simultaneously leading the engineering of a custom observability framework. You will develop the front-end, back-end, and integration logic
Applying for this Cybersecurity Engineer for Network Security role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on Workday
- Workday has a multi-step form — save your progress after every section.
- "Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
- Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
- Job requisition numbers are useful when following up with HR by email.
ANONYMOUS · UNFILTERED
What do employees actually say about Roche?
Real rants from real employees. Read before you apply.