Roche

Healthcare

CybersecurityEngineerforSecureAccessNetwork(Temporary,FixedTerm)

$27500–37500k ~AI est. San Jose, Costa Rica FULL TIME

Market Sentiment

HIGH DEMAND

Neural analysis suggests this role is
optimal for Mid candidates.

The Brief

“Cybersecurity Engineer for Secure Access Network (Temporary, Fixed Term) at Roche. Skills: Network Access Control, Network segmentation, Cisco ISE, Palo Alto NGFW. Deploy Cisco ISE globally. Maintain Cisco ISE globally”

Industry & Context.

Healthcare

Problems you'll solve

Root cause analysis; Troubleshooting

What They're Looking For.

Must Have

3+ years Cisco ISE, 3+ years enterprise NAC, 3+ years network segmentation, 3+ years endpoint profiling, 3+ years Dot1x/MAB workflows, 3+ years Cisco TrustSec, 3+ years Palo Alto NGFWs, 3+ years SSL decryption, 3+ years threat prevention, Deep understanding RADIUS, Deep understanding TACACS+, Deep understanding core routing/switching, Deep understanding Defense in Depth

Nice to Have

Ansible proficiency, Terraform proficiency, GitHub proficiency, IaC proficiency, CI/CD pipelines proficiency, Python scripting, PowerShell scripting, Bash scripting, API integrations proficiency, L2/L3 enterprise networking, BGP routing, OSPF routing, VLAN switching, VXLAN switching, Pharmaceutical industry experience, Healthcare industry experience, Finance industry experience

What You'll Do.

Deploy Cisco ISE globally

Maintain Cisco ISE globally

Design endpoint profiling logic

Design Dot1x/MAB workflows

Design Cisco TrustSec

Deploy Palo Alto NGFWs

Support Palo Alto NGFWs

Manage security policies as code

Eliminate manual friction

Implement automated network access policies

Serve as escalation lead

Provide root-cause analysis

Provide long-term architectural fixes

Build dashboards for visibility

Design self-service tools

How You'll Work.

Team & Collaboration

Cross-functional stakeholders; Internal teams

Process & Methodology

IaC, CI/CD pipelines

Full Job Description

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters. ## ### The Position The Network Security team secures Roche’s global connectivity through policy-driven, automated infrastructure. We design, build, and maintain enterprise solutions—including Internet Security, DDoS protection, VPNs, NAC, and Deep Packet Inspection—to mitigate risks across cloud and on-prem environments. ### _**This is a temporary, fixed-term position**_ **The Opportunity:** As a **Cybersecurity Engineer for Secure Access Network,** you will play a pivotal role in the end-to-end lifecycle, global adoption, and engineering of our Network Access Control (NAC) and network segmentation systems. You will bridge the gap between high-level security policy and technical execution, leveraging automation to scale controls and advance our Zero Trust roadmap. **Key Responsibilities:** * **NAC & Segmentation Engineering:** Deploy and maintain Cisco ISE globally. Design endpoint profiling logic (IoT, Medical, Corporate), Dot1x/MAB workflows, and Cisco TrustSec (SGTs) for software-defined segmentation. * **Perimeter Security:** Deploy and support Palo Alto Next-Generation Firewalls (NGFW) in high-availability (Active/Active and Active/Passive) configurations. * **Automation & Compliance:** Manage security policies as code using automation workflows to eliminate manual friction. Implement automated network access policies based on device compliance. * **Operations & Visibility:** Serve as the escalation lead for complex network security incidents, providing root-cause analysis and long-term architectural fixes.

Free ATS check

Applying for this Cybersecurity Engineer for Secure Access Network (Temporary, Fixed Term) role?

Most applicants get filtered before a human reads their resume. See if yours makes the cut.

Should you apply? AI reads your resume vs this job — match score, gaps to address, ATS keywords.

SKILL SIGNAL 36 detected · ranked by frequency

Cisco ISE ×4

Palo Alto NGFW ×4

API integrations ×4

Network Access Control ×3

Network segmentation ×3

Endpoint profiling ×3

Dot1x workflows ×3

MAB workflows ×3

SGTs ×3

SSL decryption ×3

Threat prevention ×3

Routing protocols ×3

Switching protocols ×3

Scripting ×3

Ansible ×2

Terraform ×2

GitHub ×2

Cisco TrustSec

RADIUS

TACACS+

BGP

OSPF

VLAN

VXLAN

Python

PowerShell

Bash

Zero Trust

Security policy

Technical execution

DevOps

IaC

BEHAVIOURAL

LeadershipMentoring

Role Details

Seniority mid

Experience 3–5 yrs

Level Mid

Work Mode Onsite

Type FULL TIME

Education Bachelor's

Salary Band 200k+

AI-Extracted Insights

Domain Areas

network-access-controlnetwork-segmentationzero-trustiot-devicesmedical-devicescorporate-devicessoftware-defined-segmentationhigh-availability-configurations

How to Apply on Workday

Workday has a multi-step form — save your progress after every section.
"Apply With LinkedIn" can fail or lose data; manual entry is more reliable.
Watch for the "Submit for Review" final step — hitting "Save" alone does not submit.
Job requisition numbers are useful when following up with HR by email.

ANONYMOUS · UNFILTERED

What do employees actually say about Roche?

Real rants from real employees. Read before you apply.

Read Company Rants →