Cybersecurity Engineer for Network Security
Roche
This listing was originally posted on Roche's careers page. Formulate is an equal opportunity job aggregator and is not involved in the hiring process. Where salary information is estimated, it is derived from BLS industry benchmarks and may differ from actual compensation.
Upgrade to Pro to access the AI-generated 'Read before applying' briefing and other premium pharma intelligence.
Upgrade to Pro — $25/moAt Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.
The Network Security product makes Roche’s connectivity accessible and secure through actionable, policy-driven processes. The capabilities we provide enable Roche to identify, inspect, and mitigate network-based risks, manage regulatory compliance, and oversee egress/ingress traffic across all layers. Our solutions are primarily instantiated through leading-edge security platforms and automated orchestration. We work closely with Cloud, Infrastructure, and Incident Response teams to provide enterprise visibility into Roche’s network security posture.
You’ll be working within the Network Security Product area. This area is accountable for the end-to-end delivery of solutions—designing, building, and maintaining the technologies that protect Roche networks and the Internet, whether on-prem or cloud-based. This includes continuous improvement of capabilities like Internet Security Stack, DDoS Protection, Site-to-Site Connectivity (VPN), Network Access Control and Deep Packet Inspection to stay ahead of an ever-evolving threat landscape.
As the Subject Matter Expert (SME) for Network Security, you will lead the Design, Build, and Improvement of critical security infrastructures, specifically focusing on Cisco ISE, Wired Access Control (WAC), and Palo Alto Networks. This is a dual-impact role: you are the technical authority for the secure access layer, while simultaneously leading the engineering of a custom observability framework. You will develop the front-end, back-end, and integration logic required to provide deep visibility into the security product health and asset inventory.
Job Responsibilities
1. SME:
Design & Architecture: Lead the high-level and low-level design (HLD/LLD) for global Cisco ISE deployments and Wired Access Control (WAC) strategies to ensure seamless, identity-based security.
Palo Alto SME: Serve as the primary engineer for Palo Alto NGFW architectures, including advanced threat prevention, decryption, and secure egress/ingress traffic management.
Continuous Improvement: Proactively identify gaps in the current security posture and implement technical enhancements to NAC policies, SGT (TrustSec) propagation, and firewall rule-sets.
Build & Implementation: Act as the lead "implementer" for complex global migrations and new feature rollouts across the network security stack.
2. Observability Framework Engineering
Full-Stack Development: Architect and develop a custom framework (front-end and back-end) to provide a "single pane of glass" for infrastructure health.
Inventory & Integration: Build automated integrations with external data sources (CMDB, IPAM, etc.) to maintain a real-time, dynamic inventory of all network assets and security nodes.
Telemetry Logic: Design custom logic to ingest and visualize telemetry from ISE, WAC, and Palo Alto using APIs, SNMP, and Syslog.
3. Operational Excellence & Visibility
Technical Subject Matter Expertise: Serve as the lead engineer for complex network security escalations, providing root-cause analysis and implementing long-term, automated architectural fixes.
Security Observability: Develop dashboards and reporting to provide real-time visibility into the "connected landscape," identifying insecure nodes or unauthorized devices before they can affect the network.
Automation & Orchestration: Manage security policies as code while continuously improving automation workflows and cross-platform orchestration to eliminate manual friction, reduce operational overhead, and ensure consistent, high-speed security enforcement.
Self-Service & Enablement: Design and build self-service capabilities that empower internal teams to consume network security controls autonomously and securely.
Qualifications
Educational Background: Bachelor’s degree in Computer Science, Software Engineering, Information Security, or a related technical field.
Network Access Control Mastery: 3+ years of hands-on experience in designing, implementing, and managing enterprise-grade NAC solutions, specifically Cisco ISE.
Perimeter & Inspection Expertise: Proven track record in configuring and maintaining Palo Alto Next-Generation Firewalls (NGFW), including SSL decryption and threat prevention.
Automation Engineering: Proven experience using Ansible, Terraform, or Python to manage network security infrastructure at scale.
Large-Scale Infrastructure: Experience managing security controls in complex, global environments involving thousands of diverse device profiles (IoT, Medical, Corporate).
Regulated Industry: Experience working in highly regulated environments (e.g., Pharmaceuticals, Healthcare, or Finance) is a significant plus.
Cisco ISE Specialist: Expert-level knowledge of Cisco ISE, including hands-on experience with TrustSec, Dot1x, MAB, and Profiling.
Coding & Integration: Strong scripting skills in Python, PowerShell, or Bash to develop self-service tools and custom API integrations between security platforms. API integrations between security platforms.
API & Integration: Deep experience with REST APIs for integrating security platforms with external information sources.
Segmentation Technologies: Proficiency in network virtualization and segmentation techniques (such as TrustSec, SGTs, or VRFs) applied to security use cases.
Palo Alto Mastery: Proven track record in deploying and troubleshooting Palo Alto Firewalls in complex HA environments (Active/Active and Active/Passive).
Network Foundations: Deep understanding of RADIUS, TACACS+, and core routing/switching as they relate to security enforcement.
Monitoring Stack: Advanced knowledge of LogicMonitor, Splunk, or similar tools, specifically for creating custom DataSources and Dashboards.
Architectural Mindset: Ability to design "Defense in Depth" flows that connect device identity to granular network permissions.
Skills below will be considered a plus:
Infrastructure as Code (IaC): Proficiency in Terraform and GitHub to design and manage reproducible, version-controlled network security configurations.
Engineering & Orchestration: Proven ability to build CI/CD pipelines and automated workflows that streamline cross-platform security operations and eliminate manual friction.
Enterprise Networking: Solid foundation in enterprise networking (L2/L3), including advanced knowledge of routing protocols (BGP, OSPF) and switching (VLANs, VXLAN) to ensure seamless security policy integration.
Leadership Skills
Communication: Strong ability to build trust with network and infrastructure experts and explain complex security policy concepts to non-technical stakeholders.
Innovation & Curiosity: A relentless passion for staying ahead of threat actors by researching emerging network security trends and automated enforcement techniques.
Thriving in Ambiguity: Ability to navigate global complexity and drive clarity when translating high-level security requirements into functional network policies.
Self-Starter: Proven ability to manage technical workstreams from concept to production with minimal supervision, taking full ownership of the NAC product lifecycle.
Additional Qualifications
Demonstrated ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices and analysis techniques
Strong facilitation, communication, and conflict resolution skills to ensure alignment across multiple product squads and complex stakeholder networks
Demonstrated interpersonal, collaborative and commitment to operational excellence skills.
A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.
Let’s build a healthier future, together.
Roche is an Equal Opportunity Employer.
Explore related positions you might be interested in
We'll notify you when matching roles are posted.
Interviewed at Roche?
Help others prepare — share your experience anonymously.
PHARMACEUTICAL
Small Molecules & Diagnostics
Upgrade to Pro to access AI interview prep brief and other premium pharma intelligence.
Upgrade to Pro — $25/mo