Cybersecurity Engineer - Secure Access Network

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections,  where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Opportunity:

As a Cybersecurity Engineer - Secure Access Network, you will play a pivotal role in the end-to-end lifecycle of our security products within the Network Security Product area. You will act as a technical implementer, bridging the gap between high-level security policy and high-performance technical execution.

Your main responsibilities will include:

• NAC Strategy & Engineering: Lead the global adoption and engineering of Network Access Control (NAC) and Network Segmentation solutions. You will be responsible for the end-to-end deployment and maintenance of Cisco ISE, refining endpoint profiling logic (IoT, Medical, Corporate), and managing Dot1x, MAB, and Guest Portals.

• Segmentation & Zero Trust: Architect and maintain Cisco TrustSec (SGTs) for software-defined segmentation and align security policies with the organization’s Zero Trust roadmap.

• Perimeter Security: Lead the deployment and support of Palo Alto Next-Generation Firewalls (NGFW) in high-availability configurations, ensuring security controls remain reliable across all network layers.

• Automation & Policy as Code: Drive operational excellence by managing security policies as code using Ansible, Terraform, or Python. You will develop visibility dashboards and provide root-cause analysis for complex escalations.

• Product Lifecycle Management: Manage technical workstreams from concept to production with minimal supervision, taking full ownership of the NAC product lifecycle.

Who you are:

• You hold a Bachelor’s degree in Computer Science, Software Engineering, Information Security, or a related technical field.

• You have 3+ years of hands-on experience designing and managing enterprise-grade NAC solutions, specifically Cisco ISE (including TrustSec, Dot1x, MAB, and Profiling).

• You possess a proven track record in configuring and maintaining Palo Alto NGFW, including HA environments, SSL decryption, and threat prevention.

• You are experienced in Automation Engineering, using Ansible, Terraform, or Python to manage network security infrastructure at scale.

• You have a deep understanding of RADIUS, TACACS+, and core routing/switching (L2/L3) as they relate to security enforcement.

Preferred:

• Proficiency in Infrastructure as Code (IaC) using Terraform and GitHub for version-controlled configurations and building CI/CD pipelines.

• Strong scripting skills in Python, PowerShell, or Bash to develop self-service tools and custom API integrations.

• Experience in a regulated industry (e.g., Pharmaceuticals, Healthcare, or Finance).

Relocation benefits are not available for this posting

A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let’s build a healthier future, together.

Roche is an Equal Opportunity Employer.