Senior Cybersecurity Engineer for Secure Access Network

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections,  where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

 The Network Security product makes Roche’s connectivity accessible and secure through actionable, policy-driven processes. The capabilities we provide enable Roche to identify, inspect, and mitigate network-based risks, manage regulatory compliance, and oversee ingress and egress traffic across all layers. Our solutions are delivered through leading-edge security platforms, automation, and orchestration .

You’ll be working within the Network Security Product area. This area is accountable for the end-to-end delivery of solutions—designing, building, and maintaining the technologies that protect Roche networks and the Internet, whether on-prem or cloud-based. This includes continuous improvement of capabilities like Internet Security Stack, DDoS Protection, Site-to-Site Connectivity (VPN), Network Access Control and Deep Packet Inspection to stay ahead of an ever-evolving threat landscape.

As a Senior Cybersecurity Engineer (Network Security), you will act as the primary Subject Matter Expert (SME) for Secure Access Network Services, leading the evolution of Network Access Control, identity-driven security, segmentation and authentication services across Roche's global enterprise. 

Your mission is to ensure that Roche’s network remains resilient and compliant through the continuous evolution of our "Defense in Depth" strategy.

Responsibilities

Product Ownership and Technical Leadership

• Act as the primary Subject Matter Expert (SME) for Secure Access technologies, providing deep technical expertise in the evaluation and selection of emerging security tools.

• Drive the long-term technical roadmap for network access, ensuring all initiatives are strictly aligned with Roche's Zero Trust security architecture and strategy.

• Partner with business units to translate high-level security requirements into actionable, scalable technical initiatives and functional policies.

• Provide mentorship and technical leadership to junior engineers, fostering a culture of continuous learning and operational excellence within the team.

Identity-Based Access and Authentication

• Design, deploy, and maintain robust authentication solutions utilizing protocols such as 802.1X, EAP-TLS, EAP-TEAP, RADIUS, TACACS+, SAML, and MFA.

• Integrate disparate security platforms with enterprise Identity Providers (IdPs) to ensure a seamless and secure authentication flow across the environment.

• Architect and manage highly available authentication services to support Roche's global workforce and critical business operations.

Network Access Control (NAC) and Segmentation

• Lead the end-to-end lifecycle management of Cisco ISE deployments, including software upgrades, capacity planning, and platform optimization.

• Develop and refine endpoint profiling techniques to accurately identify and secure corporate, medical, and IoT devices.

• Implement advanced access control mechanisms, including Dot1x, MAC Authentication Bypass (MAB), Guest Access, and posture-based authorization.

• Design and oversee the implementation of Cisco TrustSec and Scalable Group Tag (SGT)-based micro-segmentation to reduce the network attack surface.

Operational Excellence and Automation

• Serve as a senior point of escalation for complex technical incidents, performing deep root-cause analysis to prevent recurrence.

• Develop and maintain comprehensive observability, monitoring, and reporting dashboards to track platform health and security compliance.

• Advocate for and implement Infrastructure-as-Code (IaC) principles and security automation to improve deployment speed and consistency.

• Build and optimize API-driven integrations and self-service capabilities to empower other IT teams while maintaining security standards.

Global Operations

• Ensure secure and reliable connectivity for tens of thousands of endpoints across diverse global regions.

• Collaborate effectively with globally distributed product squads and stakeholders to deliver integrated security solutions.

Qualifications

• Educational Background: Bachelor’s degree in Computer Science, Software Engineering, Information Security, or a related technical field.

• Network Access Control Mastery: 5+ years of hands-on experience in designing, implementing, and managing enterprise-grade NAC solutions, specifically Cisco ISE.

• Perimeter & Inspection Expertise: Proven track record in deploying from scratch, configuring and maintaining Palo Alto Next-Generation Firewalls (NGFW), including SSL decryption and threat prevention.

• Automation Engineering: Proven experience using Ansible/Terraform and Python to manage network security infrastructure at scale.

• Large-Scale Infrastructure: Experience managing security controls in complex, global environments involving thousands of diverse device profiles (IoT, Medical, Corporate).

• Regulated Industry: Experience working in highly regulated environments (e.g., Pharmaceuticals, Healthcare, or Finance) is a significant plus.

Technical Skills

• Cisco ISE Expert: Expert-level knowledge of Cisco ISE, including hands-on experience with TrustSec, Dot1x, MAB, Profiling, Guest Portals, REST APIs, Complex enterprise policies, EAP-TLS, EAP-TEAP.

• Strong understanding of RADIUS, TACACS+ and identity-based access control. Enterprise PKI and certificate lifecycle management

• Segmentation Technologies: Proficiency in network virtualization and segmentation techniques (such as TrustSec, SGTs, and VRFs) applied to security use cases.

• Palo Alto Mastery: Proven track record in deploying and troubleshooting Palo Alto Firewalls in complex HA environments (Active/Active and Active/Passive).

• Architectural Mindset: Ability to design "Defense in Depth" flows that connect device identity to granular network permissions.

• Skills below will be considered a plus:

• Infrastructure as Code (IaC): Proficiency in Terraform and GitHub to design and manage reproducible, version-controlled network security configurations. Network Security Automation through APIs

• Engineering & Orchestration: Proven ability to build CI/CD pipelines with Gitlab/GitHub and automated workflows that streamline cross-platform security operations and eliminate manual friction.

• Coding & Integration: Strong scripting skills in Python, PowerShell, or Bash to develop self-service tools and custom API integrations between security platforms. API integrations between security platforms.

• Enterprise Networking: Solid foundation in enterprise networking (L2/L3), including advanced knowledge of routing protocols (BGP, OSPF) and switching (VLANs, VXLAN) to ensure seamless security policy integration.

Leadership Skills

• Communication: Excellent communication and stakeholder management skills to build trust with network and infrastructure experts and explain complex security policy concepts to non-technical stakeholders.

• Innovation & Curiosity: A relentless passion for staying ahead of threat actors by researching emerging network security trends and automated enforcement techniques.

• Thriving in Ambiguity: Ability to navigate global complexity and drive clarity when translating high-level security requirements into functional network policies.

• Self-Starter: Proven ability to manage technical workstreams from concept to production with minimal supervision, taking full ownership of the NAC product lifecycle.

• Expertise in mentoring junior cybersecurity engineers to build their technical proficiency. This includes coaching on network security analysis and identity-driven security best practices to foster operational excellence within global squads.

Additional Qualifications

• Demonstrated ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices and analysis techniques

• Strong facilitation, communication, and conflict resolution skills to ensure alignment across multiple product squads and complex stakeholder networks

• Demonstrated interpersonal, collaborative and commitment to operational excellence skills. 

A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let’s build a healthier future, together.

Roche is an Equal Opportunity Employer.