At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.
The Position
The Network Security team secures Roche’s global connectivity through policy-driven, automated infrastructure. We design, build, and maintain enterprise solutions—including Internet Security, DDoS protection, VPNs, NAC, and Deep Packet Inspection—to mitigate risks across cloud and on-prem environments.
This is a temporary, fixed-term position
The Opportunity:
As a Cybersecurity Engineer for Secure Access Network, you will play a pivotal role in the end-to-end lifecycle, global adoption, and engineering of our Network Access Control (NAC) and network segmentation systems. You will bridge the gap between high-level security policy and technical execution, leveraging automation to scale controls and advance our Zero Trust roadmap.
Key Responsibilities:
NAC & Segmentation Engineering: Deploy and maintain Cisco ISE globally. Design endpoint profiling logic (IoT, Medical, Corporate), Dot1x/MAB workflows, and Cisco TrustSec (SGTs) for software-defined segmentation.
Perimeter Security: Deploy and support Palo Alto Next-Generation Firewalls (NGFW) in high-availability (Active/Active and Active/Passive) configurations.
Automation & Compliance: Manage security policies as code using automation workflows to eliminate manual friction. Implement automated network access policies based on device compliance.
Operations & Visibility: Serve as the escalation lead for complex network security incidents, providing root-cause analysis and long-term architectural fixes. Build dashboards for real-time visibility into the connected landscape.
Enablement: Design self-service tools that allow internal teams to autonomously consume network security controls.
Who You Are
Education: Bachelor’s degree in Computer Science, Software Engineering, Information Security, or equivalent experience
NAC Expertise: 3+ years of hands-on experience designing and managing enterprise Cisco ISE deployments (TrustSec, Dot1x, MAB, and Profiling).
Firewall Mastery: Proven experience configuring, troubleshooting, and maintaining Palo Alto NGFWs, including SSL decryption and threat prevention.
Network & Security Foundations: Deep understanding of RADIUS, TACACS+, core routing/switching, and "Defense in Depth" architectures.
Leadership & Collaboration: A self-starter capable of managing technical workstreams independently. Strong communication skills to mentor colleagues and build trust with cross-functional stakeholders.
Preferred Qualifications:
DevOps & Automation: Proficiency with Ansible, Terraform, GitHub (IaC), CI/CD pipelines, and scripting (Python, PowerShell, or Bash) for API integrations.
Advanced Networking: Solid foundation in L2/L3 enterprise networking, including routing protocols (BGP, OSPF) and switching (VLANs, VXLAN).
Regulated Industry: Experience in Pharmaceuticals, Healthcare, or Finance.
Relocation benefits are not available for this posting.
Compensation & Benefits
This position also offers an attractive benefits package.
Learn more about how we reward our employees at Roche.
Who we are
A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.
Let’s build a healthier future, together.
Roche is an Equal Opportunity Employer.