Cybersecurity Engineer for Internal Network Defense

Roche -
Madrid, Madrid provincia

Solicitar ahora

Detalles del empleo

Jornada completa

Cualificaciones

CISSP
Respuesta a incidencias
Grado
Terraform
Gestión de conflictos
Scripting
GitHub
Cloud
Liderazgo
Python

Descripción completa del empleo

Bei Roche kannst du ganz du selbst sein und wirst für deine einzigartigen Qualitäten geschätzt. Unsere Kultur fördert persönlichen Ausdruck, offenen Dialog und echte Verbindungen. Hier wirst du für das, was du bist, wertgeschätzt, akzeptiert und respektiert. Dies schafft ein Umfeld, in dem du sowohl persönlich als auch beruflich wachsen kannst. Gemeinsam wollen wir Krankheiten vorbeugen, stoppen und heilen und sicherstellen, dass jeder Zugang zur Gesundheitsversorgung hat – heute und in Zukunft. Werde Teil von Roche, wo jede Stimme zählt.

Die Position

TheNetwork& Perimeter Securityproduct makes Roche’s connectivity accessible and secure through actionable, policy-driven processes. The capabilities we provide enable Roche to identify, inspect, and mitigate network-based risks, manage regulatory compliance, and oversee egress/ingress traffic across all layers. Our solutions are primarily instantiated through leading-edge security platforms and automated orchestration. We work closely with Cloud, Infrastructure, and Incident Response teams to provide enterprise visibility into Roche’s network security posture.
You’ll be working within theNetwork Security Product area. This area is accountable for the end-to-end delivery of solutions—designing, building, and maintaining the technologies that protect Roche networks and the Internet, whether on-prem or cloud-based. This includes continuous improvement of capabilities like Internet Security Stack,DDoS Protection,Site-to-Site Connectivity (VPN), Network Access Control andDeep Packet Inspectionto stay ahead of an ever-evolving threat landscape.

Job description
As a Senior Cybersecurity Engineer for Internal Network Defense, you will be the primary guardian of our internal environment, protecting our most sensitive segments—from manufacturing plants and research labs to warehouses and corporate offices. Your mission is to architect and enforce robust "East-West" segmentation, preventing lateral movement and securing the diverse environments that drive our core business. This is a technical "implementer" role where you will architect, design, build, and operate high-performance security boundaries using a dual-vendor strategy (Palo Alto and Fortinet). Beyond traditional enforcement, you will champion the adoption of AI-driven insights to identify latent risks and define the safe boundaries for automated security workflows, ensuring our internal network is resilient, compliant, and prepared for machine-speed threats.

Job responsibilities

Architecture, Design& AI Ambition

Segmentation Strategy: Design, develop and document robust network segmentation architectures leveraging Fortinet and Palo Alto firewalls to meet complex business and security requirements.
AI-Driven Risk Discovery: Actively explore and integrate AI opportunities to analyze internal traffic patterns and identify emerging security risks within complex Manufacturing and Lab environments.
Automated Guardrails: Define and establish clear boundaries and governance for automated workflows, ensuring that machine-driven policy changes remain within safe, predictable parameters.
Solution Blueprints: Create detailed network diagrams, technical design documents, and implementation plans for new segmentation environments (Labs, Manufacturing, Research).

Implementation& Deployment

Firewall Engineering: Configure, deploy, and manage Palo Alto Networks (PA-Series, VM-Series) and Fortinet FortiGate firewalls at scale.
Centralized Management: Utilize Panorama and FortiManager to enforce consistent security policies, NAT rules, VPNs (IPSec/SSL), and advanced routing features.
Infrastructure Evolution: Lead the migration and upgrade of existing internal firewall infrastructure, ensuring zero-downtime transitions in critical environments.

3. Operational Excellence& Visibility

Technical Subject Matter Expertise: Serve as the lead engineer for complex network security escalations, performing deep-packet analysis and root-cause investigations to implement long-term architectural fixes.
Validated Environments: Apply security best practices within validated (GxP) environments, ensuring compliance with manufacturing and healthcare regulations.
Continuous Improvement: Stay current with emerging threats, vulnerabilities, and security technologies to proactively refine internal defenses.
Automation& Orchestration: Manage security policies as code while continuously improving automation workflows and cross-platform orchestration to eliminate manual friction, reduce operational overhead, and ensure consistent, high-speed security enforcement.
On-Call Readiness: Available for on-call support on a rotating schedule to ensure the continuous availability and integrity of global edge security services.

Qualifications

Education / Experience

Educational Background: Bachelor’s degree inComputer Science,Software Engineering,Information Security, or a related technical field.
Professional Experience: 3+ years of experience in designing, deploying, and supporting Next-Generation Firewalls (NGFW) in large enterprise environments.
Automation Engineering: Proven experience usingAnsible, Terraform, or Python to manage network security infrastructure at scale.
Large-Scale Infrastructure: Experience managing security controls in complex, global environments involving thousands of diverse device profiles (IoT, Medical, Corporate).
Regulated Industry: Experience working in highly regulated environments (e.g., Pharmaceuticals, Healthcare, or Finance) is highly preferred.

Technical Skills

Palo Alto Mastery: Deep knowledge of PA-Series, Panorama, App-ID, User-ID, WildFire, and Threat Prevention.
Fortinet Expertise: Extensive hands-on experience with FortiGate, FortiManager, FortiAnalyzer, and the Fortinet Security Fabric.
Security Foundations: Solid understanding of security concepts, trends, and best practices, specifically for "Defense in Depth" within internal networks.
Networking Depth: Strong foundation in core routing/switching, VPN architectures, and network protocols.

Skills below will be considered a plus:

Vendor certifications: Fortinet NSE 4-8 or Palo Alto Networks: PCNSA PCNSE, Cisco CCNP
Cybersecurity certification: CISSP
Infrastructure as Code (IaC): Proficiency in Terraform and GitHub to maintain version-controlled, reproducible security configurations.
Scripting& Integration: Strong skills in Python or Go to build custom API integrations between security platforms and internal orchestration tools.
Governance Frameworks: Familiarity with NIST, IEC 62443, ISO 27001, and FAIR data principles.

Leadership Skills

Communication: Strong ability to build trust with network and infrastructure experts and explain complex security policy concepts to non-technical stakeholders.
Innovation& Curiosity: A relentless passion for staying ahead of threat actors by researching emerging network security trends and automated enforcement techniques.
Thriving in Ambiguity: Ability to navigate global complexity and drive clarity when translating high-level security requirements into functional network policies.
Self-Starter: Proven ability to manage technical workstreams from concept to production with minimal supervision, taking full ownership of the Edge Defense product lifecycle.

Additional Qualifications

Demonstrated ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices and analysis techniques
Strong facilitation, communication, and conflict resolution skills to ensure alignment across multiple product squads and complex stakeholder networks
Demonstrated interpersonal, collaborative and commitment to operational excellence skills.

Wer wir sind

Eine gesündere Zukunft treibt uns zur Innovation an. Mehr als 100.000 Mitarbeiter weltweit arbeiten gemeinsam daran, wissenschaftliche Fortschritte zu erzielen und sicherzustellen, dass jeder Zugang zur Gesundheitsversorgung hat – heute und für zukünftige Generationen. Durch unser Engagement werden über 26 Millionen Menschen mit unseren Medikamenten behandelt und mehr als 30 Milliarden Tests mit unseren Diagnostik-Produkten durchgeführt. Wir ermutigen uns gegenseitig, neue Möglichkeiten zu erkunden, Kreativität zu fördern und hohe Ziele zu setzen, um lebensverändernde Gesundheitslösungen zu liefern.

Gemeinsam können wir eine gesündere Zukunft gestalten.

Roche ist ein Arbeitgeber, der die Chancengleichheit fördert.

Solicitar ahora

Herramientas para candidatos

Herramientas para empresas

Buscar

Mantener la conexión