Bei Roche kannst du ganz du selbst sein und wirst für deine einzigartigen Qualitäten geschätzt. Unsere Kultur fördert persönlichen Ausdruck, offenen Dialog und echte Verbindungen. Hier wirst du für das, was du bist, wertgeschätzt, akzeptiert und respektiert. Dies schafft ein Umfeld, in dem du sowohl persönlich als auch beruflich wachsen kannst. Gemeinsam wollen wir Krankheiten vorbeugen, stoppen und heilen und sicherstellen, dass jeder Zugang zur Gesundheitsversorgung hat – heute und in Zukunft. Werde Teil von Roche, wo jede Stimme zählt.
Die Position
TheNetwork Security product makes Roche’s connectivity accessible and secure through actionable, policy-driven processes. The capabilities we provide enable Roche to identify, inspect, and mitigate network-based risks, manage regulatory compliance, and oversee egress/ingress traffic across all layers. Our solutions are primarily instantiated through leading-edge security platforms and automated orchestration. We work closely with Cloud, Infrastructure, and Incident Response teams to provide enterprise visibility into Roche’s network security posture.
You’ll be working within theNetwork Security Product area. This area is accountable for the end-to-end delivery of solutions—designing, building, and maintaining the technologies that protect Roche networks and the Internet, whether on-prem or cloud-based. This includes continuous improvement of capabilities like Internet Security Stack,DDoS Protection,Site-to-Site Connectivity (VPN), Network Access Control andDeep Packet Inspection to stay ahead of an ever-evolving threat landscape.
As the Subject Matter Expert (SME) for Network Security, you will lead the Design, Build, and Improvement of critical security infrastructures, specifically focusing on Cisco ISE, Wired Access Control (WAC), and Palo Alto Networks. This is a dual-impact role: you are the technical authority for the secure access layer, while simultaneously leading the engineering of a custom observability framework. You will develop the front-end, back-end, and integration logic required to provide deep visibility into the security product health and asset inventory.
Job Responsibilities
1. SME:
Secure Access (ISE, WAC, Palo Alto)
- Design& Architecture: Lead the high-level and low-level design (HLD/LLD) for global Cisco ISE deployments and Wired Access Control (WAC) strategies to ensure seamless, identity-based security.
- Palo Alto SME: Serve as the primary engineer for Palo Alto NGFW architectures, including advanced threat prevention, decryption, and secure egress/ingress traffic management.
- Continuous Improvement: Proactively identify gaps in the current security posture and implement technical enhancements to NAC policies, SGT (TrustSec) propagation, and firewall rule-sets.
- Build& Implementation: Act as the lead "implementer" for complex global migrations and new feature rollouts across the network security stack.
2. Observability Framework Engineering
- Full-Stack Development: Architect and develop a custom framework (front-end and back-end) to provide a "single pane of glass" for infrastructure health.
- Inventory& Integration: Build automated integrations with external data sources (CMDB, IPAM, etc.) to maintain a real-time, dynamic inventory of all network assets and security nodes.
- Telemetry Logic: Design custom logic to ingest and visualize telemetry from ISE, WAC, and Palo Alto using APIs, SNMP, and Syslog.
3. Operational Excellence& Visibility
- Technical Subject Matter Expertise: Serve as the lead engineer for complex network security escalations, providing root-cause analysis and implementing long-term, automated architectural fixes.
- Security Observability: Develop dashboards and reporting to provide real-time visibility into the "connected landscape," identifying insecure nodes or unauthorized devices before they can affect the network.
- Automation& Orchestration: Manage security policies as code while continuously improvingautomation workflows and cross-platformorchestration to eliminate manual friction, reduce operational overhead, and ensure consistent, high-speed security enforcement.
- Self-Service& Enablement: Design and buildself-service capabilities that empower internal teams to consume network security controls autonomously and securely.
Qualifications
Education / Experience
- Educational Background: Bachelor’s degree inComputer Science,Software Engineering,Information Security, or a related technical field.
- Network Access Control Mastery: 3+ years of hands-on experience in designing, implementing, and managing enterprise-grade NAC solutions, specificallyCisco ISE.
- Perimeter& Inspection Expertise: Proven track record in configuring and maintainingPalo Alto Next-Generation Firewalls (NGFW), including SSL decryption and threat prevention.
- Automation Engineering: Proven experience usingAnsible, Terraform, or Python to manage network security infrastructure at scale.
- Large-Scale Infrastructure: Experience managing security controls in complex, global environments involving thousands of diverse device profiles (IoT, Medical, Corporate).
- Regulated Industry: Experience working in highly regulated environments (e.g., Pharmaceuticals, Healthcare, or Finance) is a significant plus.
Technical Skills
- Cisco ISE Specialist: Expert-level knowledge ofCisco ISE, including hands-on experience withTrustSec, Dot1x, MAB, and Profiling.
- Coding& Integration: Strong scripting skills inPython, PowerShell, or Bash to develop self-service tools and custom API integrations between security platforms. API integrations between security platforms.
- API& Integration: Deep experience with REST APIs for integrating security platforms with external information sources.
- Segmentation Technologies: Proficiency in network virtualization and segmentation techniques (such as TrustSec, SGTs, or VRFs) applied to security use cases.
- Palo Alto Mastery: Proven track record in deploying and troubleshootingPalo Alto Firewalls in complex HA environments (Active/Active and Active/Passive).
- Network Foundations: Deep understanding of RADIUS, TACACS+, and core routing/switching as they relate to security enforcement.
- Monitoring Stack: Advanced knowledge ofLogicMonitor, Splunk, or similar tools, specifically for creating custom DataSources and Dashboards.
- Architectural Mindset: Ability to design "Defense in Depth" flows that connect device identity to granular network permissions.
- Skills below will be considered a plus:
- Infrastructure as Code (IaC): Proficiency inTerraform andGitHub to design and manage reproducible, version-controlled network security configurations.
- Engineering& Orchestration: Proven ability to buildCI/CD pipelines and automated workflows that streamline cross-platform security operations and eliminate manual friction.
- Enterprise Networking: Solid foundation in enterprise networking (L2/L3), including advanced knowledge of routing protocols (BGP, OSPF) and switching (VLANs, VXLAN) to ensure seamless security policy integration.
Leadership Skills
- Communication: Strong ability to build trust with network and infrastructure experts and explain complex security policy concepts to non-technical stakeholders.
- Innovation& Curiosity: A relentless passion for staying ahead of threat actors by researching emerging network security trends and automated enforcement techniques.
- Thriving in Ambiguity: Ability to navigate global complexity and drive clarity when translating high-level security requirements into functional network policies.
- Self-Starter: Proven ability to manage technical workstreams from concept to production with minimal supervision, taking full ownership of the NAC product lifecycle.
Additional Qualifications
- Demonstrated ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices and analysis techniques
- Strong facilitation, communication, and conflict resolution skills to ensure alignment across multiple product squads and complex stakeholder networks
- Demonstrated interpersonal, collaborative and commitment to operational excellence skills.
Wer wir sind
Eine gesündere Zukunft treibt uns zur Innovation an. Mehr als 100.000 Mitarbeiter weltweit arbeiten gemeinsam daran, wissenschaftliche Fortschritte zu erzielen und sicherzustellen, dass jeder Zugang zur Gesundheitsversorgung hat – heute und für zukünftige Generationen. Durch unser Engagement werden über 26 Millionen Menschen mit unseren Medikamenten behandelt und mehr als 30 Milliarden Tests mit unseren Diagnostik-Produkten durchgeführt. Wir ermutigen uns gegenseitig, neue Möglichkeiten zu erkunden, Kreativität zu fördern und hohe Ziele zu setzen, um lebensverändernde Gesundheitslösungen zu liefern.
Gemeinsam können wir eine gesündere Zukunft gestalten.
Roche ist ein Arbeitgeber, der die Chancengleichheit fördert.
