Bei Roche kannst du ganz du selbst sein und wirst für deine einzigartigen Qualitäten geschätzt. Unsere Kultur fördert persönlichen Ausdruck, offenen Dialog und echte Verbindungen. Hier wirst du für das, was du bist, wertgeschätzt, akzeptiert und respektiert. Dies schafft ein Umfeld, in dem du sowohl persönlich als auch beruflich wachsen kannst. Gemeinsam wollen wir Krankheiten vorbeugen, stoppen und heilen und sicherstellen, dass jeder Zugang zur Gesundheitsversorgung hat – heute und in Zukunft. Werde Teil von Roche, wo jede Stimme zählt.
Die Position
The Network Security product makes Roche’s connectivity accessible and secure through actionable, policy-driven processes. The capabilities we provide enable Roche to identify, inspect, and mitigate network-based risks, manage regulatory compliance, and oversee ingress and egress traffic across all layers. Our solutions are delivered through leading-edge security platforms, automation, and orchestration .
You’ll be working within theNetwork Security Product area. This area is accountable for the end-to-end delivery of solutions—designing, building, and maintaining the technologies that protect Roche networks and the Internet, whether on-prem or cloud-based. This includes continuous improvement of capabilities like Internet Security Stack, DDoS Protection, Site-to-Site Connectivity (VPN), Network Access Control and Deep Packet Inspection to stay ahead of an ever-evolving threat landscape.
As a Senior Cybersecurity Engineer (Network Security), you will act as the primary Subject Matter Expert (SME) for Secure Access Network Services, leading the evolution of Network Access Control, identity-driven security, segmentation and authentication services across Roche's global enterprise.
Your mission is to ensure that Roche’s network remains resilient and compliant through the continuous evolution of our "Defense in Depth" strategy.
Responsibilities
Product Ownership and Technical Leadership
- Act as theprimary Subject Matter Expert (SME) for Secure Access technologies, providing deep technical expertise in the evaluation and selection of emerging security tools.
- Drive the long-term technical roadmap for network access, ensuring all initiatives are strictly aligned withRoche's Zero Trust security architecture and strategy.
- Partner with business units totranslate high-level security requirements into actionable, scalable technical initiatives and functional policies.
- Providementorship and technical leadership to junior engineers, fostering a culture of continuous learning and operational excellence within the team.
Identity-Based Access and Authentication
- Design, deploy, and maintain robust authentication solutions utilizing protocols such as 802.1X, EAP-TLS, EAP-TEAP, RADIUS, TACACS+, SAML, and MFA.
- Integrate disparate security platforms with enterprise Identity Providers (IdPs) to ensure a seamless and secure authentication flow across the environment.
- Architect and manage highly available authentication services to support Roche's global workforce and critical business operations.
Network Access Control (NAC) and Segmentation
- Lead theend-to-end lifecycle management of Cisco ISE deployments, including software upgrades, capacity planning, and platform optimization.
- Develop and refineendpoint profiling techniques to accurately identify and secure corporate, medical, and IoT devices.
- Implement advanced access control mechanisms, including Dot1x, MAC Authentication Bypass (MAB), Guest Access, and posture-based authorization.
- Design and oversee the implementation of Cisco TrustSec and Scalable Group Tag (SGT)-based micro-segmentation to reduce the network attack surface.
Operational Excellence and Automation
- Serve as asenior point of escalation for complex technical incidents, performing deep root-cause analysis to prevent recurrence.
- Develop and maintaincomprehensive observability, monitoring, and reporting dashboards to track platform health and security compliance.
- Advocate for and implementInfrastructure-as-Code (IaC) principles and security automation to improve deployment speed and consistency.
- Build and optimizeAPI-driven integrations and self-service capabilities to empower other IT teams while maintaining security standards.
Global Operations
- Ensuresecure and reliable connectivity for tens of thousands of endpoints across diverse global regions.
- Collaborate effectivelywith globally distributed product squads and stakeholders to deliver integrated security solutions.
Qualifications
Education / Experience
- Educational Background: Bachelor’s degree inComputer Science,Software Engineering,Information Security, or a related technical field.
- Network Access Control Mastery: 5+ years of hands-on experience in designing, implementing, and managing enterprise-grade NAC solutions, specificallyCisco ISE.
- Perimeter& Inspection Expertise: Proven track record in deploying from scratch, configuring and maintainingPalo Alto Next-Generation Firewalls (NGFW), including SSL decryption and threat prevention.
- Automation Engineering: Proven experience usingAnsible/Terraform and Python to manage network security infrastructure at scale.
- Large-Scale Infrastructure: Experience managing security controls in complex, global environments involving thousands of diverse device profiles (IoT, Medical, Corporate).
- Regulated Industry: Experience working in highly regulated environments (e.g., Pharmaceuticals, Healthcare, or Finance) is a significant plus.
Technical Skills
- Cisco ISE Expert: Expert-level knowledge ofCisco ISE, including hands-on experience withTrustSec, Dot1x, MAB, Profiling, Guest Portals, REST APIs, Complex enterprise policies, EAP-TLS, EAP-TEAP.
- Strong understanding of RADIUS, TACACS+ and identity-based access control. Enterprise PKI and certificate lifecycle management
- Segmentation Technologies: Proficiency in network virtualization and segmentation techniques (such as TrustSec, SGTs, and VRFs) applied to security use cases.
- Palo Alto Mastery: Proven track record in deploying and troubleshootingPalo Alto Firewalls in complex HA environments (Active/Active and Active/Passive).
- Architectural Mindset: Ability to design "Defense in Depth" flows that connect device identity to granular network permissions.
- Skills below will be considered a plus:
- Infrastructure as Code (IaC): Proficiency inTerraform andGitHub to design and manage reproducible, version-controlled network security configurations. Network Security Automation through APIs
- Engineering& Orchestration: Proven ability to buildCI/CD pipelines with Gitlab/GitHub and automated workflows that streamline cross-platform security operations and eliminate manual friction.
- Coding& Integration: Strong scripting skills inPython, PowerShell, or Bash to develop self-service tools and custom API integrations between security platforms. API integrations between security platforms.
- Enterprise Networking: Solid foundation in enterprise networking (L2/L3), including advanced knowledge of routing protocols (BGP, OSPF) and switching (VLANs, VXLAN) to ensure seamless security policy integration.
Leadership Skills
- Communication: Excellent communication and stakeholder management skills to build trust with network and infrastructure experts and explain complex security policy concepts to non-technical stakeholders.
- Innovation& Curiosity: A relentless passion for staying ahead of threat actors by researching emerging network security trends and automated enforcement techniques.
- Thriving in Ambiguity: Ability to navigate global complexity and drive clarity when translating high-level security requirements into functional network policies.
- Self-Starter: Proven ability to manage technical workstreams from concept to production with minimal supervision, taking full ownership of the NAC product lifecycle.
- Expertise in mentoring junior cybersecurity engineers to build their technical proficiency. This includes coaching on network security analysis and identity-driven security best practices to foster operational excellence within global squads.
Additional Qualifications
- Demonstrated ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices and analysis techniques
- Strong facilitation, communication, and conflict resolution skills to ensure alignment across multiple product squads and complex stakeholder networks
- Demonstrated interpersonal, collaborative and commitment to operational excellence skills.
Wer wir sind
Eine gesündere Zukunft treibt uns zur Innovation an. Mehr als 100.000 Mitarbeiter weltweit arbeiten gemeinsam daran, wissenschaftliche Fortschritte zu erzielen und sicherzustellen, dass jeder Zugang zur Gesundheitsversorgung hat – heute und für zukünftige Generationen. Durch unser Engagement werden über 26 Millionen Menschen mit unseren Medikamenten behandelt und mehr als 30 Milliarden Tests mit unseren Diagnostik-Produkten durchgeführt. Wir ermutigen uns gegenseitig, neue Möglichkeiten zu erkunden, Kreativität zu fördern und hohe Ziele zu setzen, um lebensverändernde Gesundheitslösungen zu liefern.
Gemeinsam können wir eine gesündere Zukunft gestalten.
Roche ist ein Arbeitgeber, der die Chancengleichheit fördert.
