Job Description

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Position

The Network Security product makes Roche’s connectivity accessible and secure through actionable, policy-driven processes. The capabilities we provide enable Roche to identify, inspect, and mitigate network-based risks, manage regulatory compliance, and oversee egress/ingress traffic across all layers. Our solutions are primarily instantiated through leading-edge security platforms and automated orchestration. We work closely with Cloud, Infrastructure, and Incident Response teams to provide enterprise visibility into Roche’s network security posture.

You’ll be working within the Network Security Product area. This area is accountable for the end-to-end delivery of solutions—designing, building, and maintaining the technologies that protect Roche networks and the Internet, whether on-prem or cloud-based. This includes continuous improvement of capabilities like Internet Security Stack, DDoS Protection , Site-to-Site Connectivity (VPN) , Network Access Control and Deep Packet Inspection to stay ahead of an ever-evolving threat landscape.

As a Cybersecurity Engineer for Cloud & Edge Defense, you will be the primary architect and engineer responsible for the security of our global digital boundaries and multi-cloud ecosystems. Your mission is to secure our "front door" by designing and implementing high-performance traffic inspection solutions across AWS, GCP, and Azure using Palo Alto VM-Series as the central pillar. This is a technical "implementer" role where you will architect, design, build, and operate cloud network security infrastructure You will bridge the gap between traditional network security and cloud-native architectures, leveraging Terraform and Python to deploy security as code. Your goal is to ensure that our global cloud expansion remains resilient, compliant, and protected against machine-speed threats.

Responsibilities

1. Architecture & Design

• Multi-Cloud Infrastructure Design: Design and develop robust cloud network infrastructure across AWS, GCP, and Azure, leveraging Palo Alto instances as the central solution for deep traffic inspection.

• Solution Blueprints: Create detailed cloud network diagrams, design documents, and implementation plans for new cloud-native and hybrid security architectures.

• Architectural Collaboration: Partner closely with network and cloud architects to integrate firewall solutions seamlessly into the existing global network fabric.

​

2. Product Lifecycle & Evolution

• Advanced Palo Alto Engineering: Execute advanced configuration and management of Palo Alto solutions (VM-Series, Panorama), including complex upgrades and migrations in production environments.

• Cloud Programming: Leverage a deep understanding of cloud vendor network infrastructures to configure, program, and deploy security solutions via automated pipelines.

• Feature Enforcement: Implement and manage App-ID, User-ID, WildFire, Threat Prevention, SSL Decryption, and GlobalProtect to enforce a Zero Trust posture.

​

3. Operational Excellence & Visibility

• Technical Subject Matter Expertise: Troubleshoot complex network and security issues related to cloud-native routing, load balancing, and firewall inspection within multi-cloud environments.

• Automation & Orchestration: Manage security policies as code while continuously improving automation workflows and cross-platform orchestration to eliminate manual friction, reduce operational overhead, and ensure consistent, high-speed security enforcement.

• Continuous Evolution: Stay current with emerging threats, cloud-specific vulnerabilities, and evolving security technologies to proactively refine our defense-in-depth strategy.

• On-Call Readiness: Available for on-call support on a rotating schedule to ensure the continuous availability and integrity of global edge security services.

Qualifications

Education / Experience

• Educational Background: Bachelor’s degree in Computer Science , Software Engineering , Information Security , or a related technical field.

• Cloud Security Expertise: Proven track record of implementing network security controls in at least two major cloud providers (AWS, Azure, or GCP).

• Security Foundation: 3+ years of experience in designing, deploying, and supporting Next-Generation Firewalls (NGFW) with a strong networking background.

• Perimeter & Inspection Expertise: Proven track record in configuring and maintaining Palo Alto Next-Generation Firewalls (NGFW) , including TLS inspection, User identification, WildFire, Threat Prevention, URL Filtering and GlobalProtect.

• Automation Engineering: Proven experience using Ansible, Terraform, or Python to manage network security infrastructure at scale.

• Large-Scale Infrastructure: Experience managing security controls in complex, global environments involving thousands of diverse device profiles (IoT, Medical, Corporate).

• Regulated Industry: Experience working in highly regulated environments (e.g., Pharmaceuticals, Healthcare, or Finance) is a significant plus.

​

Technical Skills

• NGFW Expert: Expert-level knowledge of Palo Alto and/or Fortinet platforms, including advanced threat prevention, TLS inspection, and high-availability design.

• Multi-Cloud native skills: Proficient in configuring cloud-specific network components (VPCs, VNETs, Transit Gateways, Load Balancers) across AWS, Azure, and GCP.

• Network Foundations: Deep understanding of core protocols (BGP, OSPF, DNS, TLS/SSL) and how they intersect with security enforcement.

• Foundational Security: Solid understanding of security concepts, trends, and best practices with experience operating in validated (GxP) environments.

Skills below will be considered a plus:

• Vendor certifications: Palo Alto Networks PCNSE, AWS Certified Security, Azure Security Engineer Associate.

• Cybersecurity certification: CISSP

• Infrastructure as Code (IaC): Proficiency in Terraform and GitHub to maintain version-controlled, reproducible security configurations.

• Scripting & Integration: Strong skills in Python or Go to build custom API integrations between security platforms and internal orchestration tools.

Leadership Skills

• Communication: Strong ability to build trust with network and infrastructure experts and explain complex security policy concepts to non-technical stakeholders.

• Innovation & Curiosity: A relentless passion for staying ahead of threat actors by researching emerging network security trends and automated enforcement techniques.

• Thriving in Ambiguity: Ability to navigate global complexity and drive clarity when translating high-level security requirements into functional network policies.

• Self-Starter: Proven ability to manage technical workstreams from concept to production with minimal supervision, taking full ownership of the Edge Defense product lifecycle.

Additional Qualifications

• Demonstrated ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices and analysis techniques

• Strong facilitation, communication, and conflict resolution skills to ensure alignment across multiple product squads and complex stakeholder networks

• Demonstrated interpersonal, collaborative and commitment to operational excellence skills.

Who we are

A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.

Let’s build a healthier future, together.

Roche is an Equal Opportunity Employer.