At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.
Description of the area
The Network & Perimeter Security product makes Roche’s connectivity accessible and secure through actionable, policy-driven processes. The capabilities we provide enable Roche to identify, inspect, and mitigate network-based risks, manage regulatory compliance, and oversee egress/ingress traffic across all layers. Our solutions are primarily instantiated through leading-edge security platforms and automated orchestration. We work closely with Cloud, Infrastructure, and Incident Response teams to provide enterprise visibility into Roche’s network security posture.
You’ll be working within the Network Security Product area. This area is accountable for the end-to-end delivery of solutions—designing, building, and maintaining the technologies that protect Roche networks and the Internet, whether on-prem or cloud-based. This includes continuous improvement of capabilities like Internet Security Stack, DDoS Protection, Site-to-Site Connectivity (VPN), Network Access Control and Deep Packet Inspection to stay ahead of an ever-evolving threat landscape.
Job description
As a Senior Cybersecurity Engineer (Edge Defense), you will play a pivotal role in the end-to-end lifecycle of our perimeter and cloud security products. Your primary focus will be the global engineering, adoption, and optimization of our Edge security stack, including Next-Generation Firewalls (NGFW), DDoS mitigation, and Zero Trust Network Access (ZTNA). You are a technical "implementer" responsible for designing robust, high-availability architectures that protect our global network from external threats while enabling secure, seamless access to multi-cloud environments. By leveraging an "Automation-First" mindset, you will transform traditional perimeter controls into scalable, code-driven security services, ensuring Roche’s digital boundaries remain resilient in an evolving threat landscape.
Job responsibilities
1. Edge Architecture & Engineering
Perimeter Defense Mastery: Lead the end-to-end deployment, configuration, and maintenance of Next-Generation Firewalls (Palo Alto, Fortinet), ensuring high availability (Active/Active & Active/Passive) and optimal inspection performance across global entry points.
Zero Trust Transition: Architect and implement ZTNA solutions to move beyond legacy VPNs, focusing on granular, application-level access and identity-aware security policies.
Multi-Cloud Network Security: Engineer and manage cloud-native security controls within AWS, Azure, and GCP, ensuring consistent security posture across hybrid and multi-cloud environments.
DDoS & Threat Mitigation: Design and refine DDoS protection strategies and automated threat prevention policies (SSL decryption, IPS/IDS) to shield critical infrastructure from sophisticated external attacks.
2. Product Lifecycle & Evolution
Lifecycle Governance: Oversee the delivery of Edge solutions from initial design through build, global rollout, and continuous optimization, ensuring that all security controls are reliable, scalable, and documented.
Edge Innovation: Proactively identify emerging trends in Edge computing and SASE (Secure Access Service Edge) to inform the product roadmap and maintain a competitive advantage in network defense.
3. Operational Excellence & Visibility
Technical Subject Matter Expertise: Serve as the lead engineer for complex network security escalations, performing deep-packet analysis and root-cause investigations to implement long-term architectural fixes.
Security Observability: Develop advanced monitoring dashboards and telemetry to provide real-time visibility into edge traffic patterns, attack surfaces, and the health of the security stack.
Automation & Orchestration: Manage security policies as code while continuously improving automation workflows and cross-platform orchestration to eliminate manual friction, reduce operational overhead, and ensure consistent, high-speed security enforcement.
Self-Service & Enablement: Build and maintain automated workflows and APIs that allow internal dev teams to consume edge security services (e.g., automated firewall rule requests) autonomously and securely.
On-Call Readiness: Available for on-call support on a rotating schedule to ensure the continuous availability and integrity of global edge security services.
Qualifications
Educational Background: Bachelor’s degree in Computer Science, Software Engineering, Information Security, or a related technical field.
Perimeter Security Mastery: 5+ years of hands-on experience in designing and managing enterprise-grade Firewall environments (specifically Palo Alto and/or Fortinet).
Cloud Security Expertise: Proven track record of implementing network security controls in at least two major cloud providers (AWS, Azure, or GCP).
Perimeter & Inspection Expertise: Proven track record in configuring and maintaining Palo Alto Next-Generation Firewalls (NGFW), including TLS inspection, User identification, WildFire, Threat Prevention, URL Filtering and GlobalProtect.
Automation Engineering: Proven experience using Ansible, Terraform, or Python to manage network security infrastructure at scale.
Large-Scale Infrastructure: Experience managing security controls in complex, global environments involving thousands of diverse device profiles (IoT, Medical, Corporate).
Regulated Industry: Experience working in highly regulated environments (e.g., Pharmaceuticals, Healthcare, or Finance) is a significant plus.
NGFW Expert: Expert-level knowledge of Palo Alto and/or Fortinet platforms, including advanced threat prevention, SSL decryption, and high-availability design.
DDoS Mitigation: Experience managing specialized DDoS protection services (e.g., Akamai, Cloudflare, or F5).
ZTNA & Remote Access: Proficiency in modern Zero Trust architectures and SASE frameworks (e.g., Zscaler, Prisma Access).
Multi-Cloud Networking: Strong understanding of cloud networking components (VPCs, VNETs, Transit Gateways, Cloud Firewalls).
Network Foundations: Deep understanding of core protocols (BGP, OSPF, DNS, TLS/SSL) and how they intersect with security enforcement.
Skills below will be considered a plus:
Vendor certifications: Fortinet NSE or Palo Alto Networks PCNSA
PCNSE or Cisco CCNP Security
Cybersecurity certification: CISSP
Infrastructure as Code (IaC): Proficiency in Terraform and GitHub to maintain version-controlled, reproducible security configurations.
Scripting & Integration: Strong skills in Python or Go to build custom API integrations between security platforms and internal orchestration tools.
DDoS Mitigation: Experience managing specialized DDoS protection services (e.g., Akamai, Cloudflare, or F5).
Governance Frameworks: Familiarity with NIST, ISO 27001, and FAIR data principles.
Communication: Strong ability to build trust with network and infrastructure experts and explain complex security policy concepts to non-technical stakeholders.
Innovation & Curiosity: A relentless passion for staying ahead of threat actors by researching emerging network security trends and automated enforcement techniques.
Thriving in Ambiguity: Ability to navigate global complexity and drive clarity when translating high-level security requirements into functional network policies.
Self-Starter: Proven ability to manage technical workstreams from concept to production with minimal supervision, taking full ownership of the Edge Defense product lifecycle.
Additional Qualifications
Demonstrated ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices and analysis techniques
Strong facilitation, communication, and conflict resolution skills to ensure alignment across multiple product squads and complex stakeholder networks
Demonstrated interpersonal, collaborative and commitment to operational excellence skills
A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.
Let’s build a healthier future, together.
Roche is an Equal Opportunity Employer.