At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.
Our Secure Access team protects the organization’s global workforce by delivering and operating the technologies that enable secure, reliable, and compliant access to corporate resources. We work at the intersection of network security, identity, and cloud — supporting users and business-critical systems in a regulated industry environment.
Do you want to make a meaningful impact as a Security Engineer focused on secure access and network security? Do you thrive in a fast-paced, self-directed environment? If so, we’d love to hear from you!
As a Security Engineer on the Secure Access team, you will design, implement, and operate the technologies that underpin our organization’s remote access, web security, and network protection capabilities. You will be a hands-on contributor who brings both deep technical expertise and the energy to drive improvements independently.
The Secure Access team engineers, delivers, and supports the solutions used to provide secure network access across the corporate environment — spanning on-premises, cloud, and hybrid infrastructure. The team provides hands-on engineering, configuration management, and automation support to keep access controls robust, auditable, and scalable in a regulated industry context.
Design, implement, and operate Cloudflare-based web security and Zero Trust access solutions.
Administer and support GlobalProtect VPN infrastructure, including policy management, troubleshooting, and lifecycle operations.
Build and maintain automation pipelines to reduce manual toil and improve consistency across security configurations.
Manage infrastructure-as-code using Terraform and maintain version-controlled configurations in GitHub.
Own configuration management processes in ServiceNow, ensuring accurate CMDB records and change management compliance.
Ensure security solutions meet regulatory requirements and support audit and compliance activities.
Proactively identify gaps in access controls and propose improvements with a self-driven, solution-oriented mindset.
Collaborate with cross-functional partners including network, identity, and cloud teams to deliver integrated secure access capabilities.
Mentors more junior team members and contributes to the development of security best practices
High energy, self-motivated, and capable of owning work end-to-end with minimal direction.
Accountability/Problem Solving: Independently leads the analysis of moderately complex cybersecurity incidents and technical problems, clearly defining the security problem scope and driving root cause analysis for security breaches or vulnerabilities
Identifies a diverse range of security stakeholders across functional areas and effectively manages relationships to build reliance through deep business and technical understanding, acting as a trusted advisor
Strong customer focus with a highly responsive service delivery and support ethic.
Collaborative and communicative — comfortable working across distributed, cross-functional teams.
Detail-oriented with a commitment to quality, documentation, and operational excellence.
Strong written and verbal English communication skills.
5-7 years of hands-on technical experience in security engineering, with a focus on network security and secure access technologies.
Demonstrated hands-on experience with Cloudflare (e.g., Cloudflare Access, Gateway, WAF, or CDN security features).
Hands-on experience with Palo Alto GlobalProtect VPN, including deployment, policy management, and troubleshooting.
Proficiency with Terraform for infrastructure-as-code and GitHub for version control and collaboration.
Experience using ServiceNow for configuration management (CMDB), change management, and/or incident management.
Proven experience building automation to support security operations (scripts, workflows, or CI/CD pipelines).
Prior experience working in a regulated industry (e.g., healthcare, finance, pharma, or government) with an understanding of compliance and audit requirements.
Strong understanding of network security concepts including Zero Trust, VPN, DNS, firewalls, and web proxies.
Familiarity with Agile and DevOps practices; experience with CI/CD tooling (e.g., GitHub Actions, Jenkins, Ansible).
Experience with AWS, Azure, or GCP cloud security services.
Exposure to SIEM, EDR, or broader security operations tooling.
Relevant certifications such as PCNSE, Cloudflare Certified, CCNP Security, or equivalent.
A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact.
Let’s build a healthier future, together.
Roche is an Equal Opportunity Employer.