Cybersecurity Engineer for Network Security observability

The Network & Perimeter Security product makes Roche's connectivity accessible and secure through actionable, policy-driven processes. The capabilities we provide enable Roche to identify, inspect, and mitigate network-based risks, manage regulatory compliance, and oversee egress/ingress traffic across all layers. Our solutions are primarily instantiated through leading-edge security platforms and automated orchestration. We work closely with Cloud, Infrastructure, and Incident Response teams to provide enterprise visibility into Roche's network security posture., As the Lead for Network Security Infrastructure Observability, you will be the primary architect and engineer responsible for the health, availability, and performance of our global security infrastructure. This is a hands-on technical leadership role that requires a solid foundation in Network Security engineering. You will architect, design, build, and operate the monitoring frameworks that ensure our security platforms (Firewalls, NAC, ZTNA) are running at peak operational efficiency. While your focus is on Infrastructure Reliability, success in this role depends on your deep technical understanding of how security controls-such as packet inspection, encryption, and access policies-impact system performance. By bridging the gap between security hardware/software (Palo Alto, Fortinet, ISE) and modern observability toolchains (LogicMonitor, Python, IaC), you will ensure that the organization's security "engine" is always visible, resilient, and perfectly tuned., 1. Infrastructure Architecture, Design & Build

• Security-Aware Monitoring Architecture: Architect and design a global visibility framework for understanding the key performance, health, and throughput indicators of core security appliances across services such as Edge Firewalls, Network Access Control (NAC), DDoS Mitigation, Network Authentication, Internal Network Segmentation, and VPNs.
• Observability Engineering: Build and deploy the observability toolchain specifically optimized to monitor the hardware and virtualized instances of Palo Alto, Fortinet, and Cisco ISE.
• LogicMonitor Development: Hands-on creation and tuning of DataSources and ConfigSources to capture hardware-level security telemetry (CPU/Data Plane utilization, Session counts, Tunnel health, and HA synchronization).
• Service Health Dashboarding: Design and build real-time operational dashboards that provide a clear view of the health, performance, and compliance status of the global security infrastructure.

2. Infrastructure Operations & Evolution

• Global Service Operations: Operate the global monitoring environment, ensuring the continuous health of the observability stack across diverse network segments and security zones.
• Infrastructure-as-Code (IaC): Leverage APIs and automation (Python/GitLab) to automate the provisioning of monitoring for new security devices, ensuring a "security-first" approach to visibility.
• Capacity & Performance Management: Analyze long-term infrastructure trends to provide data-driven recommendations for capacity scaling, especially as it relates to resource-intensive security features like SSL Decryption and IPS.
• Reliability Alerting: Establish and tune proactive alert thresholds that identify hardware or software degradation within the security stack before it impacts service delivery.

3. Operational Excellence & System Visibility

• Infrastructure Diagnostics: Use tools like Wireshark and SNMP Walk to troubleshoot complex connectivity issues between the observability platform and security devices, resolving MIB/OID mismatches in secured management planes.
• Technical Reliability Documentation: Develop comprehensive runbooks and technical guides for the ongoing operation, maintenance, and troubleshooting of the monitoring ecosystem.
• Collaborative Engineering: Partner with Network and Security Engineering squads to align monitoring setups with the deployment of new architectural security standards.
• Proactive Maintenance: Proactively identify and resolve potential monitoring gaps by staying updated on hardware telemetry updates and the latest secure SNMP (v3) implementation standards .

• Solid Security Foundation: 3-4 years of experience in Network Security Engineering or Infrastructure Reliability, with a deep understanding of firewall architectures and network access control systems.
• Professional Experience: Proven track record of designing and operating monitoring solutions for large-scale enterprise security infrastructure.
• Scale & Scope: Proven experience in architecting and operating solutions at a global scale.
• Educational Background: Bachelor's degree in Computer Science, Cyber Security, Information Technology, or a related technical field., Technical Skills
• Security Infrastructure Mastery: Expert-level knowledge of the operational mechanics and hardware architectures of Palo Alto Firewalls, Fortinet Firewalls, and Cisco ISE .
• Networking & Security Foundations: Strong foundation in TCP/IP, UDP, and the OSI model, with a specific focus on how security protocols (SSL/TLS, IPsec, RADIUS/TACACS+) interact with management and data planes.
• Observability Stack: Mastery of LogicMonitor (Collectors, DataSources) and experience with broader toolchains like Splunk, ELK, or Grafana.
• Network Protocols: Expert knowledge of SNMP (v2c/v3), MIBs, OIDs, and the ability to interpret security-specific device telemetry.
• DevOps & Automation: Proven ability to automate infrastructure tasks using Python, Groovy, GitLab, and GitLab-CI.

Skills below will be considered a plus:

• Certification: Professional certifications in Network Security (e.g., PCNSE, CCNP Security) or Monitoring (LogicMonitor Certified Professional).
• Cloud Infrastructure Monitoring: Knowledge of monitoring virtualized security appliances in AWS, Azure, or GCP.
• Forensic Diagnostics: Proficiency in Wireshark for analyzing management-plane traffic and SNMP communication within secured networks.

Leadership Skills

• Communication: Strong ability to build trust with network and infrastructure experts and explain complex security policy concepts to non-technical stakeholders.
• Innovation & Curiosity: A relentless passion for staying ahead of threat actors by researching emerging network security trends and automated enforcement techniques.
• Thriving in Ambiguity: Ability to navigate global complexity and drive clarity when translating high-level security requirements into functional network policies.
• Self-Starter: Proven ability to manage technical workstreams from concept to production with minimal supervision, taking full ownership of the Edge Defense product lifecycle., * Demonstrated ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices and analysis techniques
• Strong facilitation, communication, and conflict resolution skills to ensure alignment across multiple product squads and complex stakeholder networks
• Demonstrated interpersonal, collaborative and commitment to operational excellence skills.

A healthier future drives us to innovate. Together, more than 100'000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact. Let's build a healthier future, together. Roche is an Equal Opportunity Employer.