Senior Cybersecurity Engineer

provide a seamless authentication flow. - Architect highly available authentication services supporting Roche's global workforce. - Network Access Control (NAC) and Segmentation - Manage Cisco ISE deployments, including upgrades, capacity planning, and optimization. - Develop endpoint profiling techniques to secure corporate, medical, and IoT devices. - Implement access control mechanisms such as Dot1x, MAB, Guest Access, and posture-based authorization. - Design and oversee TrustSec and SGT-based micro-segmentation. - Operational Excellence and Automation - Escalate and analyze complex incidents to prevent recurrence. - Maintain observability, monitoring, and reporting dashboards. - Apply IaC principles and security automation to improve deployment speed and consistency. - Build and optimize API-driven integrations and self-service capabilities. - Global Operations - Ensure secure connectivity for thousands of endpoints across global regions. - Collaborate with distributed

product squads and stakeholders to deliver integrated security solutions. Qualifications - Education / Experience - Bachelor's degree in Computer Science, Software Engineering, Information Security, or a related technical field. - 5+ years of hands-on experience designing, implementing, and managing enterprise-grade NAC solutions, especially Cisco ISE. - Proven experience deploying and configuring Palo Alto NGFWs, including SSL decryption and threat prevention. - Experience managing security controls in large, global environments with diverse device profiles (IoT, medical, corporate). - Experience in highly regulated industries such as Pharmaceuticals, Healthcare, or Finance is a significant plus. - Technical Skills - Expert knowledge of Cisco ISE, TrustSec, Dot1x, MAB, profiling, guest portals, REST APIs, complex enterprise policies, EAP-TLS, EAP-TEAP, RADIUS, TACACS+. - Strong understanding of PKI and certificate lifecycle management. - Proficiency in network virtualization and segmentation techniques (TrustSec, SGTs, VRFs). - Experience troubleshooting Palo Alto Firewalls in HA environments. - Architectural mindset: design Defense in Depth flows that connect device identity to granular network permissions. - Automation and Engineering - Proficiency with Ansible/Terraform, Python, and IaC tools for managing network security infrastructure. - Build CI/CD pipelines with Gitlab/GitHub and automate workflows across security platforms. - Strong scripting skills in Python, PowerShell, or Bash. - Enterprise Networking - Solid foundation in L2/L3 networking, routing protocols (BGP, OSPF), and switching (VLANs, VXLAN). - Leadership and Communication - Excellent stakeholder management and communication skills. - Ability to mentor junior engineers and drive operational excellence. - Strong facilitation, conflict resolution, and collaboration skills. - Desirable Skills - Terraform, GitHub for IaC; network security automation through APIs.

• Experience building self-service tools and custom API integrations between security platforms. Equal Opportunity Employer Roche is an Equal Opportunity Employer. We believe it's urgent to deliver medical solutions right now - even as we develop innovations for the future. We are passionate about transforming patients' lives, courageous in both decision and action, and committed to scientific rigor, ethics, and access to medical innovations for all.

Senior Cybersecurity Engineer (Network Security) The Network Security product makes Roche's connectivity accessible and secure through actionable, policy-driven processes. The role focuses on designing, building, and maintaining the technologies that protect Roche networks and the Internet, whether on-prem or cloud-based. Responsibilities - Product Ownership and Technical Leadership - Act as the primary SME for Secure Access technologies and evaluate emerging tools. - Drive the long-term technical roadmap for network access aligned with Roche's Zero Trust strategy. - Partner with business units to translate high-level security requirements into actionable, scalable initiatives and policies. - Mentor junior engineers and foster continuous learning. - Identity-Based Access and Authentication - Design, deploy, and maintain authentication solutions using protocols such as 802.1X, EAP-TLS, EAP-TEAP, RADIUS, TACACS+, SAML, and MFA. - Integrate security platforms with enterprise IdPs to