EuroTalent

Cybersecurity Engineer for Network Security

Roche
MadridCompetitiveFull time0 applicants

About this role

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections,  where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters.

The Position

The

Network Security

product makes Roche’s connectivity accessible and secure through actionable, policy-driven processes. The capabilities we provide enable Roche to identify, inspect, and mitigate network-based risks, manage regulatory compliance, and oversee egress/ingress traffic across all layers. Our solutions are primarily instantiated through leading-edge security platforms and automated orchestration. We work closely with Cloud, Infrastructure, and Incident Response teams to provide enterprise visibility into Roche’s network security posture.

You’ll be working within the

Network Security Product

area. This area is accountable for the end-to-end delivery of solutions—designing, building, and maintaining the technologies that protect Roche networks and the Internet, whether on-prem or cloud-based. This includes continuous improvement of capabilities like Internet Security Stack,

DDoS Protection

,

Site-to-Site Connectivity (VPN)

, Network Access Control and

Deep Packet Inspection

to stay ahead of an ever-evolving threat landscape.

As the Subject Matter Expert (SME) for Network Security, you will lead the Design, Build, and Improvement of critical security infrastructures, specifically focusing on Cisco ISE, Wired Access Control (WAC), and Palo Alto Networks. This is a dual-impact role: you are the technical authority for the secure access layer, while simultaneously leading the engineering of a custom observability framework. You will develop the front-end, back-end, and integration logic required to provide deep visibility into the security product health and asset inventory.

Job Responsibilities

1. SME:

Secure Access (ISE, WAC, Palo Alto)

Design & Architecture: Lead the high-level and low-level design (HLD/LLD) for global Cisco ISE deployments and Wired Access Control (WAC) strategies to ensure seamless, identity-based security.

Palo Alto SME: Serve as the primary engineer for Palo Alto NGFW architectures, including advanced threat prevention, decryption, and secure egress/ingress traffic management.

Continuous Improvement: Proactively identify gaps in the current security posture and implement technical enhancements to NAC policies, SGT (TrustSec) propagation, and firewall rule-sets.

Build & Implementation: Act as the lead "implementer" for complex global migrations and new feature rollouts across the network security stack.

2. Observability Framework Engineering

Full-Stack Development:

Architect and develop a custom framework (front-end and back-end) to provide a "single pane of glass" for infrastructure health.

Inventory & Integration:

Build automated integrations with external data sources (CMDB, IPAM, etc.) to maintain a real-time, dynamic inventory of all network assets and security nodes.

Telemetry Logic:

Design custom logic to ingest and visualize telemetry from ISE, WAC, and Palo Alto using APIs, SNMP, and Syslog.

3. Operational Excellence & Visibility

Technical Subject Matter Expertise:

Serve as the lead engineer for complex network security escalations, providing root-cause analysis and implementing long-term, automated architectural fixes.

Security Observability:

Develop dashboards and reporting to provide real-time visibility into the "connected landscape," identifying insecure nodes or unauthorized devices before they can affect the network.

Automation & Orchestration:

Manage security policies as code while continuously improving

automation workflows

and cross-platform

orchestration

to  eliminate manual friction, reduce operational overhead, and ensure consistent, high-speed security enforcement.

Self-Service & Enablement:

Design and build

self-service capabilities

that empower internal teams to consume network security controls autonomously and securely.

Requirements

  • Education / Experience
  • Educational Background:
  • Bachelor’s degree in
  • Computer Science
  • ,
  • Software Engineering
  • ,
  • Information Security
  • , or a related technical field.
  • Network Access Control Mastery:
  • 3+ years of hands-on experience in designing, implementing, and managing enterprise-grade NAC solutions, specifically
  • Cisco ISE
  • .
  • Perimeter & Inspection Expertise:
  • Proven track record in configuring and maintaining
  • Palo Alto Next-Generation Firewalls (NGFW)
  • , including SSL decryption and threat prevention.
  • Automation Engineering:
  • Proven experience using
  • Ansible, Terraform, or Python
  • to manage network security infrastructure at scale.
  • Large-Scale Infrastructure:
  • Experience managing security controls in complex, global environments involving thousands of diverse device profiles (IoT, Medical, Corporate).
  • Regulated Industry:
  • Experience working in highly regulated environments (e.g., Pharmaceuticals, Healthcare, or Finance) is a significant plus.
  • Technical Skills
  • Cisco ISE Specialist:
  • Expert-level knowledge of
  • Cisco ISE
  • , including hands-on experience with
  • TrustSec, Dot1x, MAB, and Profiling
  • .
  • Coding & Integration:
  • Strong scripting skills in
  • Python, PowerShell, or Bash
  • to develop self-service tools and custom API integrations between security platforms. API integrations between security platforms.
  • API & Integration:
  • Deep experience with REST APIs for integrating security platforms with external information sources.
  • Segmentation Technologies:
  • Proficiency in network virtualization and segmentation techniques (such as TrustSec, SGTs, or VRFs) applied to security use cases.
  • Palo Alto Mastery:
  • Proven track record in deploying and troubleshooting
  • Palo Alto Firewalls
  • in complex HA environments (
  • Active/Active and Active/Passive
  • ).
  • Network Foundations:
  • Deep understanding of RADIUS, TACACS+, and core routing/switching as they relate to security enforcement.
  • Monitoring Stack:
  • Advanced knowledge of
  • LogicMonitor
  • , Splunk, or similar tools, specifically for creating custom DataSources and Dashboards.
  • Architectural Mindset:
  • Ability to design "Defense in Depth" flows that connect device identity to granular network permissions.
  • Skills below will be considered a plus:
  • Infrastructure as Code (IaC):
  • Proficiency in
  • Terraform
  • and
  • GitHub
  • to design and manage reproducible, version-controlled network security configurations.
  • Engineering & Orchestration:
  • Proven ability to build
  • CI/CD pipelines
  • and automated workflows that streamline cross-platform security operations and eliminate manual friction.
  • Enterprise Networking:
  • Solid foundation in enterprise networking (L2/L3), including advanced knowledge of routing protocols (BGP, OSPF) and switching (VLANs, VXLAN) to ensure seamless security policy integration.
  • Leadership Skills
  • Communication:
  • Strong ability to build trust with network and infrastructure experts and explain complex security policy concepts to non-technical stakeholders.
  • Innovation & Curiosity:
  • A relentless passion for staying ahead of threat actors by researching emerging network security trends and automated enforcement techniques.
  • Thriving in Ambiguity:
  • Ability to navigate global complexity and drive clarity when translating high-level security requirements into functional network policies.
  • Self-Starter:
  • Proven ability to manage technical workstreams from concept to production with minimal supervision, taking full ownership of the NAC product lifecycle.
  • Additional Qualifications
  • Demonstrated ability to mentor colleagues with less experience and provide guidance on cybersecurity best practices and analysis techniques
  • Strong facilitation, communication, and conflict resolution skills to ensure alignment across multiple product squads and complex stakeholder networks
  • Demonstrated interpersonal, collaborative and commitment to operational excellence skills.

About Roche

A healthier future drives us to innovate. Together, more than 100’000 employees across the globe are dedicated to advance science, ensuring everyone has access to healthcare today and for generations to come. Our efforts result in more than 26 million people treated with our medicines and over 30 billion tests conducted using our Diagnostics products. We empower each other to explore new possibilities, foster creativity, and keep our ambitions high, so we can deliver life-changing healthcare solutions that make a global impact. Let’s build a healthier future, together. Roche is an Equal Opportunity Employer.

EU Requirements

Job Details

Posted13 June 2026
Closes13 July 2026
Job TypeFull time

Contact

Similar Jobs

Finding similar jobs...

Back to all jobs