Cybersecurity Engineer for Edge Defense (Cloud)

Responsibilities

• Architecture & Design
• Multi-Cloud Infrastructure Design: Design and develop robust cloud network infrastructure across AWS, GCP, and Azure, leveraging Palo Alto instances as the central solution for deep traffic inspection.
• Solution Blueprints: Create detailed cloud network diagrams, design documents, and implementation plans for new cloud-native and hybrid security architectures.
• Architectural Collaboration: Partner closely with network and cloud architects to integrate firewall solutions seamlessly into the existing global network fabric.
• Product Lifecycle & Evolution
• Advanced Palo Alto Engineering: Execute advanced configuration and management of Palo Alto solutions (VM-Series, Panorama), including complex upgrades and migrations in production environments.
• Cloud Programming: Leverage a deep understanding of cloud vendor network infrastructures to configure, program, and deploy security solutions via automated pipelines.
• Feature Enforcement: Implement and manage App-ID, User-ID, WildFire, Threat Prevention, SSL Decryption, and GlobalProtect to enforce a Zero Trust posture.
• Operational Excellence & Visibility
• Technical Subject Matter Expertise: Troubleshoot complex network and security issues related to cloud-native routing, load balancing, and firewall inspection within multi-cloud environments.
• Automation & Orchestration: Manage security policies as code while continuously improving automation workflows and cross-platform orchestration to eliminate manual friction, reduce operational overhead, and ensure consistent, high-speed security enforcement.
• Continuous Evolution: Stay current with emerging threats, cloud-specific vulnerabilities, and evolving security technologies to proactively refine our defense-in-depth strategy.
• On-Call Readiness: Available for on-call support on a rotating schedule to ensure the continuous availability and integrity of global edge security services.

Requirements

• Education / Experience
• Educational Background: Bachelor's degree in Computer Science , Software Engineering , Information Security , or a related technical field.
• Cloud Security Expertise: Proven track record of implementing network security controls in at least two major cloud providers (AWS, Azure, or GCP).
• Security Foundation: 3+ years of experience in designing, deploying, and supporting Next-Generation Firewalls (NGFW) with a strong networking background.
• Perimeter & Inspection Expertise: Proven track record in configuring and maintaining Palo Alto Next-Generation Firewalls (NGFW) , including TLS inspection, User identification, WildFire, Threat Prevention, URL Filtering and GlobalProt

Benefits

Additional Information

At Roche you can show up as yourself, embraced for the unique qualities you bring. Our culture encourages personal expression, open dialogue, and genuine connections, where you are valued, accepted and respected for who you are, allowing you to thrive both personally and professionally. This is how we aim to prevent, stop and cure diseases and ensure everyone has access to healthcare today and for generations to come. Join Roche, where every voice matters. The Position The Network Security product makes Roche's connectivity accessible and secure through actionable, policy-driven processes. The capabilities we provide enable Roche to identify, inspect, and mitigate network-based risks, manage regulatory compliance, and oversee egress/ingress traffic across all layers. Our solutions are primarily instantiated through leading-edge security platforms and automated orchestration. We work closely with Cloud, Infrastructure, and Incident Response teams to provide enterprise visibility into Roche's network security posture. You'll be working within the Network Security Product area. This area is accountable for the end-to-end delivery of solutions-designing, building, and maintaining the technologies that protect Roche networks and the Internet, whether on-prem or cloud-based. This includes continuous improvement of capabilities like Internet Security Stack, DDoS Protection , Site-to-Site Connectivity (VPN) , Network Access Control and Deep Packet Inspection to stay ahead of an ever-evolving threat landscape. As a Cybersecurity Engineer for Cloud & Edge Defense, you will be the primary architect and engineer responsible for the security of our global digital boundaries and multi-cloud ecosystems. Your mission is to secure our "front door" by designing and implementing high-performance traffic inspection solutions across AWS, GCP, and Azure using Palo Alto VM-Series as the central pillar. This is a technical "implementer" role where you will architect, design, build, and operate cloud network security infrastructure . You will bridge the gap between traditional network security and cloud-native architectures, leveraging Terraform and Python to deploy security as code. Your goal is to ensure that our global cloud expansion remains resilient, compliant, and protected against machine-speed threats.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Roche? Share your experience