Not quite sure what you are trying to accomplish, but the role security model is hardcoded in spring-surf/spring webscripts. There is guest, user and admin. If what you want is another analogous role you’ll have to hack the spring-surf libaries, namely:

org/springframework/extensions/surf/mvc/PageView.java
org/springframework/extensions/webscripts/ScriptUser.java
org/springframework/extensions/webscripts/Description.java
org/springframework/extensions/webscripts/connector/User.java

This is what I had to do to implement user.isEmployee. This approach allows you to literally treat your new role just as the others.

you can use

<authentication>employee</authentication>

in page descriptors or

<item type="link" permission="employee" id="people">/people-finder</item>

on the navigation.

Just checking whether the user is in a certain group in a certain webscript is a whole diffrent story and does not provide the same functionality.

If what you want is the latter, you should make a call to

/alfresco/service/api/groups/{shortName}

miss
and works through the response.

Update: The item permission attribute requires a little more tweaking.
In header.get.js, propagate the new role to it gets processed properly in header.inc.ftl:

model.permissions =
{
    guest: user.isGuest,
    admin: user.isAdmin,
    employee : user.isEmployee
};