JOB DESCRIPTION

As part of the Thermo Fisher Scientific team, you’ll discover meaningful work that makes a positive impact on a global scale. Join our colleagues in bringing our Mission to life every single day to enable our customers to make the world healthier, cleaner and safer. We provide our global teams with the resources needed to achieve individual career goals while helping to take science a step beyond by developing solutions for some of the world’s toughest challenges, like protecting the environment, making sure our food is safe or helping find cures for cancer.

EDUCATION

Bachelor’s or Master’s degree in Computer Science, Information Security, or a related field. Professional security certifications (e.g., CISSP, CISM, CSSLP) are highly desirable.

EXPERIENCE

• Demonstrated ability in a software security role with hands-on experience in security architecture design and implementation
• Deep knowledge of security principles, technologies, and frameworks (e.g., OWASP, SANS)
• Hands-on experience with programming languages used in the organization, e.g. .NET, Go, JavaScript
• Expert knowledge about architectural principles, practices, and approaches, such as microservices
• Strong cloud knowledge, especially AWS, and secondarily Azure
• Deep understanding of operating systems and deployment technologies, including Kubernetes, Linux, NGINX, Docker, etc.
• Experience with data infrastructure technologies like databases, message brokers, and distributed caches, e.g. PostgreSQL, RabbitMQ, Redis
• Familiarity with communication methodologies, including REST, gRPC, Web Sockets, SSE, and Webhooks
• Strong analytical and problem-solving skills, with the ability to perform comprehensive security assessments and make well-informed decisions
• Experience in working in agile environment

KNOWLEDGE, SKILLS, ABILITIES

• Excellent verbal and written communication skills effectively articulate security needs and strategies to both technical and non-technical collaborators and partners
• Ability to lead and inspire a team. Strong project management and organizational skills
• Ability to work with customers and their IT representatives

Security Framework Development: Develop, maintain, and improve a comprehensive security methodology for all software engineering projects, ensuring alignment with industry standards.
Threat Modeling & Risk Assessment: Perform threat modeling and risk assessments for software architectures, identifying potential vulnerabilities and devising strategies to mitigate risks.
Security Guidelines & Standards: Establish and enforce security guidelines, standards, and policies to be followed throughout the software development process.
Collaboration & Guidance: Work closely with development teams to integrate security considerations into the software design and development processes. Provide expert mentorship on secure coding practices and vulnerability remediation.
Security Tools & Technologies: Evaluate, recommend, and implement security tools and technologies to improve the security posture of software solutions.
Incident Response: Participate in the development and execution of incident response plans, including conducting post-mortem analysis and implementing corrective actions to prevent future occurrences.
Compliance & Certification: Ensure that software solutions align with relevant regulatory and compliance requirements. Assist in the preparation for and management of audits and certifications.
Awareness & Training: Promote security awareness among development teams and collaborators. Conduct regular training sessions on standard methodologies and emerging threats.
Continuous Improvement: Continuously monitor the security landscape for emerging threats and vulnerabilities. Recommend and implement improvements to security policies, procedures, and controls.