Sr. Network Security Architect

at  Thermo Fisher Scientific

When you join us at Thermo Fisher Scientific, you’ll be part of an inquisitive team that shares your passion for exploration and discovery. With revenues of more than $40 billion and the largest investment in R&D in the industry, we give our people the resources and chances to create significant contributions to the world.
Job Title: Sr. Network Security Architect
Location/Division Specific Information:
This position is in the Cybersecurity Architecture team within Corporate Infrastructure & Security (CIS).
How will you make an impact?
As a Sr. Network Security Architect, you’ll be a part of our global Cybersecurity Architecture team and responsible for the overall design and development of Thermo Fisher’s network security posture, solutions, architecture, and automation. You’ll also get to work with various technical teams and projects to ensure security best practices and standards are followed appropriately.

What will you do?

• Meet with various stakeholders to understand their business needs and steer decisions to ensure appropriate levels of security for new solutions and designs for both IT and OT environments.
• Take an active role in improving the way network security controls are used and operated within the company; create reusable designs and standards for security control constraints, ensure devices support the appropriate functionality, and that the standards are well understood across the different technical teams.
• Test and develop new solutions, including solutions from various vendors, building custom automations, and pushing the boundaries of existing technologies as necessary.
• Ensure network security solutions provide the appropriate level of visibility into traffic flows and security related events and that information is actionable. Develop workbooks and automations around events where needed.
• Be a key player in building the company’s next generation Internet Access and Remote Access solutions, including Zero Trust Network Access.
• Ensure configuration standards are followed by building automatic policy validation and enforcement pipelines together with other architects and engineers.
• Lead related implementation and improvement projects when necessary.

How will you get here?

• Bachelor’s Degree in cybersecurity, computer science, or related field preferred. Candidates with equivalent work experience will be considered.
• Professional certifications not required, but encouraged: CISSP, or other security-related certifications considered a plus.
• 7+ years of technical hands-on experience with networking and network security solutions within large complex multivendor environments. Working knowledge of other IT functional areas such as cloud environments, operating systems, active directory, encryption, and endpoint management.
• Hands-on experience with automation and software development. Ability to design automated processes and to provide hands-on leadership with implementation strongly desired.
• Practical experience with solutions from vendors such as Fortinet, Palo Alto, F5, Cisco, Splunk and with open-source platforms such as StackStorm.
• Familiarity and hands-on experience with various areas of network security, such as NGFWs, IDS/IPS, WAFs, SSE/SASE, SWG, CASB, DLP and ZTNA.
• Experience with OT environments and domain specific protocols such as Modbus, EtherCAT and BACnet.
• Ability to explain technical details to IT and business leadership with a focus on encouraging technical changes or investment where appropriate.
• Proactively communicate and collaborate with the business on maintaining our security posture.

Knowledge, Skills, Abilities

• Strong proactive analytical and problem-solving skills in both ambiguous and tactical situations with a bias for action.
• Ability to have difficult discussions and “push back” when needed.
• Excellent written and verbal communication skills.
• Dedication to excellence, high-quality standards, and attention to detail.

• Meet with various stakeholders to understand their business needs and steer decisions to ensure appropriate levels of security for new solutions and designs for both IT and OT environments.
• Take an active role in improving the way network security controls are used and operated within the company; create reusable designs and standards for security control constraints, ensure devices support the appropriate functionality, and that the standards are well understood across the different technical teams.
• Test and develop new solutions, including solutions from various vendors, building custom automations, and pushing the boundaries of existing technologies as necessary.
• Ensure network security solutions provide the appropriate level of visibility into traffic flows and security related events and that information is actionable. Develop workbooks and automations around events where needed.
• Be a key player in building the company’s next generation Internet Access and Remote Access solutions, including Zero Trust Network Access.
• Ensure configuration standards are followed by building automatic policy validation and enforcement pipelines together with other architects and engineers.
• Lead related implementation and improvement projects when necessary