CyberSecurity Architect
Thermo Fisher Scientific
Work Schedule
Standard (Mon-Fri)Environmental Conditions
OfficeJob Description
As part of the Thermo Fisher Scientific team, you’ll discover meaningful work that makes a positive impact on a global scale. Join our colleagues in bringing our Mission to life every single day to enable our customers to make the world healthier, cleaner and safer. We provide our global teams with the resources needed to achieve individual career goals while helping to take science a step beyond by developing solutions for some of the world’s toughest challenges, like protecting the environment, making sure our food is safe or helping find cures for cancer.
Key Responsibilities
Product & Platform Security Architecture
Define cybersecurity architecture for scientific instruments, embedded systems, and connected applications across Android, Debian, Java/C++, and Eclipse RCP platforms.
Design secure architectures for desktop analysis applications (Java-based, Swing, RCP, and modern web-stack front ends).
Architect secure cloud infrastructure and applications in AWS, aligning with AWS Well-Architected Framework and healthcare/clinical data protection requirements.
Establish threat models and security controls for interconnected lab ecosystems (support for lab of the future), including ingestion pipelines, assay workflows, and instrument-to-cloud communication.
Regulatory & Standards Compliance (Dx + Global)
- Lead cybersecurity compliance strategy for regulated diagnostic products, ensuring alignment with:
- FDA Premarket Cybersecurity Guidance & 21 CFR 820
- IVDR Annex I and MDCG cybersecurity expectations
- NMPA cybersecurity and data protection requirements
EU Cyber Resilience Act (CRA) obligations
SBOM/Software Lifecycle requirements (FDA, CRA)
Support RUO, Clinical Laboratory, and LDT workflows with appropriate risk-based security controls.
Ensure alignment with global standards: ISO 14971, 13485, 27001/27002, 62304, 81001-5-1, UL 2900, and OWASP MAS/ASVS.
Secure Software Development Lifecycle (SSDLC)
Define and maintain secure coding and review practices for Java, C++, Python, and front-end frameworks.
Lead integration of Static Application Security Testing, Software Composition Analysis, IaC scanning, container security, and SBOM generation into CI/CD pipelines.
Guide engineering teams on secure-by-design patterns, secret management, secure comms, and secure data flows.
Threat Modeling, Risk Assessment & Vulnerability Management
Own threat modeling (STRIDE, attack trees, misuse cases) for instrument firmware, embedded OS, desktop clients, and cloud services.
Define vulnerability management processes across on-premise and cloud deployments.
Ensure secure configuration baselines for Android and Debian-based instruments.
Partner with product security teams to evaluate zero-day impact, develop mitigations, and coordinate disclosures where required.
Cloud, Connectivity & Data Protection
Architect secure connectivity between instruments, desktop clients, and cloud systems, including TLS, mutual authentication, key rotation, and certificate management.
Oversee data privacy and protection controls (PII, PHI, genomic and assay-derived data) in compliance with HIPAA, GDPR, and global equivalents.
Ensure secure API design, identity & access management, least privilege-based role models, and zero-trust principles in AWS.
Cross-Functional Leadership
Collaborate with system architects, R&D teams, product owners, CIS, and regulatory/quality teams to ensure all products meet security and regulatory expectations.
Provide cybersecurity requirements into PRDs, system architecture, and risk files.
Serve as the technical lead during regulatory submissions and audits (FDA, EU Notified Bodies, NMPA).
Champion security culture through training, secure design reviews, and best-practice guidance.