Thermo Fisher Scientific

Services Security Architect

Thermo Fisher Scientific  •  Eindhoven, NL (Onsite)  •  3 hours ago
Apply
Save Job
Mark Applied Mark Interviewed Mark Offered
Hide Job Report Job
AI can make mistakes so check important info. Chat history is never stored.

Job Description

Work Schedule

Standard (Mon-Fri)

Environmental Conditions

Office

Thermo Fisher Scientific is the world leader in serving science, with a mission to enable our customers to make the world healthier, cleaner, and safer. Within Thermo Fisher, the Material and Structural Analysis Division (MSD) develops and manufactures high-tech analytical instruments that support groundbreaking discoveries in materials science, life sciences, and semiconductor industries. At our Eindhoven site, we design and build advanced systems in a high-tech manufacturing environment.

The Services Security Architect is responsible for defining and driving the security architecture strategy for our services. This role establishes security standards, governance processes, and secure-by-design practices that become embedded in our way of working. As the security architecture authority, you will guide teams to deliver scalable, compliant, and resilient services while enabling innovation.

Security Strategy & Roadmap - Lead the strategy and roadmap on:

  • Define and maintain the security architecture vision and multi-year roadmap.
  • Translate business objectives, risk posture, and regulatory obligations (EO 14028, CRA) into actionable security architecture initiatives.
  • Embed secure-by-design, Zero Trust, and software supply chain security principles into business and product strategies.
  • Align the security roadmap with digital transformation, cloud adoption, product innovation, and service modernization initiatives.
  • Anticipate emerging threats and regulatory shifts to proactively evolve the security architecture.

Security Standards & Regulatory Alignment - Ensure standards and regulatory alignment on:

  • Define, publish, and maintain security standards, architectural patterns, and design principles.
  • Govern adoption of frameworks and regulatory standards, including US Executive Order 14028 (Improving the Nation's Cybersecurity, SBOM, logging, supply chain security), EU Cyber Resilience Act (secure product development, vulnerability management, incident reporting), ISO 27001 / 27002, CIS Controls and Zero Trust architecture principles, NIST CSF, NIST SP 800-53, NIST SSDF (800-218).
  • Develop and maintain reference architectures across cloud environments, network and infrastructure, Identity & Access Management, application security and DevSecOps, software supply chain and SBOM integration, data protection and encryption, and digital services and connected product ecosystems.

Secure Design within the V-Model Lifecycle - Ensure security is systematically integrated across all phases of the V-Model:

  • Define security requirements aligned to regulatory and architectural standards.
  • Perform security architecture design and system decomposition.
  • Conduct threat modeling and risk analysis during system and subsystem design.
  • Define security verification criteria aligned to requirements.
  • Align verification activities to documented security requirements.
  • Define security testing strategies (penetration testing, unit, integration, system, acceptance levels).
  • Validate implementation against architectural standards and regulatory controls.
  • Ensure full traceability from requirement to validation evidence.
  • Establish security architecture and review gates within the lifecycle.
  • Ensure requirement traceability supports regulatory audits and certification efforts.

Service Innovation & Secure-by-Design Enablement:

  • Enable secure service innovation by embedding security into the early ideation and service design phases.
  • Partner with product management, digital innovation teams, and service engineering to design secure digital services, platforms, and connected solutions.
  • Define secure architectural patterns for API ecosystems, data-driven services, cloud-native services, SaaS/PaaS integrations, connected devices and IoT environments (where applicable), and AI related functionality.
  • Ensure security is a business enabler rather than a blocker, balancing risk mitigation with speed of innovation.
  • Evaluate new technologies and service models (e.g., AI/ML services, digital platforms, remote service capabilities) from a security architecture perspective.
  • Support secure monetization models through identity, trust, and data protection mechanisms.
  • Drive reusable secure service blueprints to accelerate compliant innovation.

Security Architecture Leadership & Enablement:

  • Provide architectural leadership across security, engineering, infrastructure, digital and product teams.
  • Provide technical leadership and guidance to architects and engineers.
  • Establish and lead security architecture review and governance processes.
  • Drive a culture of security-by-design and engineering accountability.
  • Drive adoption of AI-enabled capabilities that improve engineering effectiveness, automation, and security maturity.
  • Influence executive stakeholders on strategic security investments and risk posture.
  • Act as the primary authority for architectural security decisions and exceptions.
  • This role does not include direct personnel management responsibilities.

Governance, Risk & Compliance Integration:

  • Define governance processes for architectural decisions and exceptions.
  • Ensure architecture supports auditability and regulatory reporting (CRA, EO 14028).
  • Oversee SBOM strategy and integration into CI/CD pipelines.
  • Establish metrics and KPIs to measure architecture maturity and regulatory alignment.
  • Support internal and external audits with clear documentation and traceability.

Security Tooling & Capability Ownership:

  • Define and govern the security tooling strategy aligned with architectural standards.
  • Evaluate, select, and rationalize tools supporting SBOM management, vulnerability management, Software Composition Analysis (SCA), SIEM and centralized logging, CSPM / cloud controls, and DevSecOps automation.
  • Ensure integration, automation, and lifecycle management across the security stack which includes the use of AI capabilities.
  • Prevent tool sprawl and ensure cost-effective capability management.

Requirements:

Required Qualifications:

  • Master's degree in information security, Computer Science, Engineering, or related field.
  • 8–12+ years of cybersecurity experience, including architecture leadership roles.
  • Demonstrated experience designing security architectures within a V-Model or regulated SDLC, aligning architecture to EO 14028 and CRA, supporting secure digital service or product innovation, and driving architectural direction across engineering and architecture teams.
  • Deep understanding of secure software development, supply chain security, and Zero Trust.
  • Strong process-, and compliance-oriented thinking, digital and technical savvy.
  • Strategic mindset with strong interest in AI-enabled engineering and security capabilities.
  • Passion for secure architecture, engineering excellence, and scalable service development.
  • Experience working in complex, regulated enterprise environments.

Preferred Certifications:

  • CISSP, CISM, CCSP, SABSA, TOGAF
  • Cloud security certifications (AWS/Azure/GCP)
  • Certifications aligned with NIST or ISO frameworks
  • Proven equivalence to these certifications via on-the-job learning

Key Competencies:

  • Strategic and innovative mindset
  • Strong architectural governance discipline
  • Leadership and influencing capability
  • Secure system engineering expertise
  • AI first mindset
  • Regulatory and risk awareness
  • Ability to balance innovation with control
  • Excellent stakeholder engagement and communication skills

Success Measures:

  • Security architecture embedded across the V-Model lifecycle
  • Demonstrable alignment with EO 14028 and CRA requirements
  • Secure service innovation accelerated without increasing risk exposure
  • Clear traceability from requirements to validation evidence
  • Rationalized and scalable security ecosystem including automation
  • Increased security maturity and capability development across engineering and digital teams in the service organization

What We Offer

At Thermo Fisher Scientific, you will find meaningful work that makes a difference. We provide opportunities for professional growth, a collaborative environment, and the chance to contribute to innovative, high-tech solutions that impact the world.

Apply now: http://jobs.thermofisher.com

Thermo Fisher Scientific does not discriminate based on race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or any other legally protected status.

Thermo Fisher Scientific

About Thermo Fisher Scientific

About Thermo Fisher Scientific

Thermo Fisher Scientific Inc. is the world leader in serving science, with annual revenue of approximately $40 billion. Our Mission is to enable our customers to make the world healthier, cleaner and safer. Whether our customers are accelerating life sciences research, solving complex analytical challenges, increasing productivity in their laboratories, improving patient health through diagnostics or the development and manufacture of life-changing therapies, we are here to support them. Our global team delivers an unrivaled combination of innovative technologies, purchasing convenience and pharmaceutical services through our industry-leading brands, including Thermo Scientific, Applied Biosystems, Invitrogen, Fisher Scientific, Unity Lab Services, Patheon and PPD.

For more information, please visit www.thermofisher.com.

Industry
Biotech & Life Sciences
Company Size
10,000+ employees
Headquarters
Waltham, MA
Year Founded
Unknown
Website
thermofisher.com
Social Media