Life Science Jobs in India - Find Pharma, Biotech, Clinical Research & Medical Jobs
Thermo Fisher Scientific logo

Staff Engineer, Software

Hyderabad, TG 8+ year

Job Description

Work Schedule

First Shift (Days)

Environmental Conditions

Office

Job Description

ThermoFisher Scientific Inc. (NYSE: TMO) is the world leader in serving science, withrevenues of more than$20 billionand approximately 65,000 employees globally. Our mission is to enable our customers to make the world healthier,cleanerand safer. We help our customers accelerate life sciences research, solve complex analytical challenges, improve patient diagnostics, deliver medicines tomarketand increase laboratory productivity. Through our premier brands –ThermoScientific, Applied Biosystems, Invitrogen, FisherScientificand Unity Lab Services – we offer an unmatched combination of innovative technologies,purchasingconvenience and comprehensive services

The Position

We are seeking aDevSecOpsEngineer to integrate security practices into our DevOps processes, ensuring that applications and infrastructure are secure by design. This role focuses on embedding security controls across the CI/CD pipeline, enabling secure software delivery whilemaintainingdevelopment velocity.

You will work closely with development, QA, DevOps, and security teams toidentifyrisks, implement automated security checks, and enforce best practices across the software development lifecycle. The role requires a proactive mindset to continuously improve security posture in complex, distributed environments

Key responsibilitiesinclude, but are not exclusively:

  • Design, implement, and maintain secure CI/CD pipelines using Jenkins and GitLab, ensuring integration of security controls throughout the software delivery lifecycle

  • Implement and manage automated SBOM generation (CycloneDX, SPDX) within CI/CD pipelines, ensuring accuracy and completeness of metadata

  • Integrate SBOM data with vulnerability management platforms (e.g., Dependency-Track) to enable continuous monitoring of third-party risks

  • Support compliance with cybersecurity regulations and standards (including Executive Order 14028), translating requirements into enforceable technical controlsandpreparation for EU CRA.

  • Implement and manage vulnerability tracking and remediation workflows using tools such asDefectDojo

  • Establish and enforce software supply chain security practices, including governance of third-party and open-source components

  • Manage andmaintainartifact repositories, ensuring proper classification of internal vs. external packages and secure usage of package sources (NuGet, Conan, Sky)

  • Implement and enforce software license compliance, including automated license scanning and validation using SPDX identifiers

  • Design andmaintainsecure, isolated, or controlled build environments to ensure integrity of the software build process

  • Integrate static code analysis and security scanning tools (e.g.,SonarQube, TICSandCodeQL) into CI/CD pipelines

  • Develop andmaintainautomation scripts (Python, PowerShell) to support security processes and pipeline efficiency

  • Secure containerized environments (Docker, Kubernetes), including image hardening, access control (RBAC), and vulnerability scanning

  • Collaborate with infrastructure teams to ensure VMware environments are hardened and aligned with security best practices

  • Apply Secure Software Development Lifecycle (SSDLC) practices across development teams, embedding security early in the process

  • Define, implement, and enforce security policies, standards, and compliance controls across development and DevOps workflows

  • Collaborate closely with development, QA, and DevOps teams to remediate vulnerabilities and improve secure coding practices

  • Support audit and compliance activities bymaintainingdocumentation, traceability, and evidence in tools such as Confluence

  • Proven experience in supporting teams performing OWASP threat modeling

  • Participate in Agile processes using Jira, contributing to sprint planning, backlog refinement, and continuous improvement initiatives

  • Work within Scrum, Kanban, and scaled Agile (ART) environments, collaborating with cross-ART teams to align on shared security practices

  • Perform risk assessments and proactivelyidentifysecurity gaps, proposing and implementing mitigation strategies

  • Continuously improveDevSecOpstooling, processes, and practices to enhance security posture withoutimpactingdelivery speed

Requirements:

The ideal candidate combines strong DevOpsexpertisewith deep knowledge of application security,

softwaresupply chainsecurity, andregulatory compliance, and thrives in complex, highly regulated environments.

  • University degree in Computer Science, Cybersecurity, Software Engineering, or a related technical discipline

  • 8+ years ofStrong experience designing, implementing, and maintaining secure CI/CD pipelines using Jenkins and GitLab

  • Mandatory hands-on experience implementing Software Bill of Materials (SBOM) generation within CI/CD pipelines (CycloneDX, SPDX formats), including metadata collection and validation

  • Experience integrating SBOMs with vulnerability management platforms such as Dependency-Track or equivalent tools

  • Hands-on experience with vulnerability management and tracking tools (e.g.,DefectDojoor similar), including remediation workflows

  • Strong understanding of software supply chain security, including governance of third-party and open-source components

  • Experience managing artifact repositories and package ecosystems, including NuGet, Conan, and internal repositories (e.g., Sky), with clear understanding of internal vs. external package classification

  • Strong knowledge of software license management, SPDX license identifiers, and automated license compliance enforcement

  • Experience integrating static code analysis and security scanning tools (e.g., SonarQube, TICS,CodeQL) into CI/CD pipelines

  • Hands-on experience designing andmaintainingsecure, isolated, or controlled build environments

  • Strong scripting and automation skills using Python and/or PowerShell

  • Experience securing containerized environments using Docker and Kubernetes, including image hardening, RBAC, and vulnerability scanning

  • Strong understanding of VMware infrastructure security and system hardening best practices

  • Solid understanding and practical application of Secure Software Development Lifecycle (SSDLC) principles

  • Experience defining, implementing, and enforcing security policies, standards, and compliance controls across development and DevOps processes

  • Experience supporting compliance with cybersecurity regulations and standards (e.g., Executive Order 14028, EU Cyber Resilience Act) and translating them into technical implementations

  • Familiarity with OWASP practices, including supporting or contributing to threat modeling activities

  • Experience working in audit-driven and regulated environments, with ability to produce documentation, traceability, and compliance evidence (e.g., via Confluence)

  • Experience working in Agile environments using Jira, including Scrum, Kanban, and scaled Agile frameworks (ART)

  • Strong analytical, risk assessment, and problem-solving skills, with the ability toidentifyvulnerabilities and propose effective mitigation strategies

  • Proven ability to collaborate effectively with development, QA, DevOps, and infrastructure teams to drive secure development practices

  • Strong communicationskills, with the ability to translate security and regulatory requirements into actionable technical solutions

  • Fluent in English (B2 level or higher)