T

Staff Engineer, Software

Thermo Fisher · Hyderabad, India

~₹45L (est.)10–20 yrs experiencePosted 1w ago
Apply now →

Job description

Work Schedule First Shift (Days) Environmental Conditions Office Job Description Thermo Fisher Scientific Inc. (NYSE: TMO) is the world leader in serving science, with revenues of more than $20 billion and approximately 65,000 employees globally. Our mission is to enable our customers to make the world healthier, cleaner and safer. We help our customers accelerate life sciences research, solve complex analytical challenges, improve patient diagnostics, deliver medicines to market and increase laboratory productivity. Through our premier brands – Thermo Scientific, Applied Biosystems, Invitrogen, Fisher Scientific and Unity Lab Services – we offer an unmatched combination of innovative technologies, purchasing convenience and comprehensive services    The Position  We are seeking a DevSecOps Engineer to integrate security practices into our DevOps processes, ensuring that applications and infrastructure are secure by design. This role focuses on embedding security controls across the CI/CD pipeline, enabling secure software delivery while maintaining development velocity.  You will work closely with development, QA, DevOps, and security teams to identify risks, implement automated security checks, and enforce best practices across the software development lifecycle. The role requires a proactive mindset to continuously improve security posture in complex, distributed environments      Key responsibilities include, but are not exclusively:  • Design, implement, and maintain secure CI/CD pipelines using Jenkins and GitLab, ensuring integration of security controls throughout the software delivery lifecycle  • Implement and manage automated SBOM generation (CycloneDX, SPDX) within CI/CD pipelines, ensuring accuracy and completeness of metadata  • Integrate SBOM data with vulnerability management platforms (e.g., Dependency-Track) to enable continuous monitoring of third-party risks  • Support compliance with cybersecurity regulations and standards (including Executive Order 14028), translating requirements into enforceable technical controls and preparation for EU CRA.  • Implement and manage vulnerability tracking and remediation workflows using tools such as DefectDojo  • Establish and enforce software supply chain security practices, including governance of third-party and open-source components  • Manage and maintain artifact repositories, ensuring proper classification of internal vs. external packages and secure usage of package sources (NuGet, Conan, Sky)  • Implement and enforce software license compliance, including automated license scanning and validation using SPDX identifiers  • Design and maintain secure, isolated, or controlled build environments to ensure integrity of the software build process  • Integrate static code analysis and security scanning tools (e.g.,SonarQube, TICS and CodeQL) into CI/CD pipelines  • Develop and maintain automation scripts (Python, PowerShell) to support security processes and pipeline efficiency  • Secure containerized environments (Docker, Kubernetes), including image hardening, access control (RBAC), and vulnerability scanning  • Collaborate with infrastructure teams to ensure VMware environments are hardened and aligned with security best practices  • Apply Secure Software Development Lifecycle (SSDLC) practices across development teams, embedding security early in the process  • Define, implement, and enforce security pol