Staff Engineer, Software
thermofisher
Job Description
-
Design, implement, and maintain secure CI/CD pipelines using Jenkins and GitLab, ensuring integration of security controls throughout the software delivery lifecycle
-
Implement and manage automated SBOM generation (CycloneDX, SPDX) within CI/CD pipelines, ensuring accuracy and completeness of metadata
-
Integrate SBOM data with vulnerability management platforms (e.g., Dependency-Track) to enable continuous monitoring of third-party risks
-
Support compliance with cybersecurity regulations and standards (including Executive Order 14028), translating requirements into enforceable technical controls and preparation for EU CRA.
-
Implement and manage vulnerability tracking and remediation workflows using tools such as DefectDojo
-
Establish and enforce software supply chain security practices, including governance of third-party and open-source components
-
Manage and maintain artifact repositories, ensuring proper classification of internal vs. external packages and secure usage of package sources (NuGet, Conan, Sky)
-
Implement and enforce software license compliance, including automated license scanning and validation using SPDX identifiers
-
Design and maintain secure, isolated, or controlled build environments to ensure integrity of the software build process
-
Integrate static code analysis and security scanning tools (e.g.,SonarQube, TICS and CodeQL) into CI/CD pipelines
-
Develop and maintain automation scripts (Python, PowerShell) to support security processes and pipeline efficiency
-
Secure containerized environments (Docker, Kubernetes), including image hardening, access control (RBAC), and vulnerability scanning
-
Collaborate with infrastructure teams to ensure VMware environments are hardened and aligned with security best practices
-
Apply Secure Software Development Lifecycle (SSDLC) practices across development teams, embedding security early in the process
-
Define, implement, and enforce security policies, standards, and compliance controls across development and DevOps workflows
-
Collaborate closely with development, QA, and DevOps teams to remediate vulnerabilities and improve secure coding practices
-
Support audit and compliance activities by maintaining documentation, traceability, and evidence in tools such as Confluence
-
Proven experience in supporting teams performing OWASP threat modeling
-
Participate in Agile processes using Jira, contributing to sprint planning, backlog refinement, and continuous improvement initiatives
-
Work within Scrum, Kanban, and scaled Agile (ART) environments, collaborating with cross-ART teams to align on shared security practices
-
Perform risk assessments and proactively identify security gaps, proposing and implementing mitigation strategies
-
Continuously improve DevSecOps tooling, processes, and practices to enhance security posture without impacting delivery speed
Requirements:
The ideal candidate combines strong DevOps expertise with deep knowledge of application security,
software supply chain security, and regulatory compliance, and thrives in complex, highly regulated environments.
-
University degree in Computer Science, Cybersecurity, Software Engineering, or a related technical discipline
-
8+ years of Strong experience designing, implementing, and maintaining secure CI/CD pipelines using Jenkins and GitLab
-
Mandatory hands-on experience implementing Software Bill of Materials (SBOM) generation within CI/CD pipelines (CycloneDX, SPDX formats), including metadata collection and validation
-
Experience integrating SBOMs with vulnerability management platforms such as Dependency-Track or equivalent tools
-
H