Staff Engineer – Microscope IT Infrastructure

Work Schedule

Environmental Conditions

Job Description

When you join us at Thermo Fisher Scientific, you’ll become a member of a hard-working, motivated team that aligns with your enthusiasm for exploration and discovery. With revenues exceeding $40 billion and the largest investment in R&D in the industry, we provide our people with resources and opportunities to make significant contributions to the world.

How will you make an impact?

Customer expectations in microscopy are evolving rapidly driving the need to modernize the Microscope IT landscape across compute performance, communication, peripheral integration, and software tooling, while also strengthening core requirements such as cybersecurity, software deployment, and secure remote access/operation.

As a Technical Lead (10–15 years), you will own delivery of IT and cybersecurity capabilities for IT-managed endpoint platforms by defining secure OS baselines, governing OS lifecycle and patch readiness, and ensuring reliable operation within enterprise networking and remote operating models. You will translate security requirements into implementable controls, maintain cybersecurity plans and reusable scripts per release, and drive cross-functional execution with Security, Infrastructure, suppliers, and support teams—emphasizing automation-first implementation, resilience (backup/restore), and strong documentation/traceability.

What will you do?

• Define and maintain secure OS baselines (Windows and Linux) and configuration standards; validate compliance and manage justified exceptions.
• Own OS lifecycle and patch readiness requirements, ensuring vendor support alignment and release documentation is accurate.
• Create, execute, and maintain cybersecurity plans and reusable scripts to support each new software/OS release.
• Investigate new security requirements and map them to platform components; implement changes and coordinate cross-repo deliveries.
• Establish standards for endpoint integration with networking dependencies (segmentation, DNS/DHCP, firewall/switching/routing patterns).
• Experience with virtualization and/or containerization.
• Own remote operating enablement (e.g., KVM/hand panels), including secure access patterns and operational playbooks.
• Define and validate backup/restore and recovery workflows; ensure procedures are tested, documented, and supportable.
• Develop and maintain PowerShell automation, validation checks, and auditable reporting to reduce manual effort and improve consistency.

Desired Skills

• Strong OS baseline/hardening experience, including evidence generation and exception governance (e.g., benchmark alignment).
• Advanced PowerShell automation (modular scripting, robust error handling, safe execution patterns).
• Strong Windows and Linux fundamentals for endpoint environments (configuration, troubleshooting, lifecycle awareness).
• Ability to produce and execute cybersecurity test plans/scripts and integrate them into release readiness workflows.
• Strong troubleshooting skills, ownership mindset, and effective cross-functional communication.
• Experience with (implementing) Agile way of working is preferable.

Preferred Qualifications

• 10–15 years of experience in endpoint/platform engineering, infrastructure security, OS deployment/hardening, or enterprise automation roles.
• BTech degree in Computer Science, Electronics, or a related technical field (or equivalent practical experience).
• Experience operating in regulated or security-focused environments require auditability and traceability.