Standard (Mon\-Fri)**Environmental Conditions**
Office**Job Description**
When you join us at Thermo Fisher Scientific, you’ll become a member of a hard\-working, motivated team that aligns with your enthusiasm for exploration and discovery. With revenues exceeding $40 billion and the largest investment in R\&D in the industry, we provide our people with resources and opportunities to make significant contributions to the world.
- *How will you make an impact?**
Customer expectations in **microscopy** are evolving rapidly driving the need to modernize the Microscope IT landscape across **compute performance, communication, peripheral integration, and software tooling**, while also strengthening core requirements such as **cybersecurity, software deployment, and secure remote access/operation**.
As a **Technical Lead (10–15 years)**, you will own delivery of IT and cybersecurity capabilities for IT\-managed endpoint platforms by defining **secure OS baselines**, governing **OS lifecycle and patch readiness**, and ensuring reliable operation within **enterprise networking** and remote operating models. You will translate security requirements into implementable controls, maintain **cybersecurity plans and reusable scripts per release**, and drive cross\-functional execution with Security, Infrastructure, suppliers, and support teams—emphasizing **automation\-first implementation**, **resilience (backup/restore)**, and strong **documentation/traceability**.
- Define and maintain secure OS baselines (Windows and Linux) and configuration standards; validate compliance and manage justified exceptions.
- Own OS lifecycle and patch readiness requirements, ensuring vendor support alignment and release documentation is accurate.
- Create, execute, and maintain cybersecurity plans and reusable scripts to support each new software/OS release.
- Investigate new security requirements and map them to platform components; implement changes and coordinate cross\-repo deliveries.
- Establish standards for endpoint integration with networking dependencies (segmentation, DNS/DHCP, firewall/switching/routing patterns).
- Experience with virtualization and/or containerization.
- Own remote operating enablement (e.g., KVM/hand panels), including secure access patterns and operational playbooks.
- Define and validate backup/restore and recovery workflows; ensure procedures are tested, documented, and supportable.
- Develop and maintain PowerShell automation, validation checks, and auditable reporting to reduce manual effort and improve consistency.
- Strong OS baseline/hardening experience, including evidence generation and exception governance (e.g., benchmark alignment).
- Advanced PowerShell automation (modular scripting, robust error handling, safe execution patterns).
- Strong Windows and Linux fundamentals for endpoint environments (configuration, troubleshooting, lifecycle awareness).
- Ability to produce and execute cybersecurity test plans/scripts and integrate them into release readiness workflows.
- Strong troubleshooting skills, ownership mindset, and effective cross\-functional communication.
- Experience with (implementing) Agile way of working is preferable.
- *Preferred Qualifications**
- 10–15 years of experience in endpoint/platform engineering, infrastructure security, OS deployment/hardening, or enterprise automation roles.
- BTech degree in Computer Science, Electronics, or a related technical field (or equivalent practical experience).
- Experience operating in regulated or security\-focused environments require auditability and traceability