Work Schedule

First Shift (Days)

Environmental Conditions

Office

Job Description

About the Role

This position is with Thermo Fisher Scientific, an inclusive employer and a member of myGwork -- the largest global platform for the LGBTQ+ business community.

At Thermo Fisher Scientific, you'll lead groundbreaking changes in our certificate management and credential hardening approaches worldwide, impacting over 100,000 colleagues.

Position Overview

In the role of Credential Hardening & Certificate Management Engineer, you will act as the primary SME and program leader for enterprise-wide secrets hardening and certificate lifecycle management initiatives. Operating with significant independence, you will function as an internal transformation consultant, identifying strategic points to enforce standard processes and promote cultural change around credential security. This position complements PAM initiatives and requires the capability to engineer tool-agnostic solutions in a dynamic technology landscape.

Key Responsibilities

Strategic Program Leadership

Lead credential hardening transformation initiatives across the organization, identifying and eliminating legacy practices that compromise security postureDrive initiatives with the enterprise certificate lifecycle management program, establishing strategy, roadmaps, and success metrics aligned with quantum computing threats and industry trendsAct as the main subject matter expert for standard methodologies in managing secrets, automating certificate lifecycles, and securing credentials.Develop strategic leverage points to drive organizational change and overcome resistance to security improvementsEngineer tool-agnostic flows that can adapt to changing technology landscapes and vendor transitions

Transformation & Program Management

Function as an internal turnaround consultant for credential security practices, identifying systemic issues and crafting comprehensive remediation strategiesChallenge existing paradigms and "that's the way we do things" mentalities through data-driven analysis and strategic influenceDevelop and implement strategies to increase adoption of standard methodologies across various business unitsComplete and deliver credential hardening and certificate management investmentsDesign and implement cultural transformation initiatives that embed security-first thinking into operational processes

Engineering & Automation

Implement automated certificate rotation systems to address shrinking certificate lifecycles driven by quantum computing threats, including migration to quantum-resistant algorithmsEngineer scalable certificate management efforts that integrate with existing infrastructure while maintaining vendor agnostic flexibility and with preference on agility for post-quantum transitionsDevelop comprehensive secrets management frameworks that enforce least privilege, rotation, and audit requirements to strengthen credential workflowsDevelop advanced monitoring and alerting systems for certificate expiration, rotation failures, compliance deviations, and quantum readiness assessmentsDesign integration strategies between certificate management, PAM initiatives, and broader security infrastructure with quantum threat in mind

Cross-Functional Leadership & Influence

Lead cross-functional efforts in implementing credential and certificate security improvements by seeing the work and helping the organization achieve clarity on where it is to headRepresent certificate management initiatives in enterprise engineering, security governance, and compliance committeesCollaborate with PAM teams to ensure complementary and multi-layered security strategiesFoster agreement among collaborators with competing priorities and establish unified approaches to credential securityMentor and train technical teams on credential management standard methodologies and emerging threats

Secrets Threat Mitigation & Risk Management

Develop and implement quantum readiness assessments for existing certificate and credential infrastructure, identifying vulnerable cryptographic implementationsDevelop transition plans for post-quantum cryptography with migration strategies based on timing and risk prioritizationImplement and drive understanding of frameworks that enable rapid algorithm transitions as quantum threats evolve and new standards emergeDevelop quantum threat intelligence notifications that monitor advances in quantum computing and adjust security postures proactivelyEstablish understanding of hybrid classical-quantum cryptographic systems during transition periods to maintain security while preparing for post-quantum era

Process Innovation & Optimization

Identify and eliminate inefficiencies in current secrets and certificate management processes through root cause analysis and quantum threat impact assessmentDevelop metrics to measure program success, improvements in security posture, organizational maturity, and readiness levels for quantum technologyDesign automated compliance reporting and audit preparation processes that include credential hardening compliance requirementsDevelop repeatable methodologies for certificate lifecycle management that incorporate quantum-safe practices and can scale across global operationsEstablish governance frameworks for certificate and credential policy enforcement with quantum threat considerations coordinated

Technology Platform Management

Maintain deep expertise in common enterprise tooling while preparing for potential platform transitionsEvaluate and recommend new secrets management platforms based on strategic requirementsDesign migration strategies that prioritize urgency of need, so our security posture does not become laxDevelop vendor-agnostic and dual implementation approaches that protect against technology and vendor lock-inEnhance integration methodologies to improve existing infrastructure investments

Required Qualifications

Education & Certifications

Bachelor's degree in Cybersecurity, Computer Science, Systems Engineering, or related field (equivalent experience accepted)Advanced certifications required: CISSP, CISM, or CCSP with focus on identity and access management or equivalentCredential management or consulting certifications strongly preferred (e.g. CyberArk Guardian, etc.)Certificate management training preferred: Feisty Duck Practical TLS and PKI or similar

Experience

8+ years of enterprise security experience with focus on identity, access management, or certificate/PKI systems5+ years of program or project leadership experience driving organizational transformation3+ years of hands-on experience with certificate management platforms, PKI infrastructure, and secrets managementDemonstrated experience as a change agent or transformation consultant in security domainsProven track record of challenging status quo and driving process improvements in large organizations

Technical Skills

Expert proficiency in secrets management, credential hardening, privileged access principles, and quantum-safe credential protection mechanismsAdvanced knowledge of PKI, certificate lifecycles, automated rotation technologies, and post-quantum cryptography standards (NIST PQC, hybrid certificates)Strong experience with secrets/certificates management platforms, including quantum readiness assessment capabilitiesDemonstrated ability to engineer tool-agnostic solutions, manage technology transitions, and implement crypto agile frameworksExperience with SaaS secrets and certificate management, DevOps integration, infrastructure automation, and quantum-safe practicesAdvanced knowledge of quantum computing impacts on cryptography, secrets and certificate management strategies, and post-quantum transition planning

Leadership & Consulting Skills

Outstanding influence and persuasion abilities with track record of inspiring change without direct authorityCritical thinking and problem-solving skills to identify key points for organizational transformationStrong consulting and advisory skills with experience challenging existing practices and driving improvementsExcellent communication abilities with capability to present complex technical concepts to executive audiencesProven mentorship and training capabilities with track record of developing technical teamsCultural change leadership with experience overcoming organizational resistance to security improvements

Specialized Proficiencies

Comprehensive understanding of secrets management and specific mitigation strategies for enterprise environmentsExperience with regulatory compliance requirements (SOX, PCI DSS, HIPAA) related to certificate and credential management, including emerging quantum-safe compliance standardsExpertise in threat modeling and risk assessment methodologies for credential security with quantum threat scenarios and impact analysisProficiency with DevSecOps practices, automated security integration, and quantum-safe CI/CD pipeline securityDeep understanding of zero trust architecture principles, implementation strategies, and quantum-resilient zero trust frameworksKnowledge of post-quantum cryptography algorithms (lattice-based, hash-based, multivariate, isogeny-based) and their practical implementation challenges

What We Offer

Join our world-class organization and lead groundbreaking change in enterprise security. Drive meaningful impact across our global operations while developing brand new solutions for tomorrow's security challenges. We offer competitive compensation, comprehensive benefits, executive development opportunities, and the chance to craft the future of certificate and credential security. Apply today at: http://jobs.thermofisher.com

Thermo Fisher Scientific Inc. is an equal opportunity employer offering reasonable accommodations for applicants with disabilities. We value diversity and inclusion in our workforce. #StartYourStory with us.

Compensation and Benefits

The salary range estimated for this position based in Maryland is $113,500.00–$170,200.00.

This position may also be eligible to receive a variable annual bonus based on company, team, and/or individual performance results in accordance with company policy. We offer a comprehensive Total Rewards package that our U.S. colleagues and their families can count on, which includes:

A choice of national medical and dental plans, and a national vision plan, including health incentive programs

Employee assistance and family support programs, including commuter benefits and tuition reimbursement

At least 120 hours paid time off (PTO), 10 paid holidays annually, paid parental leave (3 weeks for bonding and 8 weeks for caregiver leave), accident and life insurance, and short- and long-term disability in accordance with company policy

Retirement and savings programs, such as our competitive 401(k) U.S. retirement savings plan

Employees’ Stock Purchase Plan (ESPP) offers eligible colleagues the opportunity to purchase company stock at a discount

For more information on our benefits, please visit: https://jobs.thermofisher.com/global/en/total-rewards