Job summary
BostonGene is seeking a highly experienced and strategic Senior Security Architect to lead the design, implementation, and evolution of enterprise cybersecurity architecture across cloud platforms, research systems, biomedical applications, and corporate infrastructure within a rapidly growing biotechnology environment.
This role is responsible for establishing and maintaining secure architecture standards across software development, cloud infrastructure, data platforms, laboratory systems, enterprise applications, and operational technology environments. The Senior Security Architect will work closely with executive leadership, engineering, DevOps, infrastructure, compliance, legal, research, and product teams to ensure security is embedded into all technology initiatives while enabling innovation, scientific collaboration, and regulatory compliance.
The ideal candidate possesses deep expertise in cybersecurity architecture, cloud security, secure SDLC, DevSecOps, risk management, and enterprise-scale security governance, with the ability to communicate effectively across both technical and non-technical stakeholders.
Please note that the role requires relocation to Armenia (relocation support provided).
Responsibilities:
Enterprise Security Architecture
- Design and maintain enterprise-wide cybersecurity architecture strategies aligned with organizational objectives and industry best practices.
- Develop secure architecture standards for:Cloud platforms; Enterprise applications; APIs and microservices; Research and laboratory systems; Data analytics and AI/ML environments; Identity and access management (IAM), Conditional access policies, UAR, enforce least privilege; Infrastructure and network security.
- Lead architecture reviews for new technologies, platforms, and strategic initiatives.
- Define reference architectures and security patterns for scalable and resilient systems.
Cloud Security & DevSecOps
- Lead security architecture initiatives across: AWS; Microsoft Azure; Google Cloud Platform (GCP).
- Partner with engineering and DevOps teams to integrate security into CI/CD pipelines and Infrastructure as Code (IaC) workflows.
- Guide implementation of: Zero Trust principles; Container and Kubernetes security; Secrets management; Workload protection; Encryption and key management; Cloud-native monitoring and logging.
- Support secure migration and modernization initiatives.
Security Governance, Risk & Compliance
- Ensure architecture and security controls align with applicable frameworks and regulations, including: NIST Cybersecurity Framework (CSF), NIST SP 800-171, ISO 27001, SOC 2, HIPAA/HITECH, GDPR and international privacy regulations, OWASP ASVS,
- Participate in enterprise risk assessments and audit activities.
- Develop and maintain security standards, policies, technical baselines, and architectural documentation.
Biotech & Research Data Protection
- Support protection of Genomic data; Biomedical research platforms; Clinical and laboratory systems; Scientific intellectual property; Sensitive patient and operational data.
- Collaborate with research and scientific teams to balance security, compliance, and scientific innovation.
- Advise on secure handling of regulated and sensitive healthcare or research information.
Leadership & Collaboration
- Serve as a trusted advisor to executive leadership, engineering teams, and business stakeholders.
- Mentor security engineers and architects across the organization.
- Support strategic cybersecurity planning and long-term roadmap development.
- Lead cross-functional initiatives involving infrastructure, applications, cloud, compliance, and third-party vendors.
- Present technical and strategic security recommendations to leadership and governance committees.
Qualifications:
- Bachelor’s degree in Cybersecurity, Computer Science, Information Technology, Engineering, or related field, or equivalent professional experience.
- Significant professional and minimum 5 years of experience in Security Architecture; Cloud Security; Enterprise Cybersecurity; DevSecOps; Application Security; Infrastructure Security.
- Strong knowledge of and experience in: Zero Trust Architecture (SASE, endpoint protection), IAM and privileged access management (JumpCloud – Identity & Access Management platform), Single sign-on (SSO) and Multi-factor authentication (MFA), Network segmentation, Secure SDLC, Threat modeling, Security frameworks and regulatory standards.
- Experience designing and securing: Cloud-native applications, APIs and microservices, Containerized platforms, Enterprise infrastructure.
- Experience with enterprise security technologies and platforms.
- Fluent Russian and English proficiency at B1/B2 level or higher (written and spoken).
Preferred Qualifications
- Experience within biotechnology, healthcare, pharmaceutical, genomics, or life sciences industries.
- Experience protecting highly sensitive research and biomedical data.
- Familiarity with Kubernetes; Docker; Terraform; CI/CD pipelines; SIEM/SOAR platforms; SentinelOne / Endpoint Detection & Response (EDR/XDR).
- Relevant certifications such as: CISSP, CCSP, SABSA, TOGAF, CSSLP, AWS/Azure/GCP Security Certifications, GIAC certifications
We offer:
- Full-time position with a permanent contract and flexible working hours, with hybrid work options.
- Competitive salary and comprehensive healthcare insurance.
- Convenient office location in Yerevan (1-minute walk from the metro) with on-site snacks.
- Relocation package for candidates and their immediate family members, including full documentation and bureaucracy support (bank accounts, residence permits, school contacts, etc.).
- Corporate benefits, including English language lessons and gym membership.
- Dynamic and versatile professional environment with a diverse team of bioinformaticians, biologists, physicians, and software developers committed to improving oncological healthcare.
- Careful, structured, and responsible supervision to support professional growth.