Nanobiosym in Cambridge, Massachusetts is seeking an onsite Senior IT and Cybersecurity Architect to design, build, and upgrade end-to-end IT infrastructure. The role encompasses secure networks, virtualization, cloud security, and endpoint management, with close collaboration to align technology with strategic business goals.
Job Summary
Nanobiosym is an award-winning company at the forefront of nanotechnology, physics, and biomedicine. Based in Cambridge, MA and founded by an MIT/Harvard alumnus, we develop next-generation healthcare tech solutions. The Senior IT & Cybersecurity Architect will build out and upgrade end-to-end IT infrastructure, ranging from secure networks and virtualized environments to cloud security and endpoint management. This is an on-site, hands-on role requiring the ability to design, implement, and proactively manage a highly secure, high-performance IT environment while working with executive leadership to translate technology into business outcomes.
Responsibilities
- Design, implement, and manage secure, scalable networks including LAN/WAN, VLANs, VPNs, and SD-WAN with robust segmentation.
- Deploy and maintain virtualization platforms (VMware, Citrix) and container ecosystems (Docker, Kubernetes).
- Architect and administer Zero Trust frameworks and secure endpoint access using thin or zero client approaches.
- Configure and oversee firewalls, access controls, and monitoring to ensure continuous security and availability.
- Lead user and VM provisioning, device management, and endpoint protection across Windows and Linux.
- Implement and manage AWS cloud security, including IAM, VPCs, S3, and centralized logging.
- Perform regular risk assessments, propose security improvements, and lead incident response when required.
- Develop documentation such as network diagrams, SOPs, and access policies; ensure compliance with standards like NIST and ISO 27001.
- Collaborate with leadership to define IT and security roadmaps, prioritize initiatives, and communicate risks and tradeoffs.
- Evaluate and onboard vendors, tools, and services aligned with infrastructure needs.
Requirements
- PhD or Master’s degree in Computer Science, Information Security, Engineering, or a related field.
- Seven or more years of hands-on experience in IT infrastructure, cybersecurity architecture, and systems engineering.
- Proven experience designing and managing virtualization environments (VMware, Citrix) and containerized systems (Docker, Kubernetes).
- Solid understanding of networking (TCP/IP, DNS, DHCP) with practical experience configuring firewalls, VLANs, VPNs, and SD-WAN.
- Hands-on expertise in implementing Zero Trust architecture, zero/thin client infrastructure, and securing air-gapped or segmented environments.
- Deep experience with user provisioning, identity and access management (IAM), and endpoint control across Windows and Linux.
- Proficiency in securing and operating AWS environments, including VPC design, IAM roles, encryption, and monitoring (CloudWatch, GuardDuty).
- Familiarity with infrastructure automation tools such as PowerShell, Bash, Terraform, or Ansible.
- Experience with SIEM platforms, EDR tools, and log aggregation for detection and response (e.g., Splunk, Logz.io, SentinelOne).
- Strong knowledge of cybersecurity frameworks and standards such as NIST CSF, ISO 27001, HIPAA, and familiarity with FDA-related frameworks (IEC 62304).
- Ability to work autonomously in a high-trust environment, define best practices, and build systems from the ground up.
- Excellent documentation and communication skills, with the ability to present technical decisions and risk tradeoffs to senior leadership.
- DoD compliance and security clearance are preferred.
Technologies
- VMware
- Citrix
- Docker
- Kubernetes
- AWS
- S3
- CloudWatch
- GuardDuty
- Splunk
- Logz.io
- SentinelOne
- PowerShell
- Bash
- Terraform
- Ansible
- Python
- VPN
- SD-WAN
- VPC
- Firewall
- Windows
- Linux
- IAM
Location
Cambridge, Massachusetts, United States (onsite)
Compensation
USD 110,000 per year
