What You Will Be A Part Of:
The Product Security Researcher/Tester has global responsibility for the security associated with the company’s Product Security program. He/she will own the overarching research, testing and validation of a product platforms, education, and integration of solutions with the overarching CIS program, including policy, security awareness & education, application and vulnerability assessments, technological security controls, and threat modeling. The solutioning activities must support relevant Thermo Fisher products (such as consumables, instruments, devices, equipment, and other electronic and/or connected devices, sometimes referred to as Internet of Things (IoT)).
What You Will Do:
- Work closely with key product development leaders to ensure security is incorporated in all customer-facing product offerings.
- Support efforts to inject security into all levels of the product development process.
- Work directly with product development stakeholders to maintain and improve product and application security processes.
- Contribute to maturing process, policy, and standards guidance.
- Work with business units to identify, capture, escalate, and close security vulnerabilities found in Thermo Fisher products and platforms; Leverage tools to deliver vulnerability information back to the development organization for remediation.
- Coordinate, participate, in threat modeling for products.
- Perform testing activities on products to determine vulnerabilities, validate remediation, and reduce overall risk profiles, and document results.
- Document components and create Bills of Material for projects.
- Proactively ensure that applicable regulatory mandates are addressed with mitigating or compensating controls.
- Participate in design reviews, peer reviews, and code reviews.
- Ensure excellent consistency, documentation, and process across all programs.
- Coordinate with security risk assessments for new and existing products through the risk assessment team.
- Collaborate with other departments (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution.
- Contribute to creation of product whitepapers throughout the product lifecycle.
- Creation of security bulletins to address new or changing threats to new and existing products.
- Support Sr Engineers and Architects in performing platform and framework activities that support secure methods and processes.
- Map regulatory compliance mandates to secure configurations and processes.
How You Will Get Here:
- Strong knowledge of smart and connected IoT, device research methods, variables and parameters including analysis, testing and documentation.
- Strong understanding of cryptography, authentication, authorization, network security protocols, and application security
- Strong understanding of how to connect new and changing threats to IoT portfolio to create mitigating or compensating activties
- Exposure to popular application security standards including OWASP TOP 10, CSC 20 etc.
- Bachelor’s Degree in Information Assurance, Information Security, Management Information Systems, Risk Management, or Computer Science or equivalent field experience
- Relevant technical certificates a plus
- 3 years of related work experience with penetration testing, product security, secure software development, risk assessment, or vulnerability management
- Strong interpersonal and documentation skills are a must
- Ability to explain and champion technical concepts
- Strong attention to detail, organizational skills
- Excellent customer service skills required
- Strong analytical and product management skills required
- Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts
- The ideal candidate will have hands on experience in one or more of the following areas: Hardware System Integration, Signal and Power Integrity, RF Systems, Wi-Fi, Bluetooth, Wireless Communications, TCP/IP
If you are an individual with a disability who requires reasonable accommodation to complete any part of our application process, click here for further assistance.
Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.