- Clinical research jobs
- Penetration Tester
Penetration Tester
Pharmaceutical Product Development (PPD)
Shanghai, Shanghai, China
Job Description
Position Summary:
The Sr Product Security Researcher, Product Security has global responsibility for the security associated with the company’s Product Security program. They will perform research, testing and validation of a product and its associated platforms, and guide integration of solutions within the overarching CIS program. This includes policy, security awareness & education, application and vulnerability assessments, technological security controls and risk evaluation. The solutioning activities must support relevant Thermo Fisher products (such as instruments, devices, equipment, and other electronic and/or connected devices) and infrastructure.
Key Responsibilities:- Work closely with key product development leaders to ensure security is incorporated in all product offerings.
- Support efforts to inject security into all levels of the product development process.
- Drive secure development and integration of security features into all phases of product, firmware and software design and development.
- Lead programs to ensure continuous development and improvement of security integration into the product development lifecycle.
- Partner with architecture and development teams to develop shared security frameworks to enable consistent application of secure coding standard methodologies across the enterprise.
- Build working relationships with product development partners to maintain and improve product and application security processes.
- Assist to maturing process, policy, and standards guidance.
- Educate key partners on program, risks, and importance of security in our products and environment.
- Work with business units to identify, collect, call out, and close security vulnerabilities found in Thermo Fisher products and infrastructure; Leverage tools to deliver vulnerability information back to the development organization for remediation.
- Mentor others in what constitutes secure product activities.
- Perform research activities on existing and in development products and/or infrastructure to resolve security capabilities and discover unknown risks.
- Build testing approaches and perform testing activities on products and/or infrastructure to resolve vulnerabilities, validate remediation, and reduce overall risk profiles.
- Proactively ensure that applicable regulatory mandates are addressed with appropriate controls.
- Coordinate/participate in and perform design reviews, peer reviews, and code reviews.
- Ensure excellent consistency, documentation, and process across all programs.
- Coordinate with security risk assessments for new and existing products through the risk assessment team.
- Collaborate with other departments (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution.
- Creation of product whitepapers throughout the product lifecycle.
- Creation of security bulletins to address new or evolving threats to products and infrastructure.
- Travel up to 25% and on-call/after hours duties may be required.
Minimum Requirements/Qualifications: - Deep knowledge of IoT and digital device research methods, variables and parameters including analysis, testing and documentation.
- Deep understanding of cryptography, authentication, authorization, network security protocols, and application security.
- Strong understanding of how to connect new and changing threats to IoT portfolio to build mitigating or compensating activities.
- Strong exposure to popular application security standards including OWASP TOP 10, CSC 20 etc.
- Bachelor’s Degree in Information Assurance, Information Security, Management Information Systems, Risk Management, or Computer Science (Master’s Degree a plus) or equivalent field experience.
- Relevant technical certificates a plus (OSCP, SANS, GIAC, etc).
- 5+ years of related work experience with security consulting, product security, secure software development, risk assessment, and/or vulnerability management.
- Strong interpersonal and documentation skills are a must.
- Ability to explain and promote technical concepts.
- Strong attention to detail, organizational skills.
- Strong customer service skills required.
- Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts.
- The ideal candidate will have hands on experience in one or more of the following areas: Hardware System Integration, Signal and Power Integrity, RF Systems, Wi-Fi, Bluetooth, Wireless Communications, TCP/IP, Network and Application Penetration Testing.
- Deep knowledge of IoT and digital device research methods, variables and parameters including analysis, testing and documentation.
- Deep understanding of cryptography, authentication, authorization, network security protocols, and application security.
- Strong understanding of how to connect new and changing threats to IoT portfolio to build mitigating or compensating activities.
- Strong exposure to popular application security standards including OWASP TOP 10, CSC 20 etc.
- Bachelor’s Degree in Information Assurance, Information Security, Management Information Systems, Risk Management, or Computer Science (Master’s Degree a plus) or equivalent field experience.
- Relevant technical certificates a plus (OSCP, SANS, GIAC, etc).
- 5+ years of related work experience with security consulting, product security, secure software development, risk assessment, and/or vulnerability management.
- Strong interpersonal and documentation skills are a must.
- Ability to explain and promote technical concepts.
- Strong attention to detail, organizational skills.
- Strong customer service skills required.
- Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts.
- The ideal candidate will have hands on experience in one or more of the following areas: Hardware System Integration, Signal and Power Integrity, RF Systems, Wi-Fi, Bluetooth, Wireless Communications, TCP/IP, Network and Application Penetration Testing.
Job posted: 2024-05-20