Penetration Tester

Job Description

Position Summary:

The Sr Product Security Researcher, Product Security has global responsibility for the security associated with the company’s Product Security program. They will perform research, testing and validation of a product and its associated platforms, and guide integration of solutions within the overarching CIS program. This includes policy, security awareness & education, application and vulnerability assessments, technological security controls and risk evaluation. The solutioning activities must support relevant Thermo Fisher products (such as instruments, devices, equipment, and other electronic and/or connected devices) and infrastructure.

Key Responsibilities:

• Work closely with key product development leaders to ensure security is incorporated in all product offerings.
• Support efforts to inject security into all levels of the product development process.
• Drive secure development and integration of security features into all phases of product, firmware and software design and development.
• Lead programs to ensure continuous development and improvement of security integration into the product development lifecycle.
• Partner with architecture and development teams to develop shared security frameworks to enable consistent application of secure coding standard methodologies across the enterprise.
• Build working relationships with product development partners to maintain and improve product and application security processes.
• Assist to maturing process, policy, and standards guidance.
• Educate key partners on program, risks, and importance of security in our products and environment.
• Work with business units to identify, collect, call out, and close security vulnerabilities found in Thermo Fisher products and infrastructure; Leverage tools to deliver vulnerability information back to the development organization for remediation.
• Mentor others in what constitutes secure product activities.
• Perform research activities on existing and in development products and/or infrastructure to resolve security capabilities and discover unknown risks.
• Build testing approaches and perform testing activities on products and/or infrastructure to resolve vulnerabilities, validate remediation, and reduce overall risk profiles.
• Proactively ensure that applicable regulatory mandates are addressed with appropriate controls.
• Coordinate/participate in and perform design reviews, peer reviews, and code reviews.
• Ensure excellent consistency, documentation, and process across all programs.
• Coordinate with security risk assessments for new and existing products through the risk assessment team.
• Collaborate with other departments (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution.
• Creation of product whitepapers throughout the product lifecycle.
• Creation of security bulletins to address new or evolving threats to products and infrastructure.
• Travel up to 25% and on-call/after hours duties may be required.

Minimum Requirements/Qualifications:

• Deep knowledge of IoT and digital device research methods, variables and parameters including analysis, testing and documentation.
• Deep understanding of cryptography, authentication, authorization, network security protocols, and application security.
• Strong understanding of how to connect new and changing threats to IoT portfolio to build mitigating or compensating activities.
• Strong exposure to popular application security standards including OWASP TOP 10, CSC 20 etc.
• Bachelor’s Degree in Information Assurance, Information Security, Management Information Systems, Risk Management, or Computer Science (Master’s Degree a plus) or equivalent field experience.
• Relevant technical certificates a plus (OSCP, SANS, GIAC, etc).
• 5+ years of related work experience with security consulting, product security, secure software development, risk assessment, and/or vulnerability management.
• Strong interpersonal and documentation skills are a must.
• Ability to explain and promote technical concepts.
• Strong attention to detail, organizational skills.
• Strong customer service skills required.
• Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts.
• The ideal candidate will have hands on experience in one or more of the following areas: Hardware System Integration, Signal and Power Integrity, RF Systems, Wi-Fi, Bluetooth, Wireless Communications, TCP/IP, Network and Application Penetration Testing.