Thermo Fisher Scientific Cybersecurity Researcher in Remote / Field, Alabama

Job Description

Cybersecurity Researcher, Product Security

When you join us at Thermo Fisher Scientific, you’ll be part of a smart, driven team that shares your passion for exploration and discovery. With revenues of $22 billion and the largest investment in R&D in the industry, we give our people the resources and opportunities to make significant contributions to the world.

What will you do?

The Cybersecurity Researcher, Product Security has global responsibility for focusing the business (especially product teams) on security risks and mitigations associated with the company’s products (ex. Connected Devices). He/she will own the overarching research, testing and validation of a product platforms, education, and integration of solutions with the overarching CIS program, including policy, standards, security awareness & education, application and vulnerability assessments, technological security controls, and threat modeling. The solutioning activities must support relevant Thermo Fisher products (such as consumables, instruments, devices, equipment, and other electronic and/or connected devices, sometimes referred to as Internet of Things (IoT)).

Key Responsibilities:

  • Be the product security champion for the Corporate Information Security Product Security Program

  • Form and manage research partnerships and collaborations with competitors, customers (internal and external), and vendors to support or enhance the core concepts of secure-by-design functionality

  • Lead a small team of researchers and validation specialists to achieve on goals aligned to the Product Security Program and the strategy of the greater IT and Corporate Information Security program

  • Determine research objectives, and develop research assignments to include testing and methodologies which support or enhance the concepts of secure-in-use functionality

  • Document, report, and present research findings to management and customers in an appropriate and prioritized risk-based methodology

  • Use of data models to drive secure development and integration of security features into all phases of product, firmware and software design and development

  • Coordinate, participate, and deliver context-based threat models of Thermo Fisher products, based on customer use-case scenarios and customer capabilities

  • Create testing approaches and perform testing activities on products to determine vulnerabilities, validate remediation, and reduce overall risk profiles

  • Specify and document product components and create Bills of Material for projects

  • Partner with architecture and development leaders to develop shared security frameworks to enable consistent application of secure coding best practices across the enterprise

  • Build solid working relationships with product development stakeholders to maintain and improve product and application security processes

  • Contribute to maturing process, policy, and standards guidance.

  • Educate key stakeholders on program, risks, and importance of security in our products

  • Work with business units to identify, capture, escalate, and close security vulnerabilities found in Thermo Fisher products and platforms; Leverage tools to deliver vulnerability information back to the development organization for remediation

  • Mentor others in what constitutes secure product activities

  • Perform research activities on existing and in development products to determine security capabilities and discover unknown risks

  • Proactively ensure that applicable regulatory mandates are addressed, either through existing frameworks or research of new methods

  • Coordinate/participate in and perform design reviews, peer reviews, and code reviews.

  • Ensure excellent consistency, documentation, and process across all programs

  • Work closely with key product development leaders to ensure security and accurate information is incorporated into all customer-facing product offerings, marketing material, and support documentation (and manuals)

  • Support efforts to inject security into all levels of the product development process

  • Collaborate with other departments (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution

  • Creation of product whitepapers throughout the product lifecycle

  • Creation of security bulletins to address new or changing threats to new and existing products

  • Travel up to 25% and on call/after-hours duties may be required

How will you get here?

Education

Bachelor’s Degree in Information Assurance, Information Security, Management Information Systems, Risk Management, or Computer Science (Master’s Degree a plus) or equivalent field experience

Experience

  • 8+ years of related work experience with product security, secure software development, risk assessment, or vulnerability management

  • Relevant technical certificates a plus

  • An understanding of research methods and approaches, and how to document research findings into actionable intelligence.

  • Deep knowledge of smart and connected IoT, device research methods, variables and parameters including analysis, testing and documentation.

  • Deep understanding of cryptography, authentication, authorization, network security protocols, and application security

  • Strong understanding of how to connect new and changing threats to IoT portfolio to create mitigating or compensating activities

  • Strong exposure to popular application security standards including OWASP TOP 10, CSC 20 etc.

Knowledge, Skills, Abilities

  • Strong interpersonal and documentation skills are a must

  • Ability to explain and champion technical concepts

  • Strong attention to detail, organizational skills

  • Excellent customer service skills required

  • Strong analytical and product management skills required

  • Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts

  • The ideal candidate will have hands on experience in one or more of the following areas: Hardware System Integration, Signal and Power Integrity, RF Systems, Wi-Fi, Bluetooth, Wireless Communications, TCP/IP

At Thermo Fisher Scientific, each one of our 70,000 extraordinary minds has a unique story to tell. Join us and contribute to our singular mission—enabling our customers to make the world healthier, cleaner and safer.

If you are an individual with a disability who requires reasonable accommodation to complete any part of our application process, click here at https://jobs.thermofisher.com/page/show/eeo-affirmative-action-statement#accessibility for further assistance.

Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.