Thermo Fisher Scientific Cybersecurity Researcher in Remote / Field, Alabama
Cybersecurity Researcher, Product Security
When you join us at Thermo Fisher Scientific, you’ll be part of a smart, driven team that shares your passion for exploration and discovery. With revenues of $22 billion and the largest investment in R&D in the industry, we give our people the resources and opportunities to make significant contributions to the world.
What will you do?
The Cybersecurity Researcher, Product Security has global responsibility for focusing the business (especially product teams) on security risks and mitigations associated with the company’s products (ex. Connected Devices). He/she will own the overarching research, testing and validation of a product platforms, education, and integration of solutions with the overarching CIS program, including policy, standards, security awareness & education, application and vulnerability assessments, technological security controls, and threat modeling. The solutioning activities must support relevant Thermo Fisher products (such as consumables, instruments, devices, equipment, and other electronic and/or connected devices, sometimes referred to as Internet of Things (IoT)).
Be the product security champion for the Corporate Information Security Product Security Program
Form and manage research partnerships and collaborations with competitors, customers (internal and external), and vendors to support or enhance the core concepts of secure-by-design functionality
Lead a small team of researchers and validation specialists to achieve on goals aligned to the Product Security Program and the strategy of the greater IT and Corporate Information Security program
Determine research objectives, and develop research assignments to include testing and methodologies which support or enhance the concepts of secure-in-use functionality
Document, report, and present research findings to management and customers in an appropriate and prioritized risk-based methodology
Use of data models to drive secure development and integration of security features into all phases of product, firmware and software design and development
Coordinate, participate, and deliver context-based threat models of Thermo Fisher products, based on customer use-case scenarios and customer capabilities
Create testing approaches and perform testing activities on products to determine vulnerabilities, validate remediation, and reduce overall risk profiles
Specify and document product components and create Bills of Material for projects
Partner with architecture and development leaders to develop shared security frameworks to enable consistent application of secure coding best practices across the enterprise
Build solid working relationships with product development stakeholders to maintain and improve product and application security processes
Contribute to maturing process, policy, and standards guidance.
Educate key stakeholders on program, risks, and importance of security in our products
Work with business units to identify, capture, escalate, and close security vulnerabilities found in Thermo Fisher products and platforms; Leverage tools to deliver vulnerability information back to the development organization for remediation
Mentor others in what constitutes secure product activities
Perform research activities on existing and in development products to determine security capabilities and discover unknown risks
Proactively ensure that applicable regulatory mandates are addressed, either through existing frameworks or research of new methods
Coordinate/participate in and perform design reviews, peer reviews, and code reviews.
Ensure excellent consistency, documentation, and process across all programs
Work closely with key product development leaders to ensure security and accurate information is incorporated into all customer-facing product offerings, marketing material, and support documentation (and manuals)
Support efforts to inject security into all levels of the product development process
Collaborate with other departments (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution
Creation of product whitepapers throughout the product lifecycle
Creation of security bulletins to address new or changing threats to new and existing products
Travel up to 25% and on call/after-hours duties may be required
How will you get here?
Bachelor’s Degree in Information Assurance, Information Security, Management Information Systems, Risk Management, or Computer Science (Master’s Degree a plus) or equivalent field experience
8+ years of related work experience with product security, secure software development, risk assessment, or vulnerability management
Relevant technical certificates a plus
An understanding of research methods and approaches, and how to document research findings into actionable intelligence.
Deep knowledge of smart and connected IoT, device research methods, variables and parameters including analysis, testing and documentation.
Deep understanding of cryptography, authentication, authorization, network security protocols, and application security
Strong understanding of how to connect new and changing threats to IoT portfolio to create mitigating or compensating activities
Strong exposure to popular application security standards including OWASP TOP 10, CSC 20 etc.
Knowledge, Skills, Abilities
Strong interpersonal and documentation skills are a must
Ability to explain and champion technical concepts
Strong attention to detail, organizational skills
Excellent customer service skills required
Strong analytical and product management skills required
Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts
The ideal candidate will have hands on experience in one or more of the following areas: Hardware System Integration, Signal and Power Integrity, RF Systems, Wi-Fi, Bluetooth, Wireless Communications, TCP/IP
At Thermo Fisher Scientific, each one of our 70,000 extraordinary minds has a unique story to tell. Join us and contribute to our singular mission—enabling our customers to make the world healthier, cleaner and safer.
If you are an individual with a disability who requires reasonable accommodation to complete any part of our application process, click here at https://jobs.thermofisher.com/page/show/eeo-affirmative-action-statement#accessibility for further assistance.
Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.