Shire Jobs

Work Schedule

Standard (Mon-Fri)

Environmental Conditions

Office

Job Description

The Sr. Product Security Researcher, has global responsibility for

ensuring the security of the organization's products and assets by

performing research, penetration testing and remediation validation

of the product and its associated platforms. They will guide

integration of robust solutions within the overarching CIS program.

This includes policy, security awareness & education, application and

vulnerability assessments, technological security controls and risk

evaluation. The solutioning activities must support relevant Thermo

Fisher products (such as instruments, devices, equipment, other

electronic and/or connected devices) and infrastructure.

Key Responsibilities:

Perform penetration testing activities and on products and/or

infrastructure to resolve vulnerabilities, validate remediation, and

reduce overall risk profiles.

Build detailed guidance for commonly encountered vulnerabilities and

relevant remediation steps.

Create and enhance current methodologies for penetration testing

which builds on industry standards and guidance from established

agencies such as CISA and the FDA.

Coordinate on security risk assessments for new and existing products

through the pre- and post-market teams.

Build working partnerships with product development leaders and

peers to drive secure development and integration of security features

into all phases of product, firmware, software design processes and

product development lifecycle.

Collaborate with architecture and development teams to develop

shared security frameworks to enable consistent application of secure

coding standard methodologies across the enterprise.

Educate key partners on program, risks, and importance of security in

our products and environment.

Work with business units to identify, collect, call out, and close

security vulnerabilities found in Thermo Fisher products and

infrastructure; Leverage tools to deliver vulnerability information

back to the development organization for remediation.

Mentor others in what constitutes secure product activities.

Coordinate/participate in and perform design reviews, peer reviews,

and code reviews.

Ensure excellent consistency, documentation, and process across all

programs.

Collaborate with other departments (e.g., Risk Management, Internal

Audit, HR, Legal, etc.) to direct compliance issues to appropriate

existing channels for investigation and resolution.

Creation of security bulletins to address new or evolving threats to

the company's assets and products.

Travel up to 25% and on-call/after hours duties may be required.

Minimum Requirements/Qualifications:

Deep knowledge of IoT and digital device research methods, variables

and parameters including analysis, testing and documentation.

Deep understanding of cryptography, authentication, authorization,

network security protocols, and application security.

Strong exposure to application security standards including OWASP

TOP 10, CSC 20, etc.

Familiarity with regulations and requirements surrounding medical

devices and IoT such as FDA pre-market and post-market

cybersecurity requirements.

Bachelor’s Degree in Information Assurance, Information Security,

Management Information Systems, Risk Management, or Computer

Science (Master’s Degree a plus) or equivalent field experience.

Relevant technical certificates a plus (OSCP, SANS, GIAC, etc).

5+ years of related work experience with security consulting, product

security, secure software development, risk assessment, and/or

vulnerability management.

Strong interpersonal and documentation skills are a must.

Ability to explain and promote technical concepts.

Strong attention to detail and organization skills.

Excellent verbal and written communication skills and the ability to

partner with a diverse group of executives, managers, and subject

matter authorities.

The ideal candidate will have hands on experience in one or more of

the following areas: Hardware System Integration, Signal and Power

Integrity, RF Systems, Wi-Fi, Bluetooth, Wireless Communications,

TCP/IP, Network and Application Penetration Testing.

Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.