Sr Manager, Penetration Testing & Research

at  Thermo Fisher Scientific

JOB DESCRIPTION

At Thermo Fisher Scientific, you’ll join a curious team that shares your passion for exploration and discovery. We invest heavily in R&D and offer ample resources for you to make meaningful contributions to the world!

POSITION SUMMARY:

The Sr. Manager, Penetration Testing, is responsible for helping to secure the organization’s products and assets globally. They will conduct research, testing, and validation of the products and platforms, as well as our internal environments throughout their development lifecycles. This role involves using robust solutions within the CIS program, focusing on testing, security awareness, education, vulnerability assessments, and risk evaluation. Continuous improvement is driven through our practical process improvement (PPI) methodology and will be instrumental in helping find a better way, every day.

MINIMUM REQUIREMENTS/QUALIFICATIONS:

• Deep knowledge of IoT and digital device research methods, variables and parameters including analysis, testing and documentation.
• Deep understanding of cryptography, authentication, authorization, network security protocols, and application security.
• Strong exposure to application security standards including OWASP TOP 10, CSC 20, etc.
• Familiarity with regulations and requirements surrounding medical devices and IoT such as FDA pre-market and post-market cybersecurity requirements.
• Bachelor’s Degree or equivalent experience in Information Assurance, Information Security, Management Information Systems, Risk Management, or Computer Science (Master’s Degree or equivalent experience a plus) or a related field.
• Relevant technical certificates a plus (OSCP, SANS, GIAC, etc).
• 5+ years of related work experience with security consulting, product security, secure software development, risk assessment, and/or vulnerability management.
• Strong interpersonal and documentation skills are a must.
• Ability to explain and promote technical concepts.
• Strong attention to detail and organization skills.
• Excellent verbal and written communication skills and the ability to partner with a diverse group of executives, managers, and subject matter authorities.
• The ideal candidate will have hands on experience in one or more of the following areas: Hardware System Integration, Signal and Power Integrity, RF Systems, Wi-Fi, Bluetooth, Wireless Communications, TCP/IP, Network and Application Penetration Testing.

• Perform penetration testing activities and on products and/or infrastructure to resolve vulnerabilities, validate remediation, and reduce overall risk profiles.
• Develop comprehensive mentorship for frequently encountered vulnerabilities and corresponding remediation strategies.
• Build and improve existing methodologies for penetration testing, drawing from industry standards and mentorship provided by established agencies like CISA and the FDA.
• Coordinate on security risk assessments for new and existing products through the pre- and post-market teams.
• Build working partnerships with product development leaders and peers to drive secure development and integration of security features into all phases of product, firmware, software design processes and product development lifecycle.
• Collaborate with architecture and development teams to develop shared security frameworks to enable consistent application of secure coding standard methodologies across the enterprise.
• Educate key partners on program, risks, and importance of security in our products and environment.
• Work with cross-functional teams to find and fix security issues in Thermo Fisher products and infrastructure. Use tools to send vulnerability information to the development team for fixing.
• Mentor others in what constitutes secure product activities.
• Coordinate/participate in and perform design reviews, peer reviews, and code reviews.
• Ensure excellent consistency, documentation, and process across all programs.
• Collaborate with other departments (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution.
• Creation of security bulletins to address new or evolving threats to the company’s assets and products.
• Travel up to 25% and on-call/after hours duties may be required.