Sr Product Security Researcher
at Thermo Fisher Scientific
Frederick, Maryland, USA -
Start Date | Expiry Date | Salary | Posted On | Experience | Skills | Telecommute | Sponsor Visa |
---|---|---|---|---|---|---|---|
Immediate | 27 Jun, 2024 | Not Specified | 27 Mar, 2024 | N/A | Security Protocols,Product Security,Computer Science,Rf Systems,Testing,Application Security,Power Integrity,Documentation,Software Development,Security Consulting,Authentication,Authorization,Communication Skills,Giac,Cryptography,Risk Assessment | No | No |
Required Visa Status:
Citizen | GC |
US Citizen | Student Visa |
H1B | CPT |
OPT | H4 Spouse of H1B |
GC Green Card |
Employment Type:
Full Time | Part Time |
Permanent | Independent - 1099 |
Contract – W2 | C2H Independent |
C2H W2 | Contract – Corp 2 Corp |
Contract to Hire – Corp 2 Corp |
Description:
The Sr Product Security Researcher, Product Security has global responsibility for the security associated with the company’s Product Security program. They will perform research, testing and validation of a product and its associated platforms, and guide integration of solutions within the overarching CIS program. This includes policy, security awareness & education, application and vulnerability assessments, technological security controls and risk evaluation. The solutioning activities must support relevant Thermo Fisher products (such as instruments, devices, equipment, and other electronic and/or connected devices) and infrastructure.
MINIMUM REQUIREMENTS/QUALIFICATIONS:
- Deep knowledge of IoT and digital device research methods, variables and parameters including analysis, testing and documentation.
- Deep understanding of cryptography, authentication, authorization, network security protocols, and application security.
- Solid understanding of how to connect new and changing threats to IoT portfolio to build mitigating or compensating activities.
- Strong exposure to popular application security standards including OWASP TOP 10, CSC 20 etc.
- Bachelor’s Degree in Information Assurance, Information Security, Management Information Systems, Risk Management, or Computer Science (Master’s Degree a plus) or equivalent field experience.
- Relevant technical certificates a plus (OSCP, SANS, GIAC, etc).
- 5+ years of related work experience with security consulting, product security, secure software development, risk assessment, and/or vulnerability management.
- Solid interpersonal and documentation skills are a must.
- Ability to explain and promote technical concepts.
- Solid attention to detail, organizational skills.
- Strong customer service skills required.
- Excellent verbal and written communication skills and the ability to communicate professionally with a diverse group, executives, managers, and domain experts.
- The ideal candidate will have hands on experience in one or more of the following areas: Hardware System Integration, Signal and Power Integrity, RF Systems, Wi-Fi, Bluetooth, Wireless Communications, TCP/IP, Network and Application Penetration Testing.
Responsibilities:
- Work closely with key product development leaders to ensure security is incorporated in all product offerings.
- Support efforts to inject security into all levels of the product development process.
- Drive secure development and integration of security features into all phases of product, firmware and software design and development.
- Lead programs to ensure continuous development and improvement of security integration into the product development lifecycle.
- Partner with architecture and development teams to develop shared security frameworks to enable consistent application of secure coding standard methodologies across the enterprise.
- Build working relationships with product development partners to maintain and improve product and application security processes.
- Assist to maturing process, policy, and standards guidance.
- Educate key partners on program, risks, and importance of security in our products and environment.
- Work with business units to identify, collect, call out, and close security vulnerabilities found in Thermo Fisher products and infrastructure; Leverage tools to deliver vulnerability information back to the development organization for remediation.
- Mentor others in what constitutes secure product activities.
- Perform research activities on existing and in development products and/or infrastructure to resolve security capabilities and discover unknown risks.
- Build testing approaches and perform testing activities on products and/or infrastructure to resolve vulnerabilities, validate remediation, and reduce overall risk profiles.
- Proactively ensure that applicable regulatory mandates are addressed with appropriate controls.
- Coordinate/participate in and perform design reviews, peer reviews, and code reviews.
- Ensure excellent consistency, documentation, and process across all programs.
- Coordinate with security risk assessments for new and existing products through the risk assessment team.
- Collaborate with other groups (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution.
- Creation of product whitepapers throughout the product lifecycle.
- Creation of security bulletins to address new or evolving threats to products and infrastructure.
- Travel up to 25% and on-call/after hours duties may be required.
REQUIREMENT SUMMARY
Min:N/AMax:5.0 year(s)
Information Technology/IT
IT Software - Network Administration / Security
Software Engineering
Trade Certificate
Relevant technical certificates a plus (oscp sans giac etc).
Proficient
1
Frederick, MD, USA