Sr Product Security Researcher

at  Thermo Fisher Scientific

Frederick, Maryland, USA -

Start DateExpiry DateSalaryPosted OnExperienceSkillsTelecommuteSponsor Visa
Immediate27 Jun, 2024Not Specified27 Mar, 2024N/ASecurity Protocols,Product Security,Computer Science,Rf Systems,Testing,Application Security,Power Integrity,Documentation,Software Development,Security Consulting,Authentication,Authorization,Communication Skills,Giac,Cryptography,Risk AssessmentNoNo
Add to Wishlist Apply All Jobs
Required Visa Status:
CitizenGC
US CitizenStudent Visa
H1BCPT
OPTH4 Spouse of H1B
GC Green Card
Employment Type:
Full TimePart Time
PermanentIndependent - 1099
Contract – W2C2H Independent
C2H W2Contract – Corp 2 Corp
Contract to Hire – Corp 2 Corp

Description:

The Sr Product Security Researcher, Product Security has global responsibility for the security associated with the company’s Product Security program. They will perform research, testing and validation of a product and its associated platforms, and guide integration of solutions within the overarching CIS program. This includes policy, security awareness & education, application and vulnerability assessments, technological security controls and risk evaluation. The solutioning activities must support relevant Thermo Fisher products (such as instruments, devices, equipment, and other electronic and/or connected devices) and infrastructure.

MINIMUM REQUIREMENTS/QUALIFICATIONS:

  • Deep knowledge of IoT and digital device research methods, variables and parameters including analysis, testing and documentation.
  • Deep understanding of cryptography, authentication, authorization, network security protocols, and application security.
  • Solid understanding of how to connect new and changing threats to IoT portfolio to build mitigating or compensating activities.
  • Strong exposure to popular application security standards including OWASP TOP 10, CSC 20 etc.
  • Bachelor’s Degree in Information Assurance, Information Security, Management Information Systems, Risk Management, or Computer Science (Master’s Degree a plus) or equivalent field experience.
  • Relevant technical certificates a plus (OSCP, SANS, GIAC, etc).
  • 5+ years of related work experience with security consulting, product security, secure software development, risk assessment, and/or vulnerability management.
  • Solid interpersonal and documentation skills are a must.
  • Ability to explain and promote technical concepts.
  • Solid attention to detail, organizational skills.
  • Strong customer service skills required.
  • Excellent verbal and written communication skills and the ability to communicate professionally with a diverse group, executives, managers, and domain experts.
  • The ideal candidate will have hands on experience in one or more of the following areas: Hardware System Integration, Signal and Power Integrity, RF Systems, Wi-Fi, Bluetooth, Wireless Communications, TCP/IP, Network and Application Penetration Testing.

Responsibilities:

  • Work closely with key product development leaders to ensure security is incorporated in all product offerings.
  • Support efforts to inject security into all levels of the product development process.
  • Drive secure development and integration of security features into all phases of product, firmware and software design and development.
  • Lead programs to ensure continuous development and improvement of security integration into the product development lifecycle.
  • Partner with architecture and development teams to develop shared security frameworks to enable consistent application of secure coding standard methodologies across the enterprise.
  • Build working relationships with product development partners to maintain and improve product and application security processes.
  • Assist to maturing process, policy, and standards guidance.
  • Educate key partners on program, risks, and importance of security in our products and environment.
  • Work with business units to identify, collect, call out, and close security vulnerabilities found in Thermo Fisher products and infrastructure; Leverage tools to deliver vulnerability information back to the development organization for remediation.
  • Mentor others in what constitutes secure product activities.
  • Perform research activities on existing and in development products and/or infrastructure to resolve security capabilities and discover unknown risks.
  • Build testing approaches and perform testing activities on products and/or infrastructure to resolve vulnerabilities, validate remediation, and reduce overall risk profiles.
  • Proactively ensure that applicable regulatory mandates are addressed with appropriate controls.
  • Coordinate/participate in and perform design reviews, peer reviews, and code reviews.
  • Ensure excellent consistency, documentation, and process across all programs.
  • Coordinate with security risk assessments for new and existing products through the risk assessment team.
  • Collaborate with other groups (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution.
  • Creation of product whitepapers throughout the product lifecycle.
  • Creation of security bulletins to address new or evolving threats to products and infrastructure.
  • Travel up to 25% and on-call/after hours duties may be required.


REQUIREMENT SUMMARY

Min:N/AMax:5.0 year(s)

Information Technology/IT

IT Software - Network Administration / Security

Software Engineering

Trade Certificate

Relevant technical certificates a plus (oscp sans giac etc).

Proficient

1

Frederick, MD, USA