Sr Manager, Penetration Testing & Research
Thermo Fisher Scientific

Frederick, Maryland

Posted in Science and Research


Job Info


Work Schedule
Standard (Mon-Fri)

Environmental Conditions
Office

Job Description

At Thermo Fisher Scientific, you'll join a curious team that shares your passion for exploration and discovery. We invest heavily in R&D and offer ample resources for you to make meaningful contributions to the world!

Location/Division Specific Information:

This position reports into the Senior Director, Product Security within Corporate Infrastructure & Security (CIS) and is based in Frederick, Maryland or Raleigh, North Carolina.

How will you make an impact?

Lead a distributed team focused on identifying and improving the security of our various products and internal systems. Make a meaningful difference for our customers, patients, and partners who rely on Thermo Fisher products. Join our team and make an impact!

Position Summary:

The Sr. Manager, Penetration Testing, is responsible for helping to secure the organization's products and assets globally. They will conduct research, testing, and validation of the products and platforms, as well as our internal environments throughout their development lifecycles. This role involves using robust solutions within the CIS program, focusing on testing, security awareness, education, vulnerability assessments, and risk evaluation. Continuous improvement is driven through our practical process improvement (PPI) methodology and will be instrumental in helping find a better way, every day.

Key Responsibilities:

  • Perform penetration testing activities and on products and/or infrastructure to resolve vulnerabilities, validate remediation, and reduce overall risk profiles.
  • Develop comprehensive mentorship for frequently encountered vulnerabilities and corresponding remediation strategies.
  • Build and improve existing methodologies for penetration testing, drawing from industry standards and mentorship provided by established agencies like CISA and the FDA.
  • Coordinate on security risk assessments for new and existing products through the pre- and post-market teams.
  • Build working partnerships with product development leaders and peers to drive secure development and integration of security features into all phases of product, firmware, software design processes and product development lifecycle.
  • Collaborate with architecture and development teams to develop shared security frameworks to enable consistent application of secure coding standard methodologies across the enterprise.
  • Educate key partners on program, risks, and importance of security in our products and environment.
  • Work with cross-functional teams to find and fix security issues in Thermo Fisher products and infrastructure. Use tools to send vulnerability information to the development team for fixing.
  • Mentor others in what constitutes secure product activities.
  • Coordinate/participate in and perform design reviews, peer reviews, and code reviews.
  • Ensure excellent consistency, documentation, and process across all programs.
  • Collaborate with other departments (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution.
  • Creation of security bulletins to address new or evolving threats to the company's assets and products.
  • Travel up to 25% and on-call/after hours duties may be required.
Minimum Requirements/Qualifications:

  • Deep knowledge of IoT and digital device research methods, variables and parameters including analysis, testing and documentation.
  • Deep understanding of cryptography, authentication, authorization, network security protocols, and application security.
  • Strong exposure to application security standards including OWASP TOP 10, CSC 20, etc.
  • Familiarity with regulations and requirements surrounding medical devices and IoT such as FDA pre-market and post-market cybersecurity requirements.
  • Bachelor's Degree or equivalent experience in Information Assurance, Information Security, Management Information Systems, Risk Management, or Computer Science (Master's Degree or equivalent experience a plus) or a related field.
  • Relevant technical certificates a plus (OSCP, SANS, GIAC, etc).
  • 5+ years of related work experience with security consulting, product security, secure software development, risk assessment, and/or vulnerability management.
  • Strong interpersonal and documentation skills are a must.
  • Ability to explain and promote technical concepts.
  • Strong attention to detail and organization skills.
  • Excellent verbal and written communication skills and the ability to partner with a diverse group of executives, managers, and subject matter authorities.
  • The ideal candidate will have hands on experience in one or more of the following areas: Hardware System Integration, Signal and Power Integrity, RF Systems, Wi-Fi, Bluetooth, Wireless Communications, TCP/IP, Network and Application Penetration Testing.



More Science and Research jobs


Millipore Corporation
St. Louis, Missouri
Posted about 1 hour ago

Millipore Corporation
Danvers, Massachusetts
Posted about 1 hour ago

Millipore Corporation
Billerica, Massachusetts
Posted about 1 hour ago

Get Hired Faster

Subscribe to job alerts and upload your resume!

*By registering with our site, you agree to our
Terms and Privacy Policy.


Share diversity job

Sr Manager, Penetration Testing & Research is posted on all sites within our Diversity Job Network.


African American Job Search Logo
Hispanic Inclusion Jobs Logo
Asian Job Search Logo
Women Inclusion Jobs Logo
Diversity Inclusion Jobs Logo
Seniors to Work Logo
Black Inclusion Jobs Logo
Veteran Job Center Logo
LGBT Job Search Logo
Asian Inclusion Jobs Logo
Disabled Job Seekers Logo
Senior Inclusion Jobs Logo
Disability Inclusion Jobs Logo
US Diversity Job Search Logo
LGBTQ Inclusion Jobs Logo
Hispanic Job Exchange Logo