Thermo Fisher Scientific Hiring for Product Security Researcher/Tester at Bangalore, India Full Time

What we do

We have global responsibility for the security associated with the company’s Product Security program.

We lead the overarching research, testing and validation of a product platforms, education, and integration of solutions with the overarching CIS program.

We build policy, security awareness & education, application and vulnerability assessments, technological security controls, and threat modeling.

We build solutions for instruments, devices, equipment, and other electronic and/or connected devices.

We are more than penetration testers, we are involved in improving our products and their impact on the world!

What will you do?

Work closely with key colleagues to ensure security is incorporated in all customer-facing product offerings.

Drive secure development and integration of security features into all phases of product, firmware and software design and development.

Partner with architecture and development leaders to develop shared security frameworks to enable consistent application of secure coding standards across the enterprise.

Build solid working relationships with product development partners to maintain and improve product and application security processes.

Work with business units to identify, capture, call out problems, and close security vulnerabilities found in Thermo Fisher products and platforms; Use tools to deliver vulnerability information back to the development organization for remediation.

Participate, and deliver threat modeling for products.

Perform research activities on existing and in development products, determine security capabilities and discover unknown risks.

Build testing approaches and perform testing activities on products to determine vulnerabilities, validate remediation, and reduce overall risk profiles.

Document components and create Bills of Material for projects

Ensure that applicable regulatory mandates are addressed with appropriate controls.

Participate in and perform design reviews, peer reviews, and code reviews.

Ensure excellent consistency, documentation, and process across all programs.

Coordinate with security risk assessments for new and existing products through the risk assessment team.

Collaborate with other departments (e.g., Risk Management, Internal Audit, HR, Legal, etc.) on compliance issues to appropriate existing channels for investigation and resolution.

Contribute to product whitepapers throughout the product lifecycle.

Create security bulletins to address new or changing threats

Minimum Requirements/Qualifications:

• Good working knowledge of smart-device and connected IoT, device research methods, variables and parameters including analysis, testing and documentation.

• Solid understanding of cryptography, authentication, authorization, network security protocols, and application security

• Good understanding of how to connect new and changing threats to IoT portfolio to create mitigating or compensating activities

• Exposure to popular application security standards including OWASP TOP 10, CSC 20 etc.

• Bachelor’s Degree in Information Assurance, Information Security, Management Information Systems, Risk Management, or Computer Science (Master’s Degree a plus) or equivalent field experience

• Relevant technical certificates a plus (OSCP, SANS, GIAC, etc)

• 3+ years of related work experience with security consulting, product security, secure software development, risk assessment, and/or vulnerability management

• Strong interpersonal and documentation skills are a must

• Collaborate to explain technical concepts

• Strong attention to detail, organizational skills

• Excellent customer service skills required

• Strong analytical and product management skills required

• Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and domain experts

• The ideal candidate will have hands on experience in one or more of the following areas: Hardware System Integration, Signal and Power Integrity, RF Systems, Wi-Fi, Bluetooth, Wireless Communications, TCP/IP

Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.