Security Solutions Architect, Product Security
Thermo Fisher Scientific Inc. (NYSE: TMO) is the world leader in serving science, with revenues of more than $20 billion and approximately 65,000 employees globally. Our mission is to enable our customers to make the world healthier, cleaner and safer. We help our customers accelerate life sciences research, solve complex analytical challenges, improve patient diagnostics, deliver medicines to market and increase laboratory productivity. Through our premier brands - Thermo Scientific, Applied Biosystems, Invitrogen, Fisher Scientific and Unity Lab Services - we offer an unmatched combination of innovative technologies, purchasing convenience and comprehensive services.
The Security Solutions Architect, Product Security has global responsibility for the security architecture associated with the company’s Product Security program. He/she will own the overarching design of a secure framework, education, and integration of solutions with the overarching CIS program (policy, security awareness & education, application and vulnerability assessments, technological security controls, and monitoring for threats by the SOC). The secure framework must support relevant Thermo Fisher products (such as instruments, equipment, and other electronic and/or connected devices, sometimes referred to as Internet of Things (IoT)).
- Work closely with key product development leaders to ensure security is incorporated in all customer-facing product offerings.
- Support efforts to inject security into all levels of the software development process.
- Drive secure development and integration of security features into all phases of product and software design and development.
- Lead programs to ensure continuous development and improvement of security integration into the product development lifecycle.
- Partner with architecture and development leaders to develop shared software frameworks to enable consistent application of secure coding best practices across the enterprise.
- Build solid working relationships with product development stakeholders to maintain and improve product and application security processes.
- Contribute to maturing process, policy, and standards guidance.
- Educate key stakeholders on program, risks, and importance of security in our products.
- Work with business units to identify, capture, escalate, and close security vulnerabilities found in Thermo Fisher products and platforms; Leverage tools to deliver vulnerability information back to the development organization for remediation.
- Coordinate, participate, and deliver threat modeling for given designs and architectures.
- Analyze reports from static and dynamic code analysis tools and use as material for software engineering education.
- Coordinate/participate in and perform design reviews, peer reviews, and code reviews.
- Partner with vulnerability management and security awareness teams to develop secure code practices and provide hands-on training to developers and quality engineers.
- Ensure excellent consistency, documentation, and process across all programs.
- Coordinate security risk assessments for new products through the risk assessment team.
- Collaborate with other departments (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution.
- Research latest security best practices when it comes to device/instrument/IoT, staying current on new vulnerabilities and threats.
- Proactively advise the business on how to maintain compliance with appropiate regulatory or industry best practice.
- Bachelor’s Degree in Information Assurance, Information Security, Management Information Systems, Risk Management, or Computer Science (Master’s Degree a plus)
- Relevant technical certificates a plus
- 8+ years of related work experience with product security, secure software development, risk assessment, or vulnerability management
- Knowledge of applicable industry standards, leading security practices, and regulatory requirements
- Deep understanding of DevSecOps, cryptography, authentication, authorization, network security protocols, and web application security
- Strong exposure to popular application security standards including OWASP TOP 10, SANS TOP 25 etc.
- Strong interpersonal and documentation skills are a must
- Ability to explain and champion technical concepts to a broad audience focusing on business acumen
- Strong attention to detail, organizational skills
- Excellent customer service skills required
- Strong analytical and product management skills required, including a thorough understanding of how to interpret customer business needs and translate them into application and operational requirements
- Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts
At Thermo Fisher Scientific, each one of our 65,000 extraordinary minds has a unique story to tell. Join us and contribute to our singular mission—enabling our customers to make the world healthier, cleaner and safer. Apply today http://jobs.thermofisher.com