About Thermo Fisher Scientific
Thermo Fisher Scientific Inc. (NYSE: TMO) is the world leader in serving science, with revenues of more than $20 billion and approximately 65,000 employees globally. Our mission is to enable our customers to make the world healthier, cleaner and safer. We help our customers accelerate life sciences research, solve complex analytical challenges, improve patient diagnostics, deliver medicines to market and increase laboratory productivity. Through our premier brands - Thermo Scientific, Applied Biosystems, Invitrogen, Fisher Scientific and Unity Lab Services - we offer an unmatched combination of innovative technologies, purchasing convenience and comprehensive services.
The Vulnerability Management Infrastructure Specialist will be working closely with the Cyber Security Program Manager – Vulnerability Management to support multiple stakeholders through the vulnerability management process. He/she will be responsible for maintaining configuration items and executing functions on the vulnerability management platform, which includes but not limited to scans in support of regulatory guidelines and proactive vulnerability detection. The person will be responsible for composing essential documentation (procedures, scanning reports, remediation reports, etc.), providing analysis and metrics on vulnerabilities, and driving remediation of vulnerabilities throughout the organization. The ideal candidate is very detailed oriented with strong written and oral communication skills as well as an intermediate technical background.
- Oversee the development, maintenance, and continual improvement of the vulnerability management platform, processes, and technical assessment support;
- Drive automation of vulnerability management platform and processes;
- Understanding of infrastructure and cloud vulnerability scanning;
- Basic understanding of how to classify and prioritize the risk of new vulnerabilities based on the company’s environment;
- Maintain metrics and reports on vulnerability findings and remediation compliance;
- Facilitate proactive remediation of new vulnerabilities by collecting information from threat and vulnerability feeds, analyzing the impact/applicability to our environment and communicating applicable vulnerabilities and recommended remediation actions to the impacted teams;
- Provide technical support to business/system and technology owners to propose mitigation and remediation solutions to identified issues;
- Assist with routine compliance and audit functions to ensure regulatory scanning requirements are satisfied;
- Document and report on processes and procedures;
- Provide input to the department’s leadership for enhancing the vulnerability management strategy;
- Stay current on security industry trends, attack techniques, mitigation techniques, security technologies and new and evolving threats to the organization by attending conferences, networking with peers and other education opportunities;
- Develop infrastructure and cloud vulnerability expertise to function as subject matter expert in multiple technical or business disciplines; and
- Develops strong partnerships with business clients, software vendors and other technical resources;
- Provide assistance to the Cyber Security Program Manager – Vulnerability Management as directed.
- AA or High School Diploma with 5+ years in IT Operations or Security Operations preferred
- 3+ Years of Information Security Experience, working with Vulnerability management tools;
- Sec+, SSCP, GIAC Security Essentials, and other security related certifications a plus;
- Strong knowledge of threats and vulnerabilities associated with cloud, and network security;
- Sense of urgency to address new technologies being deployed;
- Demonstrated ability to work effectively in an ambiguous environment;
- Strong oral and written communications skills;
- Strong analytical and problem-solving skills and proactive thinking skills;
- Basic level familiarity with Enterprise Vulnerability Management tools such as Rapid 7 InsightVM, Nessus, Qualys, Blackduck, and Fortify;
- Basic level familiarity with Cyber Security Regulatory Compliance bodies such as PCI, SOX, ISO27001, and others to be defined.
- Strong attention to detail, organizational skills, time management
- Excellent verbal and written communication skills
- The ability to interact professionally with a diverse group: executives, managers, and subject matter experts
- The ability to take direction and independently work through projects as required.
Join our Talent Community
If you're ready to make a difference in the world, you can do it here.Join