Massachusetts Information Technology Jobs

Search for Jobs in Information Technology
MassHire JobQuest Logo

Job Information

Thermo Fisher Scientific Senior Product Security Strategist in Boston, Massachusetts

What Will You Be A Part Of?

When you're part of the team at Thermo Fisher Scientific, you'll do important work, like helping customers in finding cures for cancer, protecting the environment or making sure our food is safe. Your work will have real-world impact, and you'll be supported in achieving your career goals.

This role is a member of the Corporate Infrastructure & Security (CIS), Product and Software Security, Business Enablement team and is responsible for guiding Thermo Fisher product development and sustainment with incorporating security concepts and controls in the design of new and existing consumer products and platforms.

How Will You Make An Impact?

By enabling our product development and sustainment teams, you will help ensure that Thermo Fisher products are developed and tested against security standards, further helping our customers to make the world healthier, cleaner and safer.

What Will You Do?

  • Work closely with key product development leaders to ensure security is incorporated in all customer-facing product offerings

  • Support efforts to inject security into all levels of the product development process

  • Evaluate the business processes around product security and anticipate requirements, uncover areas for improvement, and help develop and implement solutions

  • Lead projects to ensure continuous development and improvement of security integration into the product development lifecycle

  • Partner with business and product leaders to lead ongoing reviews of existing processes to enable consistent application of secure development best practices across the enterprise

  • Build solid working relationships with product development stakeholders to maintain and improve product and application security processes

  • Deep dive into lines of business to understand the products they produce and support throughout the lifecycle, including new research and development efforts

  • Determine the relevant regulatory requirements and standards requirements for applicable products and communicate those to the product development stakeholders

  • Build and maintain product portfolios for relevant lines of business

  • Contribute to maturing process, policy, and standards guidance

  • Educate key stakeholders on program, risks, and importance of security in our products

  • Work with cross-functional business units to identify, capture, and escalate, security vulnerabilities found in Thermo Fisher products and platforms

  • Coordinate, participate, and deliver threat modeling for products

  • Proactively ensure that applicable regulatory mandates are addressed with mitigating or compensating controls

  • Coordinate/participate in and perform design reviews, peer reviews, and code reviews

  • Ensure excellent consistency, documentation, and process across all programs

  • Lead security assessments for new and existing products through the risk assessment team.

  • Stay abreast of new technology developments, and assess the impact to the security program, to determine integration points.

  • Collaborate with other departments (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution.

  • Provide leadership, coaching and mentoring.

  • Travel up to 25% and oncall/after hours duties may be required.

How Will You Get Here?

  • Bachelor's Degree in Information Assurance, Information Security, Management Information Systems, Risk Management, or Computer Science (Master's Degree a plus) or equivalent field experience

  • 6+ years of related work experience with product security, secure software development, risk assessment, or vulnerability management

  • 5+ years working with secure networking concepts, including ports, protocols, and services, as they relate to IoT

Knowledge, Skills, Abilities

  • Strong skills in analysis and evaluation of processes and methods.

  • Strong understanding of device research methods, variables and parameters including analysis, testing and documentation.

  • Strong understanding of security controls.

  • Strong interpersonal and documentation skills

  • Strong technical skills as they apply to networking and communication protocols

  • Strong understanding of regulatory requirements, especially for medical devices.

  • Strong understanding of standards requirements (ISO, IEC, etc.), especially for medical devices.

  • Strong attention to detail, organizational skills

  • Understanding of how to connect new and changing threats to IoT portfolio to create mitigating or compensating activities

  • Exposure to popular application security standards including OWASP ASVS and Top 10, CSC 20, etc.

  • Ability to explain and champion security concepts

  • Excellent customer service skills and documentation required

  • Strong analytical and product management skills required

  • Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts

  • Project management skills a plus

  • Relevant technical certifications a plus

Thermo Fisher Scientific is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, creed, religion, color, national or ethnic origin, citizenship, sex, sexual orientation, gender identity and expression, genetic information, veteran status, age or disability status.