Skip to main contentA logo with &quat;the muse&quat; in dark blue text.

Sr Manager, Penetration Testing & Research

AT Thermo Fisher Scientific
Thermo Fisher Scientific

Sr Manager, Penetration Testing & Research

Frederick, MD

Work Schedule
Standard (Mon-Fri)

Environmental Conditions
Office

Job Description

At Thermo Fisher Scientific, you'll join a curious team that shares your passion for exploration and discovery. We invest heavily in R&D and offer ample resources for you to make meaningful contributions to the world!

Location/Division Specific Information:

This position reports into the Senior Director, Product Security within Corporate Infrastructure & Security (CIS) and is based in Frederick, Maryland or Raleigh, North Carolina.

How will you make an impact?

Lead a distributed team focused on identifying and improving the security of our various products and internal systems. Make a meaningful difference for our customers, patients, and partners who rely on Thermo Fisher products. Join our team and make an impact!

Want more jobs like this?

Get jobs in Frederick, MD delivered to your inbox every week.

By signing up, you agree to our Terms of Service & Privacy Policy.


Position Summary:

The Sr. Manager, Penetration Testing, is responsible for helping to secure the organization's products and assets globally. They will conduct research, testing, and validation of the products and platforms, as well as our internal environments throughout their development lifecycles. This role involves using robust solutions within the CIS program, focusing on testing, security awareness, education, vulnerability assessments, and risk evaluation. Continuous improvement is driven through our practical process improvement (PPI) methodology and will be instrumental in helping find a better way, every day.

Key Responsibilities:

  • Perform penetration testing activities and on products and/or infrastructure to resolve vulnerabilities, validate remediation, and reduce overall risk profiles.
  • Develop comprehensive mentorship for frequently encountered vulnerabilities and corresponding remediation strategies.
  • Build and improve existing methodologies for penetration testing, drawing from industry standards and mentorship provided by established agencies like CISA and the FDA.
  • Coordinate on security risk assessments for new and existing products through the pre- and post-market teams.
  • Build working partnerships with product development leaders and peers to drive secure development and integration of security features into all phases of product, firmware, software design processes and product development lifecycle.
  • Collaborate with architecture and development teams to develop shared security frameworks to enable consistent application of secure coding standard methodologies across the enterprise.
  • Educate key partners on program, risks, and importance of security in our products and environment.
  • Work with cross-functional teams to find and fix security issues in Thermo Fisher products and infrastructure. Use tools to send vulnerability information to the development team for fixing.
  • Mentor others in what constitutes secure product activities.
  • Coordinate/participate in and perform design reviews, peer reviews, and code reviews.
  • Ensure excellent consistency, documentation, and process across all programs.
  • Collaborate with other departments (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct compliance issues to appropriate existing channels for investigation and resolution.
  • Creation of security bulletins to address new or evolving threats to the company's assets and products.
  • Travel up to 25% and on-call/after hours duties may be required.

Minimum Requirements/Qualifications:

  • Deep knowledge of IoT and digital device research methods, variables and parameters including analysis, testing and documentation.
  • Deep understanding of cryptography, authentication, authorization, network security protocols, and application security.
  • Strong exposure to application security standards including OWASP TOP 10, CSC 20, etc.
  • Familiarity with regulations and requirements surrounding medical devices and IoT such as FDA pre-market and post-market cybersecurity requirements.
  • Bachelor's Degree or equivalent experience in Information Assurance, Information Security, Management Information Systems, Risk Management, or Computer Science (Master's Degree or equivalent experience a plus) or a related field.
  • Relevant technical certificates a plus (OSCP, SANS, GIAC, etc).
  • 5+ years of related work experience with security consulting, product security, secure software development, risk assessment, and/or vulnerability management.
  • Strong interpersonal and documentation skills are a must.
  • Ability to explain and promote technical concepts.
  • Strong attention to detail and organization skills.
  • Excellent verbal and written communication skills and the ability to partner with a diverse group of executives, managers, and subject matter authorities.
  • The ideal candidate will have hands on experience in one or more of the following areas: Hardware System Integration, Signal and Power Integrity, RF Systems, Wi-Fi, Bluetooth, Wireless Communications, TCP/IP, Network and Application Penetration Testing.

Client-provided location(s): Frederick, MD, USA
Job ID: ThermoFisher-R-01277682-2
Employment Type: Full Time

Perks and Benefits

  • Health and Wellness

    • Health Insurance
    • Dental Insurance
    • Vision Insurance
    • Life Insurance
    • Short-Term Disability
    • Long-Term Disability
    • FSA
    • HSA
    • HSA With Employer Contribution
    • Mental Health Benefits
    • Fitness Subsidies
  • Parental Benefits

    • Adoption Leave
    • Birth Parent or Maternity Leave
    • Non-Birth Parent or Paternity Leave
    • Fertility Benefits
    • Adoption Assistance Program
    • Family Support Resources
  • Work Flexibility

    • Flexible Work Hours
    • Hybrid Work Opportunities
    • Remote Work Opportunities
  • Office Life and Perks

    • Commuter Benefits Program
    • On-Site Cafeteria
  • Vacation and Time Off

    • Paid Vacation
    • Paid Holidays
    • Volunteer Time Off
  • Financial and Retirement

    • 401(K) With Company Matching
    • Stock Purchase Program
    • Financial Counseling
    • Performance Bonus
  • Professional Development

    • Tuition Reimbursement
    • Access to Online Courses
    • Internship Program
    • Mentor Program
  • Diversity and Inclusion

    • Employee Resource Groups (ERG)
    • Diversity, Equity, and Inclusion Program