Skip to main contentA logo with &quat;the muse&quat; in dark blue text.

Sr Penetration Tester

AT Thermo Fisher Scientific
Thermo Fisher Scientific

Sr Penetration Tester

Shanghai, China

Work Schedule
Standard (Mon-Fri)

Environmental Conditions
Office

Job Description

The Sr. Product Security Researcher, has global responsibility for
ensuring the security of the organization's products and assets by
performing research, penetration testing and remediation validation
of the product and its associated platforms. They will guide
integration of robust solutions within the overarching CIS program.
This includes policy, security awareness & education, application and
vulnerability assessments, technological security controls and risk
evaluation. The solutioning activities must support relevant Thermo
Fisher products (such as instruments, devices, equipment, other

Want more jobs like this?

Get jobs in Shanghai, China delivered to your inbox every week.

By signing up, you agree to our Terms of Service & Privacy Policy.

electronic and/or connected devices) and infrastructure.
Key Responsibilities:
Perform penetration testing activities and on products and/or
infrastructure to resolve vulnerabilities, validate remediation, and
reduce overall risk profiles.
Build detailed guidance for commonly encountered vulnerabilities and
relevant remediation steps.
Create and enhance current methodologies for penetration testing
which builds on industry standards and guidance from established
agencies such as CISA and the FDA.
Coordinate on security risk assessments for new and existing products
through the pre- and post-market teams.
Build working partnerships with product development leaders and
peers to drive secure development and integration of security features

into all phases of product, firmware, software design processes and
product development lifecycle.
Collaborate with architecture and development teams to develop
shared security frameworks to enable consistent application of secure
coding standard methodologies across the enterprise.
Educate key partners on program, risks, and importance of security in
our products and environment.
Work with business units to identify, collect, call out, and close
security vulnerabilities found in Thermo Fisher products and
infrastructure; Leverage tools to deliver vulnerability information
back to the development organization for remediation.
Mentor others in what constitutes secure product activities.
Coordinate/participate in and perform design reviews, peer reviews,
and code reviews.
Ensure excellent consistency, documentation, and process across all
programs.
Collaborate with other departments (e.g., Risk Management, Internal
Audit, HR, Legal, etc.) to direct compliance issues to appropriate
existing channels for investigation and resolution.
Creation of security bulletins to address new or evolving threats to
the company's assets and products.
Travel up to 25% and on-call/after hours duties may be required.
Minimum Requirements/Qualifications:
Deep knowledge of IoT and digital device research methods, variables
and parameters including analysis, testing and documentation.
Deep understanding of cryptography, authentication, authorization,
network security protocols, and application security.
Strong exposure to application security standards including OWASP
TOP 10, CSC 20, etc.
Familiarity with regulations and requirements surrounding medical
devices and IoT such as FDA pre-market and post-market
cybersecurity requirements.
Bachelor's Degree in Information Assurance, Information Security,
Management Information Systems, Risk Management, or Computer
Science (Master's Degree a plus) or equivalent field experience.
Relevant technical certificates a plus (OSCP, SANS, GIAC, etc).

5+ years of related work experience with security consulting, product
security, secure software development, risk assessment, and/or
vulnerability management.
Strong interpersonal and documentation skills are a must.
Ability to explain and promote technical concepts.
Strong attention to detail and organization skills.
Excellent verbal and written communication skills and the ability to
partner with a diverse group of executives, managers, and subject
matter authorities.
The ideal candidate will have hands on experience in one or more of
the following areas: Hardware System Integration, Signal and Power
Integrity, RF Systems, Wi-Fi, Bluetooth, Wireless Communications,
TCP/IP, Network and Application Penetration Testing.

Client-provided location(s): Shanghai, China
Job ID: ThermoFisher-R-01280841-3
Employment Type: Full Time

Perks and Benefits

  • Health and Wellness

    • Health Insurance
    • Dental Insurance
    • Vision Insurance
    • Life Insurance
    • Short-Term Disability
    • Long-Term Disability
    • FSA
    • HSA
    • HSA With Employer Contribution
    • Mental Health Benefits
    • Fitness Subsidies
  • Parental Benefits

    • Adoption Leave
    • Birth Parent or Maternity Leave
    • Non-Birth Parent or Paternity Leave
    • Fertility Benefits
    • Adoption Assistance Program
    • Family Support Resources
  • Work Flexibility

    • Flexible Work Hours
    • Hybrid Work Opportunities
    • Remote Work Opportunities
  • Office Life and Perks

    • Commuter Benefits Program
    • On-Site Cafeteria
  • Vacation and Time Off

    • Paid Vacation
    • Paid Holidays
    • Volunteer Time Off
  • Financial and Retirement

    • 401(K) With Company Matching
    • Stock Purchase Program
    • Financial Counseling
    • Performance Bonus
  • Professional Development

    • Tuition Reimbursement
    • Access to Online Courses
    • Internship Program
    • Mentor Program
  • Diversity and Inclusion

    • Employee Resource Groups (ERG)
    • Diversity, Equity, and Inclusion Program