Job Information
ThermoFisher Scientific Product Security Architect in Shanghai, China
Job Description
Group/Division Summary:
When you’re part of the team at Thermo Fisher Scientific, you’ll do important work, like helping customers in finding cures for cancer, protecting the environment or making sure our food is safe. Your work will have real-world impact, and you’ll be supported in achieving your career goals.
This role is a member of the Corporate Infrastructure & Security (CIS), Product and Software Security, Architecture team and is responsible for guiding Thermo Fisher product development and sustainment with incorporating security concepts and controls in the design of new and existing consumer products and platforms.
Position Summary:
By enabling our product development and sustainment teams, you will help ensure that Thermo Fisher products are developed and tested against security standards, further helping our customers to make the world healthier, cleaner and safer.
Key Responsibilities:
Evaluate and provide technical security architecture guidance in the assessment of the design and implementation of products
Provide technical subject matter expertise concerning security such as Cloud, e-Commerce, IoT, Endpoint, Network, and Servers
Maintain and mature a holistic cybersecurity reference architecture
Support the development of reusable technologies and software across our product space
Work closely with key product development leaders to ensure security is incorporated in all customer-facing product offerings
Support efforts to inject security into all levels of the product development process
Evaluate the business processes around product security and anticipate requirements, uncover areas for improvement, and help develop and implement solutions
Technical lead for security efforts that ensure continuous development and improvement of security integration into the product development lifecycle
Partner with business and product leaders to lead ongoing reviews of existing processes to enable consistent application of secure development best practices across the enterprise
Establish and build working relationships with product development stakeholders to maintain and improve product and application security processes
Deep dive into assigned line of business and develop a clear understanding to understand the products they produce and support throughout the lifecycle, including new research and development efforts
Consult on the relevant regulatory requirements and standards requirements for applicable products and communicate those to the product development stakeholders
Ensure product portfolio data for assigned line of business in integrated in the Product Security Database
Act as product liaison for security related customer requests leveraging established process
Coordinate, support and participate in the Security Testing (penetration testing, static and dynamic analysis related activities) with internal Product and Software Security teams
Contribute to maturing process, policy, and standards guidance
Educate key stakeholders on program, risks, and importance of security in our products
Work with cross-functional business units to identify, capture, and escalate, security vulnerabilities found in Thermo Fisher products and platforms
Ensure excellent consistency, documentation, and process across all programs
Stay abreast of new technology developments and assess the impact to the security program to determine integration points
Collaborate with other departments (e.g., Risk Management, Internal Audit, HR, Legal, etc.) to direct compliance issues to existing channels for investigation and resolution.
Travel up to 25% and on call/after-hours duties may be required.
Qualifications:
Education
- Bachelor’s Degree in Information Assurance, Information Security, Management Information Systems, Risk Management, or Computer Science (Master’s Degree a plus) or equivalent field experience
Experience
4+ years of related work experience with product security, secure software development, risk assessment, or vulnerability management and
4+ years working as an architect or engineer in Cloud, e-Commerce, IoT, Endpoint, Network, or Servers
Knowledge, Skills, Abilities
Strong skills in analysis and evaluation of processes and methods.
Strong understanding of device research methods, variables and parameters including analysis, testing and documentation.
Strong understanding of security controls.
Strong interpersonal and documentation skills
Strong technical skills as they apply to networking and communication protocols
Strong understanding of regulatory requirements, especially for medical devices
Strong understanding of standards requirements (ISO, IEC, etc.), especially for medical devices
Strong attention to detail, organizational skills
Understanding of how to connect new and changing threats to IoT portfolio to create mitigating or compensating activities
Exposure to popular application security standards including OWASP ASVS and Top 10, CSC 20, etc.
Ability to explain and champion security concepts
Excellent customer service skills required
Strong analytical and product management skills required
Excellent verbal and written communication skills and the ability to interact professionally with a diverse group, executives, managers, and subject matter experts
Strong Project management skills
Relevant technical certifications a plus
Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.
ThermoFisher Scientific
- ThermoFisher Scientific Jobs