Who we are
The Software Security team is a group of Builders, Breakers, and Fixers that specialize in collaborative security engagement. The goal of the team is to provide self-service security – and to that end, the team is passionate about enabling the 3 Ways of DevOps: Fast Flow, Rapid Feedback, and Continuous Learning
What you will do
As a member of the Software Security team within Corporate Information Security’s Product & Software Security unit, a Software Security Engineer is responsible for realizing the initiatives set forth by the Regional Manager of Software Security.
This role will have main responsibility for engaging with development teams across the organization as it relates to performing security assessments, and will be subject matter resource for providing guidance related to secure development practices
Act as a consultant to product teams Software Security tools, vulnerability management and state-of the art development practices.
Lead security tool evaluations and Proofs of Concept to make defensible recommendations on tool acquisition, integration and maintenance plans.
Collaborate with other Product and Software Security and Secure Technology and Operations teams to improve flow of work and customer experience with our organization.
Partner with product teams on security scans and architectural reviews.
Develop and promote automated scanning tools and practices throughout the organization.
Collaborate with development teams to understand vulnerabilities identified and recommend general practices and/or training to guide remediation efforts.
Validate remediations have successfully addressed vulnerabilities previously identified.
Work alongside Software Security Engineer(s) to perform manual assessment of first and 3rd party applications owned by, or providing services to, Thermo Fisher Scientific as needed.
Develop metrics and reporting from aggregated sources to assist Software Security Management in building a picture of the current state of risk within the company.
Perform other duties as assigned.
Candidate requirement: education & experience levels:
Bachelors in Engineering/Computer Science or Master degree or equivalent with 6+ years of Experience
Skills and knowledge:
Experience writing and/or testing software applications; experience with automation a plus.
Familiarity with one or more development tools such as: Eclipse, Visual Studio, Visual Studio Code, IntelliJ, Git, Jira, Jenkins, and/or Docker
Good attention to detail, with proven interpersonal and time management skills.
The ability to communicate effectively professionally with a diverse group of people, including: Vice Presidents, Directors, Managers, Developers, Domain Experts
Preferred skills and experience:
Software development experience with innovative practices, such as Test-Driven Development, and Domain Driven Design.
A track record of performing application security assessments either via Bug Bounty programs or capture the flag events; experience with mobile application security a plus.
A history of engaging in general information security practice and/or the community.
Proficient written and verbal communication in the English language.
Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.
We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.