Job Description

Division Specific Information

Discover Impactful Work: As a Website Protection Engineer, you will be part of a distributed team passionate about reducing security findings across the Thermo Fisher Scientific web properties landscape. This group works across Infrastructure, Security and Product Teams to identify solutions and compensating controls that reduce risk faced by our colleagues, customers and partners.

A day in the Life:

• Review websites to ensure compliance with corporate standards.

• Participate in architecture review board meetings to discuss non-compliance issues.

• Cultivate meaningful relationships across Product, Infrastructure and Security teams to understand level of effort, existing compensating controls and necessary investment to implement critical security controls.

• Partner with teams to implement solutions to findings reducing the risk to the company and our customers. Working with stakeholders to provide vulnerability remediation guidance across web properties.

• Participates in incident response activities as necessary.

• Partner with teams in the remediation of vulnerabilities and risk across a diverse ecosystem that spans traditional, web, infrastructure, and industrial internet of things product landscapes.

Keys to Success:

This person will be able to identify and drive implementation of mitigation relating to security deficiencies, including obtaining buy-in from system owners across teams. This will require a creative, problem-solving approach and can-do demeanor that is continuously learning and challenging norms.

Education

• Bachelor's Degree in cybersecurity, computer science, engineering or other relevant field. Equivalent work experience also accepted.

Experience

• Experience in developing remediation and solutions for product or infrastructure vulnerabilities.

• 2+ years’ experience in system, network, and/or web application security.

• 2+ years’ experience in threat modeling, interpreting vulnerability disclosures or assessing true risk and impact of a publicly disclosed vulnerability.

Knowledge, Skills, Abilities

• Solid foundation in web application fundamentals and core security concepts involved in securing and/or hardening web applications.

• Communicate effectively with engineers, business and executive leaders to assist in clear understanding of requirements and how to secure a variety of environments.

• Analyzes current offerings for business impact and exposure, based on emerging security threats, vulnerabilities and risks.

• Knowledge or experience with web application compliance standards or regulatory frameworks.

• Performing ad-hoc security tests and scans on web properties in support of confirming the validity of vulnerabilities and/or the degree of success in remediation actions.

• Identifying and reporting on security vulnerabilities, risks, and incidents.

• Recommending and implementing security patches, fixes, and enhancements.

• Developing and maintaining security policies, procedures, and documentation.

• Providing security training and awareness to the IT, development, and content teams.

• Staying up to date with the latest web security trends, threats, and best practices.

Thermo Fisher Scientific is an EEO/Affirmative Action Employer and does not discriminate on the basis of race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, disability or any other legally protected status.