About Thermo Fisher Scientific
Thermo Fisher Scientific Inc. (NYSE: TMO) is the world leader in serving science, with revenues of more than $20 billion and approximately 65,000 employees globally. Our mission is to enable our customers to make the world healthier, cleaner and safer. We help our customers accelerate life sciences research, solve complex analytical challenges, improve patient diagnostics, deliver medicines to market and increase laboratory productivity. Through our premier brands – Thermo Scientific, Applied Biosystems, Invitrogen, Fisher Scientific and Unity Lab Services – we offer an unmatched combination of innovative technologies, purchasing convenience and comprehensive services.
The Digital Science group of Thermo Fisher Science, located in Branford, Connecticut is looking for a skilled Security Engineer to analyze software designs and implementations from a security perspective, and identify and resolve security issues. You will include the appropriate security analysis, defenses and countermeasures at each phase of the software development lifecycle, to result in robust and reliable software.
- Implement, test and operate advanced software security techniques in compliance with industry best practices
- Develop and manage a software information security strategy for products and processes
- Advance colleague’s application security knowledge through programs and training
- Counsel your colleagues on secure programming practices
- Provide engineering designs for new software solutions to help mitigate security vulnerabilities
- Perform on-going security testing and code review to improve software security
- Leverage attack tools to test software vulnerabilities
- Research/identify flaws and remedy development mistakes
- Gain a thorough knowledge of attack vectors that may be used to exploit software
- Partner with Corporate Informatics Security (CIS) teams to share ideas and implement corporate requirements.
- Work with operations teams to align security practices across solutions delivered to customers
- Participate in the lifecycle development of software systems using agile methodologies
- Design, build, and maintain efficient, well designed, and testable code
- Able to diagnose, describe, design and implement solutions to complex problems
- Uphold Agile team organization using Kanban, Scrum in addition to a suite of Atlassian tools (Jira, Confluence, Bitbucket)
- Maintain technical documentation
- Develop a familiarity with new tools and best practices
- Advance information security knowledge via continuous education (i.e., training, conferences, etc.)
- Bachelor’s degree in Computer Science or related field.
- 5+ years of strong Java development experience.
- Hands on experience in designing and developing commercial, cloud-based applications.
- Proven work experience as a software security engineer in all aspects of security research and development.
- Detailed technical knowledge of techniques, standards and state-of-the art capabilities for authentication and authorization, applied cryptography, security vulnerabilities and remediation.
- Working knowledge of all vulnerability classes on the OWASP Periodic Table of Vulnerabilities.
- Strong experience in developing and executing software vulnerability assessments (static and dynamic).
- Experience with application Penetration Testing.
- Experience with software vulnerability testing solutions such as Nessus, Veracode, Checkmarx.
- Strong working knowledge of web related technologies (Web applications, Web Services and Service Oriented Architectures) and of network/web related protocols.
- Experience working with third party service providers to support security assessment and testing.
- Experience working with Corporate Informatics Security (CIS) security organization.
- Excellent verbal and written communication skills.
- Well organized individual with an entrepreneurial spirit.
- Experience with Service Organization Controls (SOC)
- Experience with distributed, cloud based architectures
- Experience with service containerization and distributed architectures (e.g., Docker, Kubernetes, Mesos)
- Experience with Alert Logic
- Continuous integration and deployment (Jenkins, Gradle, SonarQube)
- Experience with LIMS
- Experience with biotech or pharmaceutical industry