Website Protection Architect - Frederick, United States - Thermo Fisher Scientific

Thermo Fisher Scientific
Thermo Fisher Scientific
Verified Company
Frederick, United States

1 week ago

Mark Lane

Posted by:

Mark Lane

beBee recruiter
Description

When you join us at Thermo Fisher Scientific, you'll be part of an inquisitive team that shares your passion for exploration and discovery.

With revenues of more than $40 billion and the largest investment in R&D in the industry, we give our people the resources and chances to create significant contributions to the world.


Location/Division Specific Information:


Discover Impactful Work:

As a Website Application Architect, you will be part of a distributed team passionate about reducing security findings across the Thermo Fisher Scientific web properties landscape.

This group works across Infrastructure, Security and Product Teams to identify solutions and compensating controls that reduce risk faced by our colleagues, customers and partners.


A day in the Life:


  • Review websites to ensure compliance with corporate standards
  • Participate in architecture review board meetings to discuss noncompliance issues
  • Provide remediation guidance and recommendations to developers and administrators
  • Work with Product Development teams to help prioritize and validate criticality of mitigation of identified product vulnerabilities and security feature enhancement requests
  • Participate in incident response activities as necessary
  • Partner with teams in the remediation of vulnerabilities and risk across a diverse ecosystem that spans traditional, web, infrastructure, and industrial product landscapes

Keys to Success:


This person will be able to identify and drive implementation of secure configurations relating to security deficiencies, including obtaining consensus from system owners across teams.

This will require a creative, problem-solving approach and can-do demeanor that is continuously learning and challenging norms.


Education:


  • Bachelor's Degree in cybersecurity, computer science, engineering or other relevant field. Equivalent work experience also accepted.

Experience:


  • Experience as an Application/Product Security Engineer, Architect or Developer
  • Experience in developing remediation and solutions for product or infrastructure vulnerabilities
  • A background integrating security testing into the SDLC (preferably the SCRUM framework)
  • Previous work as a technical security architect or related security role in a company where there is a commitment to information security and technology
  • Demonstrated experience using DAST and SAST tools and services
  • Experience providing security information to developers
  • Certifications such as GWEB, CASE, CSSLP, C|EH, or C|PENT preferred

Knowledge, Skills, Abilities:


  • Including:
  • Communicate effectively with engineers, business and executive leaders to assist in clear understanding of requirements and how to secure a variety of environments.
  • Analyzes current offerings for business impact and exposure, based on emerging security threats, vulnerabilities and risks.
  • Performing adhoc security tests and scans on web properties in support of confirming the validity of vulnerabilities and/or the degree of success in remediation actions.
  • Identifying and reporting on security vulnerabilities, risks, and incidents.
  • Recommending and implementing security patches, fixes, and enhancements.
  • Developing and maintaining security policies, procedures, and documentation.
  • Providing security training and awareness to the IT, development, and content teams.
  • Staying up to date with the latest web security trends, threats, and standard methodologies.
  • Proficiency in reading, writing, and auditing.
NET, C#, Python, Java, and/or JavaScript-based frameworks and the ability to pick up new languages/technologies

  • Strong familiarity with common vulnerabilities and attack vectors
  • Knowledge of web service technologies, load balancer services (i.e. Nginx, Cloudflare, F5, etc.) and RESTful APIs
  • Knowledge of ubiquitous encryption technologies (PGP, SSH, SSL/TLS, etc.) and common authentication protocols (OpenID Connect, OAUTH, SAML, RADIUS, LDAP, KERBEROS, etc.)
  • Solid understanding of secure network and system design in both cloud (AWS, Azure, etc.) and conventional environments
  • The ability to communicate complicated technical issues and the risks they pose to developers, network engineers, system administrators, and management
  • Excellent written and verbal communication skills, interpersonal and collaborative skills
  • Must be a critical thinker, with strong problemsolving skills
  • High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity
  • Selfstarter, positive attitude, ability to work independently, enjoys learning and staying ahead of industry developments, regulations and standard methodologies.
Our Mission is to enable our customers to make the world healthier, cleaner and safer. Watch as our colleagues explain 5 reasons to work with us. As one team of 100,000+ colleagues, we share a common set of values - Integrity, Intensity, Innov
More jobs from Thermo Fisher Scientific
See all jobs of Thermo Fisher Scientific