Work Schedule

Standard (Mon-Fri)

Environmental Conditions

Office

Job Description

As a Senior Product Security Penetration Tester, you will be part of a collaborative team passionate about identifying and reducing product risk across Thermo Fisher Scientific’s diverse portfolio. You’ll conduct comprehensive security assessments across software, hardware, and cloud environments to identify vulnerabilities and provide actionable recommendations that strengthen the security posture of our products. The ideal candidate will have a strong background in penetration testing and experience with a variety of technologies and tools. This position offers the opportunity to develop deep technical expertise while directly improving the security of the technologies advancing science and healthcare.

A Day in the LifeLead and independently complete complex, open-box penetration tests across diverse technologies, including APIs, cloud environments, embedded systems, web applications, and AI/ML workloads.Serve as a technical leader for advanced security assessments, focusing on complex architectures and new technologies.Prepare detailed reports to effectively communicate findings and recommendations to technical and non-technical collaborators.Partner with cross-functional collaborators, including product engineering and management, security architecture, and incident response to drive remediation and strengthen product security throughout the development lifecycle.Mentor junior team members while encouraging a collaborative and knowledge-sharing environment.Contribute to internal tooling, automation, and methodology improvements to improve testing and technical precision.Stay informed on new technologies, attack techniques, and threat trends to proactively identify potential vulnerabilities.

Keys to SuccessThe Senior Product Security Researcher thrives by combining deep technical expertise with strategic insight. You’ll bring to bear your experience in offensive security to uncover and communicate meaningful risks across Thermo Fisher’s product portfolio.Leading complex, full-scope testing engagements that uncover impactful vulnerabilities and drive secure build improvements.Translating technical findings into actionable security improvements that align with business priorities.Coordinating with product, architecture, and incident response teams to achieve timely remediation and incorporate secure-by-design principles.Mentoring colleagues and influencing security guidelines across engineering and product organizations.Supporting the development of internal tools, automation, and testing strategies to improve the team’s technical exactness.Staying curious and continuously exploring new technologies and attack vectors relevant to our diverse product portfolio.

EducationBachelor’s or Master’s Degree in Cybersecurity Computer Science, Engineering, or related field. Equivalent professional experience considered.Certifications (preferred but not required): OSCP, OSWA, GPEN, GWAPT, CPTS, CWES, or similar.ExperienceExtensive experience in offensive security, passionate about penetration testing or vulnerability research.Demonstrated ability to independently perform advanced testing on various technologies including web applications, APIs, cloud infrastructure, and embedded or desktop platforms.Demonstrated expertise in modern attack methodologies, exploit development, and secure architecture principles.Proven ability to develop clear, actionable technical reports and clearly present results to audiences with varying technical backgrounds.Experience collaborating with cross-functional teams to support remediation and drive security improvements.

Knowledge, Skills, and Abilities

Technical Expertise:

Extensive knowledge of common and emerging vulnerability classes (e.g., OWASP Top 10, MITRE ATT&CK, cloud misconfigurations, supply chain risks).Proficiency with industry-standard tools (e.g., Burp Suite Pro, Nmap, Metasploit, and cloud-native assessment tools).Strong technical knowledge of standard network communication protocols and operating system internals in both Windows and Linux settings.Familiarity with common cybersecurity frameworks, regulatory requirements, and industry guidelines (e.g., OWASP, NIST, FDA, CRA).Experience identifying and mitigating security risks in cloud-native architectures.Experience with custom scripting or exploit development (Python, PowerShell, Go, etc.).Practical experience with compiled languages like C, C++, or C#, including the capability to examine and assess code for security concerns.Experience developing and maintaining testing methodologies and technical documentation.

Analytical Skills:Strong analytical and problem-solving approach with the ability to apply testing methodologies to assess exploitability and inform remediation.Diligent approach to testing ensuring accuracy, consistency, and practical relevance.

Communication Skills:

Strong written and spoken communication skills, with the capability to articulate complex technical concepts clearly to audiences with varying technical backgrounds.Skilled at communicating technical risk in business-relevant terms to influence remediation and product build decisions.Ability to operate independently while collaborating effectively across multidisciplinary teams.Produce comprehensive reports and presentations that clearly communicate findings and recommendations to diverse collaborators.Nice-to-Have Skills:Experience with hardware testing, including debugging, chip identification, and common protocols.Experience testing AI/ML or LLM-integrated applications or products.Participation in Capture The Flag (CTF) competitions, Hack The Box (HTB), or similar technical challenges.Passion for security and community involvement (teaching, volunteering, presenting at conferences).