Senior Product Penetration Tester

Work Schedule

Environmental Conditions

Job Description

As a Senior Product Security Penetration Tester you will be part of a collaborative team passionate about identifying and reducing product risk across Thermo Fisher Scientifics diverse portfolio. Youll conduct comprehensive security assessments across software hardware and cloud environments to identify vulnerabilities and provide actionable recommendations that strengthen the security posture of our products. The ideal candidate will have a strong background in penetration testing and experience with a variety of technologies and tools. This position offers the opportunity to develop deep technical expertise while directly improving the security of the technologies advancing science and healthcare.

A Day in the Life

• Lead and independently complete complex open-box penetration tests across diverse technologies including APIs cloud environments embedded systems web applications and AI/ML workloads.
• Serve as a technical leader for advanced security assessments focusing on complex architectures and new technologies.
• Prepare detailed reports to effectively communicate findings and recommendations to technical and non-technical collaborators.
• Partner with cross-functional collaborators including product engineering and management security architecture and incident response to drive remediation and strengthen product security throughout the development lifecycle.
• Mentor junior team members while encouraging a collaborative and knowledge-sharing environment.
• Contribute to internal tooling automation and methodology improvements to improve testing and technical precision.
• Stay informed on new technologies attack techniques and threat trends to proactively identify potential vulnerabilities.

Keys to Success

• The Senior Product Security Researcher thrives by combining deep technical expertise with strategic insight. Youll bring to bear your experience in offensive security to uncover and communicate meaningful risks across Thermo Fishers product portfolio.
• Leading complex full-scope testing engagements that uncover impactful vulnerabilities and drive secure build improvements.
• Translating technical findings into actionable security improvements that align with business priorities.
• Coordinating with product architecture and incident response teams to achieve timely remediation and incorporate secure-by-design principles.
• Mentoring colleagues and influencing security guidelines across engineering and product organizations.
• Supporting the development of internal tools automation and testing strategies to improve the teams technical exactness.
• Staying curious and continuously exploring new technologies and attack vectors relevant to our diverse product portfolio.

Education

• Bachelors or Masters Degree in Cybersecurity Computer Science Engineering or related field. Equivalent professional experience considered.
• Certifications (preferred but not required): OSCP OSWA GPEN GWAPT CPTS CWES or similar.

Experience

• Extensive experience in offensive security passionate about penetration testing or vulnerability research.
• Demonstrated ability to independently perform advanced testing on various technologies including web applications APIs cloud infrastructure and embedded or desktop platforms.
• Demonstrated expertise in modern attack methodologies exploit development and secure architecture principles.
• Proven ability to develop clear actionable technical reports and clearly present results to audiences with varying technical backgrounds.
• Experience collaborating with cross-functional teams to support remediation and drive security improvements.

Knowledge Skills and Abilities

Technical Expertise:

• Extensive knowledge of common and emerging vulnerability classes (e.g. OWASP Top 10 MITRE ATT&CK cloud misconfigurations supply chain risks).
• Proficiency with industry-standard tools (e.g. Burp Suite Pro Nmap Metasploit and cloud-native assessment tools).
• Strong technical knowledge of standard network communication protocols and operating system internals in both Windows and Linux settings.
• Familiarity with common cybersecurity frameworks regulatory requirements and industry guidelines (e.g. OWASP NIST FDA CRA).
• Experience identifying and mitigating security risks in cloud-native architectures.
• Experience with custom scripting or exploit development (Python PowerShell Go etc.).
• Practical experience with compiled languages like C C or C# including the capability to examine and assess code for security concerns.
• Experience developing and maintaining testing methodologies and technical documentation.

Analytical Skills:

• Strong analytical and problem-solving approach with the ability to apply testing methodologies to assess exploitability and inform remediation.
• Diligent approach to testing ensuring accuracy consistency and practical relevance.

Communication Skills:

• Strong written and spoken communication skills with the capability to articulate complex technical concepts clearly to audiences with varying technical backgrounds.
• Skilled at communicating technical risk in business-relevant terms to influence remediation and product build decisions.
• Ability to operate independently while collaborating effectively across multidisciplinary teams.
• Produce comprehensive reports and presentations that clearly communicate findings and recommendations to diverse collaborators.

Nice-to-Have Skills:

• Experience with hardware testing including debugging chip identification and common protocols.
• Experience testing AI/ML or LLM-integrated applications or products.
• Participation in Capture The Flag (CTF) competitions Hack The Box (HTB) or similar technical challenges.
• Passion for security and community involvement (teaching volunteering presenting at conferences).