Job Title:  Senior Software Engineer

Position Summary

Based on site at Bishop's Stortford, 40 hrs per week

As a Sr. Software Engineer within the Infection Prevention Technology (IPT) Team you will work within a software development team to achieve and maintain the security of medical equipment connected to local hospital networks and remote applications in the cloud.  You will be an active participant in the corporate cybersecurity working group to share best practices, software tools, vendor selection, and other cybersecurity related activities.  The Software Engineer will also support multiple product development and product sustaining teams in security related product requirements, design specifications, risk analysis, and verification, as well as develop work instructions for the maintenance and verification of security for product software.

Required Experience

Bachelor in Computer Engineering, Computer Science, Software Engineering, Electrical Engineering or equivariant

•   2+ years’ experience of Embedded Linux, familiar with Yocto

•   2+ years’ experience of software development in C/C++

•   Good knowledge of CANOpen, I2C, SPI etc.

•   Previously work for Medical device development or safety regulated industry

Nice to have Experience

•   Native Embedded GUI development, such as Crank

•   Familiar with network protocols, such as MQTT

•   Experience of using LDRA for code static analysis and unit testing

•   Experience performing risk assessments desirable

Duties

Collaborates with product development teams in the development of a product cybersecurity plans per STERIS work instructions

•     Supports product development teams in creation of product cybersecurity threat model based upon software system design

•     Leads product development teams in creation of cybersecurity vulnerability assessments to calculate CVSS scores and specify risk controls

•     Supports teams in creation of documentation of cybersecurity risk management file

•     Keeps abreast of state of the art cybersecurity practices and latest standards and verification techniques

•     Maintains regular, periodic vigilance of latest vulnerabilities in third party software and works with Regulatory and Quality teams to action to patch or develop work arounds for new vulnerabilities posing unacceptable risk

Duties - cont'd

•     Performs regular, periodic product security testing against STIGs for products sold into DOD medical centers

•     Performs vulnerability scans on all device software prior to production release

•     Patches fielded product software and performs or oversees verification of patched software (static/dynamic analysis, regression testing, vulnerability scans, etc.)

•     Assists product development teams in penetration and fuzz testing of new products containing software

•     Participates in design and code reviews and/or inspections to ensure proper implementation of security control measures defensive coding practices.

•               Maintains MDS2 forms (Manufacturer Disclosure Statement for Medical Device Security) and/or white papers that describe product security characteristics and processes used to ensure a secure product.

Education Degree