Manager, Product & Platform Cybersecurity Engineering

Position Summary

The Manager, Product & Platform Cybersecurity Engineering leads the strategy, development, and implementation of a unified cybersecurity framework for medical devices, data‑handling systems, and connected services across multiple business units. You will establish product security baselines, determine applicability of NIST SP 800‑53 controls, and oversee a team responsible for control mapping, verification, and evidence generation throughout the software development life cycle. You will operationalize NIST CSF 2.0 and embed NIST SP 800‑218 secure‑by‑design practices into engineering pipelines to elevate product security maturity and improve release quality.

You will partner closely with the Product Regulatory Cybersecurity and Quality/Regulatory teams to ensure compliance with healthcare and medtech premarket and postmarket requirements, including FD&C §524B and industry standards such as IEC 81001‑5‑1 and ISO/IEC 27001:2022. You will serve as both a strategic leader and hands‑on expert—translating cybersecurity risks into backlog priorities, guiding engineering teams through secure design and verification, advising leaders on practical risk remediation and compensating controls, and defining enterprise requirements for secure development infrastructure and product operations.

*This position is located onsite in Mentor, Ohio with the opportunity for a hybrid work schedule. 

What You'll Do as a Manager, Product and Platform Cybersecurity Engineering

• Coordinate with the product development, implementation and CPE teams in the specification, development, verification, and deployment of security measures in new, currently marketed, and legacy products, which run Linux, Windows, or embedded operating systems.
• Propose solutions and defines the technical direction for product security development efforts. Shares responsibility for ensuring secure architecture designs.
• Own the development and execution of security plans and product security specifications for new and legacy products.
• Lead cybersecurity risk management activities, including threat modeling and vulnerability assessments.
• Work with the product team to perform vulnerability scans, assessments, and specify risk controls on software prior to release.
• Participate in design and code reviews to identify security-related issues and recommends design changes as appropriate.
• Coordinate with development teams in penetration and fuzz testing and third-party attestations of cyber devices.
• Implement secure code and server configuration practices within products and supporting infrastructure.
• Responsible for customer facing product security documents such as MDS2 forms (Manufacturer Disclosure Statement for Medical Device Security) and medical device security labelling.
• Provide level 3 support on product security issues and questions that are escalated to Engineering.  
• Facilitate product security incident response and coordinated vulnerability disclosure.
• Develop awareness of security concerns, shares best engineering practices, and creates/updates procedures to ensure compliance.
• Continuously expands broader team knowledge and expertise in cybersecurity. 

The Experience, Skills and Abilities Needed

Required:

• Bachelors Degree in Software Engineering, Computer Engineering, Electrical Engineering or related technical degree required.
• 10+ years of product software development experience.
• 5+ years new product development cybersecurity experience.
• 2+ years managing a team in a new product development (NPD) or Cybersecurity capacity.
• Experience working in a highly regulated industry, ie: Medical Device, Automotive, Aerospace, etc.
• Experience in the following:
  • Working knowledge and understanding of security engineering, system and network security, authentication, network and web-related protocols, cryptography, or application security
  • Software development processes and secure coding
  • Developing security procedures and product security specifications
  • Vulnerability/penetration testing
  • TCP/IP, UDP, HTTP, HTTPS, routing protocols
  • Experience with secure design, configuration, and installation of networked devices such as servers, client PCs, NAS drives, and mobile devices, preferably on a hospital network.
  • Use of development tools to facilitate and automate the analysis of software systems and code for security deficiencies.

Preferred:

• Medical device industry experience.
• Secure web and server-side application development; REST or GraphQL web services.
• Identity management, authentication, DDKG, cryptography, and encryption, including data encryption in transfer and at rest.
• Experience with system administration and network security, including firewalls, VPNs, SSH, Site-to-Site tunnels, and network certificates.
• Hardening Linux systems to DoD RMF standards.

What STERIS Offers

We value our employees and are committed to providing a comprehensive benefits package that supports your health, well-being and financial future.

Here is a brief overview of what we offer: 

Market Competitive Pay
Extensive Paid Time Off and (9) added Holidays
Excellent Healthcare, Dental and Vision Benefits
Long/Short Term Disability Coverage
401(k) with a company match
Maternity and Paternity Leave
Additional add-on benefits/discounts for programs such as Pet Insurance
Tuition Reimbursement and continued education programs
Excellent opportunities for advancement in a stable long-term career

#LI-KK1