Share this Job

Title:  Advanced Product Security Engineer

Req ID:  14956
Category:  Engineering
City:  Point Richmond
State:  CA
Postal Code:  94801

At STERIS, we help our Customers create a healthier and safer world by providing innovative healthcare and life science product and service solutions around the globe.

Position Summary


JOIN us in our efforts as a Advanced Product Security Engineer

This position is part of the Operating Room Integration (ORI) Software Team and will work with cross-functional teams to help ensure that our medical devices and healthcare IT applications, services, websites and mobile applications are designed, developed and implemented to the highest security standards required for the products.  You will apply your subject matter expertise in developing security related product requirements and design specification.  You will analyze the security of our products, applications and services, discovering and addressing security issues and quickly reacting to new threat scenarios.  You will recommend security and software solutions for future product development.  You will help foster awareness in our department and cross functional partners of security-related concerns in our products and will help create procedures and training plans to continuously build competency of staff.  A successful candidate will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project work, software development and providing level 3 (L3) escalation support.


  1. Coordinates with the product development and implementation teams in the specification, development, verification and deployment of security measures in both new and currently marketed products
    1. Work as a collaborative member within engineering teams and other functions such as Quality, Regulatory, Marketing, and Corporate IT, while also establishing your subject matter expertise in product security.
    2. Shares responsibility for ensuring secure architecture designs.
    3. Determines required tasks and completes on time with minimal supervision.  Identifies problems and formulates solutions to complex and ambiguous product and/or network related security problems. 
    4. Participates in design and code reviews to identify security-related issues and recommend design changes as appropriate.
    5. Proposes solutions and defines technical direction for product security development efforts.
    6. Owns the development and execution of security plans and product security specifications.
    7. Participates in product and cyber security risk assessments to ensure appropriate control measures implemented in the product to mitigate security risks
    8. Responsible for working with Corporate IT and 3rd party testing agencies to ensure product adherence to latest industry security standards and perform security vulnerability and penetration testing on our products
    9. Responsible for product security documents for customers such as MDS2 forms (Manufacturer Disclosure Statement for Medical Device Security) and/or technical guides that describe product security characteristics and processes used to ensure a secure product.
    10. Provides L3 support on product security issues when escalated to R&D.


  1. Develops awareness of security concerns and shares best engineering practices
    1. Supports project teams in implementing and verifying security measures by providing guidance, helping to establish security measures and applying appropriate tools.
    2. Collaborates with other business units and corporate IT in the development and implementation of security-related practices and procedures while sharing best practices and helping to drive security related initiatives.
    3. Champions continued improvement of security-related processes and tools.  
    4. Assists with creating department procedures and work instructions for implementing appropriate design techniques for the development of medical device systems.
    5. Provides training on good design techniques to improve product security to internal teams. 

Duties - cont'd

  1. Continuously expands knowledge and expertise in cybersecurity
    1. Assists with researching and evaluating best practices in designing secured systems, attending conferences and classes.
    2. Identifies and evaluates new technologies and tools related to security.
    3. Proposes solutions and helps define future technical direction for product security.
    4. Serves as a contact point for security solution vendors.

Education Degree

Required Experience

  1. BS Degree in Computer Science, Information Assurance, Computer Networking and other related fields
  2. Minimum 5 years of working knowledge and understanding of security engineering, system and network security, authentication, network and web related protocols, cryptography, or application security, including multiple combinations of the following:
    1. Software development processes and secure coding
    2. Developing security procedures and product security specifications
    3. Secure web and server-side application development
    4. SOAP and REST web services
    5. Identity management, authentication, cryptography and encryption, including data encryption in transfer and at rest
    6. System administration and network security, including firewalls, VPNs, SSH, Site-to-Site tunnels, and network certificates
    7. Vulnerability/penetration testing
    8. Mobile applications and security
    9. TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols
  3. Minimum 5 years of experience programming in 3 or more of the following Java, JavaScript, C#, C++, etc.
  4. Experience developing applications in Windows Server 2012 and above; multiple operating system experience preferred
  5. Experience with web servers such as Microsoft IIS and Apache, as well as developing Web APIs
  6. Experience with database products such as SQL Server, MySQL, etc…
  7. Experience with secure design, configuration and installation of networked devices such as servers, client PCs, NAS drives, and mobile devices, preferably on a hospital network
  8. Knowledge of various types of cyber-attacks and the appropriate defenses
  9. Use of development tools to facilitate and automate the analysis of software systems and code for security deficiencies
  10. Strong communication, problem-solving and trouble shooting skills
  11. Awareness of HIPAA/PCI compliance



STERIS is a $2B+, publicly traded (NYSE: STE) organization with approximately 12,000 associates worldwide and operates in more than 100 countries.

If you need assistance completing the application process, please call 1 (440) 392.7047. This contact information is for accommodation inquiries only and cannot be used to check application status.

STERIS is an Equal Opportunity Employer.  We are committed to equal employment opportunity and the use of affirmative action programs to ensure that persons are recruited, hired, trained, transferred and promoted in all job groups regardless of race, color, religion, age, disability, national origin, citizenship status, military or veteran status, sex (including pregnancy, childbirth and related medical conditions), sexual orientation, gender identity, genetic information, and any other category protected by federal, state or local law.  We are not only committed to this policy by our status as a federal government contractor, but also we are strongly bound by the principle of equal employment opportunity.

The full affirmative action program, absent the data metrics required by § 60-741.44(k), shall be available to all employees and applicants for employment for inspection upon request. The program may be obtained at your location’s HR Office during normal business hours.

Req ID:  14956
Category:  Engineering
City:  Point Richmond
State:  CA
Postal Code:  94801

Nearest Major Market: San Francisco
Nearest Secondary Market: Oakland

Job Segment: Medical, Engineer, Product Development, Inspector, Database, Healthcare, Engineering, Research, Quality, Technology