Share this Job

Job Title:  Senior Product Cybersecurity Engineer (Remote)

Req ID:  31646
Job Category:  Engineering

Point Richmond, CA, US, 94804

Description: 

At STERIS, we help our Customers create a healthier and safer world by providing innovative healthcare and life science product and service solutions around the globe.

Position Summary

This position is part of the Operating Room Integration (ORI) Engineering Team and will work with cross-functional teams to help ensure that our medical devices and healthcare IT applications are designed, developed, and implemented to the required security standards.  You will apply your subject matter expertise in developing security-related product requirements and design specifications.  You will analyze the security of our products, applications, and services, discover and address security issues and quickly react to new threat scenarios.  You will recommend security and software solutions for future product development.  You will help foster awareness in our department and cross-functional partners of security-related concerns in our products and will help create procedures and training plans to continuously build the competency of staff.  A successful candidate will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project work, software development, and leading cross-functional teams.

This position can be home based with occasional travel to Point Richmond, CA. If you are located within driving distance of Point Richmond, CA, Mentor, OH or  Hauppauge, NY you will be eligible for a hybrid work schedule. 

 

STERIS Offers

  • Competitive pay 
  • Medical, vision, dental, prescription, and, life insurance
  • FSA and HSA 
  • EAP program
  • 401(k) with a company match
  • Paid vacation time and paid holidays
  • Tuition assistance
  • Opportunities for advancement
  • Flexible to hybrid work schedule 
  • Parent Leave of Absence paid 100% 80 hours plus state pay

Responsibilities

•    Coordinates with the product development and implementation teams in the specification, development, verification, and deployment of security measures in new, currently marketed, and legacy products, which run Linux or Windows operating systems. 
•    Proposes solutions and defines the technical direction for product security development efforts. Shares responsibility for ensuring secure architecture designs.
•    Owns the development and execution of security plans and product security specifications for new products.
•    Performs vulnerability scans on software prior to release.
•    Leads cybersecurity risk management activities, including threat modeling and vulnerability assessments. Works with the product team to specify risk controls based on the calculated CVSS scores.
•    Participates in design and code reviews to identify security-related issues and recommends design changes as appropriate.
•    Assists development teams in penetration and fuzz testing of new products containing software.
•    Implements security code and configuration within products and supporting infrastructure. 
•    Responsible for customer-facing product security documents such as MDS2 forms (Manufacturer Disclosure Statement for Medical Device Security).
•    Provides level 3 support on product security issues and questions that are escalated to Engineering
•    Develops awareness of security concerns, shares best engineering practices, and creates/updates procedures to ensure compliance.
•    Assists with creating and maintaining facility-level procedures and work instructions for the cybersecurity program.
•    Coordinates the response to cybersecurity incidences.
•    Supports product teams in implementing and verifying security measures by providing guidance, helping to establish security measures, and applying appropriate tools.
•    Champions continued improvement of security-related processes and tools.  Collaborates with other facilities and corporate to facilitate improvements.
•    Provides training on product security to internal teams. 
•    Continuously expands knowledge and expertise in cybersecurity 
•    Remains abreast of the evolving regulatory guidance, legislation, and industry standards applicable to medical device and healthcare IT cybersecurity (e.g., CVSS, ISO, IEC, NIST, AAMI, FDA, HIPAA, GDPR, DoD RMF guidance/standards). 
•    Identifies and evaluates new technologies and tools related to security.
•    Proposes solutions and helps define the future technical direction for product security.
 

Qualifications

  • BS Degree in Computer Science, Information Assurance, Computer Networking, and other related fields. Cybersecurity Bootcamp graduates with a bachelor’s degree in other areas will be considered.
  • Minimum 3 years of  professional experience within Information Technology, Software Development or related field. Must have proven Linux and networking/infrastructure experience. 
  • Minimum 2 years of working knowledge and understanding of security engineering, system and network security, authentication, network, and web-related protocols, cryptography, or application security, including multiple combinations of the following:
    • Software development processes and secure coding
    • Developing security procedures and product security specifications
    • Secure web and server-side application development
    • REST or Graph QL web services
    • Identity management, authentication, DDKG, cryptography, and encryption, including data encryption in transfer and at rest
    • System administration and network security, including firewalls, VPNs, SSH, Site-to-Site tunnels, and network certificates
    • Vulnerability/penetration testing
    • TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols

#LI-KK1

#REMOTE

 

STERIS is a leading provider of products and services that meet the needs of growth areas within Healthcare: procedures, devices, vaccines and biologics.  We exist to fulfill our MISSION TO HELP OUR CUSTOMERS CREATE A HEALTHIER AND SAFER WORLD. STERIS is a $3B, publicly traded (NYSE: STE) company with approximately 16,000 associates and Customers in more than 100 countries.

If you need assistance completing the application process, please call 1 (440) 392.7047. This contact information is for accommodation inquiries only and cannot be used to check application status.

STERIS is an Equal Opportunity Employer.  We are committed to equal employment opportunity and the use of affirmative action programs to ensure that persons are recruited, hired, trained, transferred and promoted in all job groups regardless of race, color, religion, age, disability, national origin, citizenship status, military or veteran status, sex (including pregnancy, childbirth and related medical conditions), sexual orientation, gender identity, genetic information, and any other category protected by federal, state or local law.  We are not only committed to this policy by our status as a federal government contractor, but also we are strongly bound by the principle of equal employment opportunity.

The full affirmative action program, absent the data metrics required by § 60-741.44(k), shall be available to all employees and applicants for employment for inspection upon request. The program may be obtained at your location’s HR Office during normal business hours.

Req ID:  31646
Job Category:  Engineering

Point Richmond, CA, US, 94804


Nearest Major Market: San Francisco
Nearest Secondary Market: Oakland

Job Segment: Medical Device, Medical Device Engineer, Facilities, Testing, Computer Science, Healthcare, Engineering, Operations, Technology