Cybersecurity Engineer II

Position Summary

We are looking for a candidate that will join our Cybersecurity team in Pomezia (Rome). The Cybersecurity Engineer II is a specialist working within the STERIS R&D controls department. The responsibilities include: analyzing software and hardware for potential vulnerabilities, creating work instructions for secure software maintenance, collaborating with product development teams for secure designs, conducting vulnerability assessments, and participating in incident response efforts. He/she will focus on creating and maintaining the security standards that contribute to the safety and integrity of critical healthcare technology.

Duties

• Receive and analyze CVEs from open‑source sources, determine applicability to STERIS products, and collaborate with product teams to gather information needed for CVE impact and applicability assessments.
• Develop and track software bill of materials (SBOM), track vulnerabilities in SBOM, and work with product teams to remediate the vulnerabilities.
• Identify potential software security vulnerabilities and collaborate with product teams for remediation and planning.
• Assist and support product security risk assessments, requirements analysis, and test methods.
• Evaluate and execute product security testing including test planning, cases, and procedure development.
• Perform vulnerability assessment and network scanning activities.
• Perform internal fuzz testing to identify potential product vulnerabilities.
• Reproduce penetration testing findings to help product teams understand security issues and develop effective remediations.
• Implement proposed security controls/methods to software embedded in STERIS products and other software applications for the assigned product(s) or project(s).
• Research new techniques and methods to enhance internal security testing practices and improve overall device security.

Duties - cont'd

• Participate in improvement projects related to Cybersecurity technology, tools, and practices.
• Work on cybersecurity assessments and documentation required for FDA 510(k) submissions, including but not limited to security risk management, threat. modeling, security architecture views, vulnerability management, and regulatory compliance deliverables.
• Respond to Cybersecurity Questionnaires from STERIS Customers.
• Create and update FAQs, White Paper/Knowledge Articles based on commonly asked questions by Customers.
• Perform other related and evolving job-related duties as assigned.

Education Degree

Required Experience & Competencies

• Bachelor’s degree in computer engineering, , Software Engineering, or Cybersecurity required.
• At least 3 years of direct experience in the field of cybersecurity, conducting cybersecurity risk assessments and security testing.
• At least 1 years’ experience in cybersecurity vulnerability assessment and software development lifecycle.
• Knowledge in programming languages like Python, C++/C/C#, Java etc.
• Experience in analyzing penetration test results and recommending corrective actions.
• English at level B2 minimun

Preferred Experience

• Experience with vulnerability scanning tools and threat intelligence services is a plus.
• Experience using Threat Modeling tools and conducting penetration testing is desirable
• Software security certification such as SSCP or CISSP is desirable
• Knowledge of Windows and Linux operating systems and OS configurations is desirable

• Experience in writing software security requirements is desirable

Skills

• Team player with the ability to interact with multiple product development teams across multiple locations
• Keen interest in acquiring technical knowledge of leading techniques, standards and practices related to software system security
• Develop knowledge about various types of cyberattacks and appropriate defenses
• Strong communication and problem-solving skills
• Experience in developing applications/scripts for multiple operating systems