Senior Cybersecurity Engineer

Position Summary

The Senior Cybersecurity Engineer  is a cybersecurity specialist working within the STERIS R&D controls department. The responsibilities include analyzing software and hardware for potential vulnerabilities, creating work instructions for secure software maintenance, collaborating with product development teams for secure designs, conducting vulnerability assessments, and participating in incident response efforts. You will focus on creating and maintaining the security standards that contribute to the safety and integrity of critical healthcare technology.

Duties

• Receive and analyze CVEs from open‑source sources, determine applicability to STERIS products, and collaborate with product teams to gather information needed for CVE impact and applicability assessments
• Develop and track software bill of materials (SBOM), track vulnerabilities in SBOM, and work with product teams to remediate the vulnerabilities
• Identify potential software security vulnerabilities and collaborate with product teams for remediation and planning
• Lead cybersecurity incident response activities, supporting investigation and remediation efforts.
• Lead product security risk assessments, requirements analysis, and test methods in alignment with internal procedures and regulatory requirements.
• Evaluate and execute product security testing including test planning, cases, and procedure development
• Perform vulnerability assessment and network scanning activities
• Perform internal security testing activities including fuzz testing to identify potential product vulnerabilities
• Reproduce penetration testing findings to help product teams understand security issues and develop effective remediations
• Implement proposed security controls/methods to software embedded in STERIS products and other software applications for the assigned product(s) or project(s)
• Research new techniques and methods to enhance internal security testing practices and improve overall device security
• Initiate improvement projects related to Cybersecurity technology, tools, and practices
• Work on cybersecurity assessments and documentation required for regulatory compliance such as FDA 510(k) submissions, including but not limited to security risk management, threat modeling, security architecture views, vulnerability management, and regulatory compliance deliverables
• Respond to Cybersecurity Questionnaires from STERIS Customers
• Create and update FAQs, White Paper/Knowledge Articles based on commonly asked questions by Customers
• Perform other related and evolving job-related duties as assigned

Education

Bachelor’s degree in computer engineering, Software Engineering, or Cybersecurity required. 

Required Experience

• Bachelor’s degree in computer engineering, Software Engineering, or Cybersecurity required. (A degree in another engineering  discipline may be acceptable with proven cybersecurity education and/or training and demonstrated experience in software security.)
• At least 5 years of direct experience in the field of embedded product cybersecurity, conducting device security risk assessments and security testing
• At least 3 years’ experience in device security vulnerability assessment and software development lifecycle
• At least 2 years’ experience in linux or windows system level security analysis

• Knowledge in programming languages like C++/C/C# etc.
• Experience in analyzing penetration test results and recommending corrective actions
• Atleast 1 year Experience with security testing for embedded products and utilizing various tools for network testing

• Experience in writing software security requirements

• Experience with vulnerability scanning tools and threat intelligence services.

Preferred Experience

• Experience using Threat Modeling tools and conducting penetration testing is desirable
• Software security certification such as SSCP or CISSP is desirable
• Knowledge of Windows and Linux operating systems and OS configurations
• Experience with IEC62304, UL 29000 and FDA cybersecurity regulation is desirable 

Skills

• Team player with the ability to interact with multiple product development teams across multiple locations
• Keen interest in acquiring technical knowledge of leading techniques, standards and practices related to software system security
• Develop knowledge about various types of cyberattacks and appropriate defenses
• Strong communication and problem-solving skills
• Experience in developing applications/scripts for multiple operating systems
• Knowledge of Internet and Things (IoT) and related solutions