Job Title:  Product Security Engineer (Remote)

Req ID:  34776
Job Category:  Service/Technical Services

Huntsville, AL, US, 35801


At STERIS, we help our Customers create a healthier and safer world by providing innovative healthcare and life science product and service solutions around the globe.

Position Summary

The Product Security Engineer will be responsible for the Digital Products Security Risk and Vulnerability Management Program that balances risk with the evolving business needs of the organization/products to drive Cybersecurity Assurance for our Customers and business productivity. The individual will partner closely with Product Development Teams, Customer IT and Business stakeholders to ensure Cybersecurity risks are identified and proper controls are in place including capabilities to protect sensitive information.


This is a fully remote position, candidate can be based anywhere in the Continental United States.


  1. Design and implement required security controls/methods for software applications, services and systems in the Digital Solutions department
  2. Develop and track cybersecurity bill of materials (CBOM), track vulnerabilities in CBOM and work with product teams to remediate vulnerabilities
  3. Own/conduct product security risk assessments with different stakeholders through the product development and post market lifecycle
  4. Execute product security testing including test planning, test cases, and procedure development with required tools
  5. Perform/setup regular vulnerability assessment and software scanning (Static/Dynamic)
  6. Identify Cybersecurity vulnerabilities and collaborate with product teams for remediation and planning
  7. Contribute to technical feasibility studies, proof of concepts, and technology evaluations as needed for new product security capabilities
  8. Participate in improvement projects related to Cybersecurity technology and tools, and practices
  9. Respond to Cybersecurity Questionnaires from STERIS Customers
  10. Create and update FAQs, White Paper/Knowledge Articles based on commonly asked questions by Customers
  11. Support API, cloud security designs, and solutions
  12. Perform other related and evolving job-related duties as assigned

Required Experience

  1. Bachelor’s Degree in Computer Science, Security/Homeland Security Studies, Cybersecurity, Risk Management, Engineering or Information Technology.
  2. 5+ years of experience in Cybersecurity with Web/Mobile Applications or Embedded software and systems conducting Cybersecurity Risk Assessments and verifying remediations through the Product Development Lifecycle including experience with Security Testing tools
  3. Basic knowledge in cybersecurity, software engineering, product development
  4. In lieu of degree, 13 years of experience working with Digital/Embedded Product Security
  5. 1 year of Supervisor experience 

Preferred Experience

  1. Experience with vulnerability scanning tools and threat intelligence services is a plus.
  2. Experience using Threat Modeling tools and Penetration Testing
  3. CISSP Certification
  4. Knowledge in programming languages like Java, Python, C++/C/C#, PHP, etc.

What we offer

The opportunity to join a company that will invest in you for the long-term. STERIS couldn’t be where it is today without our incredible people. That’s why we share in our success together by rewarding you for your hard work. Hiring people who are in it for the long run with STERIS is our ultimate goal. We do this by providing competitive salaries, healthcare benefits, tuition assistance, paid-time off, holidays, matching 401(k), annual merit, and incentive plans.  Join us and help write our next chapter.     #LI-SA2   #ZRSA-1

attack vectors, STRIDE tool, Cybersecurity Software Bill of Materials (SBOM), OWASP/CWE SANS Top 25

penetration testing, Assess vulnerabilities in proposed SBOM, Authentication (PKI, SSO/SAML etc.,) Authorization mechanisms

Pay range for this opportunity is 90K-110K. This position is eligible for 15% company bonus plan.


Minimum pay rates offered will comply with county/city minimums, if higher than range listed.  Pay rates are based on a number of factors, including but not limited to local labor market costs, years of relevant experience, education, professional certifications, foreign language fluency, etc.


Employees (and their families) may enroll in our company-sponsored medical, dental, vision, flexible spending, health savings account, voluntary benefits, supplemental life/AD&D plans and the company’s 401k plan. Employees are covered by an employee assistance program (also available to household members) and long-term disability. Full-Time Employees are also eligible for short-term disability.  Full-time Employees will also receive Paid Time Off (PTO) based on years of service and paid Holidays. Part-time employees working 20 or more hours receive a pro-ration of the full-time PTO allocation and paid Holidays based on their standard hourly work week. Full-Time employees are eligible for four weeks of paid parental leave. Part-time employees also receive paid parental leave, pro-rated based on their standard hourly work week.


STERIS is a leading provider of products and services that meet the needs of growth areas within Healthcare: procedures, devices, vaccines and biologics.  We exist to fulfill our MISSION TO HELP OUR CUSTOMERS CREATE A HEALTHIER AND SAFER WORLD. STERIS is a $3B, publicly traded (NYSE: STE) company with approximately 16,000 associates and Customers in more than 100 countries.


If you need assistance completing the application process, please call 1 (440) 392.7047. This contact information is for accommodation inquiries only and cannot be used to check application status.


STERIS is an Equal Opportunity Employer.  We are committed to equal employment opportunity and the use of affirmative action programs to ensure that persons are recruited, hired, trained, transferred and promoted in all job groups regardless of race, color, religion, age, disability, national origin, citizenship status, military or veteran status, sex (including pregnancy, childbirth and related medical conditions), sexual orientation, gender identity, genetic information, and any other category protected by federal, state or local law.  We are not only committed to this policy by our status as a federal government contractor, but also we are strongly bound by the principle of equal employment opportunity.


The full affirmative action program, absent the data metrics required by § 60-741.44(k), shall be available to all employees and applicants for employment for inspection upon request. The program may be obtained at your location’s HR Office during normal business hours.

Req ID:  34776
Job Category:  Service/Technical Services

Huntsville, AL, US, 35801

Nearest Major Market: Huntsville

Job Segment: Test Engineer, Testing, Embedded, Cloud, Product Development, Engineering, Technology, Research