Job Title:  Product Security Engineer (Remote)

Position Summary

The Product Security Engineer will be responsible for the Digital Products Security Risk and Vulnerability Management Program that balances risk with the evolving business needs of the organization/products to drive Cybersecurity Assurance for our Customers and business productivity. The individual will partner closely with Product Development Teams, Customer IT and Business stakeholders to ensure Cybersecurity risks are identified and proper controls are in place including capabilities to protect sensitive information.

This is a fully remote position, candidate can be based anywhere in the Continental United States.

Duties

1. Design and implement required security controls/methods for software applications, services and systems in the Digital Solutions department
2. Develop and track cybersecurity bill of materials (CBOM), track vulnerabilities in CBOM and work with product teams to remediate vulnerabilities
3. Own/conduct product security risk assessments with different stakeholders through the product development and post market lifecycle
4. Execute product security testing including test planning, test cases, and procedure development with required tools
5. Perform/setup regular vulnerability assessment and software scanning (Static/Dynamic)
6. Identify Cybersecurity vulnerabilities and collaborate with product teams for remediation and planning
7. Contribute to technical feasibility studies, proof of concepts, and technology evaluations as needed for new product security capabilities
8. Participate in improvement projects related to Cybersecurity technology and tools, and practices
9. Respond to Cybersecurity Questionnaires from STERIS Customers
10. Create and update FAQs, White Paper/Knowledge Articles based on commonly asked questions by Customers
11. Support API, cloud security designs, and solutions
12. Perform other related and evolving job-related duties as assigned

Required Experience

1. Bachelor’s Degree in Computer Science, Security/Homeland Security Studies, Cybersecurity, Risk Management, Engineering or Information Technology.
2. 5+ years of experience in Cybersecurity with Web/Mobile Applications or Embedded software and systems conducting Cybersecurity Risk Assessments and verifying remediations through the Product Development Lifecycle including experience with Security Testing tools
3. Basic knowledge in cybersecurity, software engineering, product development
4. In lieu of degree, 13 years of experience working with Digital/Embedded Product Security
5. 1 year of Supervisor experience 

Preferred Experience

1. Experience with vulnerability scanning tools and threat intelligence services is a plus.
2. Experience using Threat Modeling tools and Penetration Testing
3. CISSP Certification
4. Knowledge in programming languages like Java, Python, C++/C/C#, PHP, etc.

What we offer

The opportunity to join a company that will invest in you for the long-term. STERIS couldn’t be where it is today without our incredible people. That’s why we share in our success together by rewarding you for your hard work. Hiring people who are in it for the long run with STERIS is our ultimate goal. We do this by providing competitive salaries, healthcare benefits, tuition assistance, paid-time off, holidays, matching 401(k), annual merit, and incentive plans.  Join us and help write our next chapter.     #LI-SA2   #ZRSA-1

attack vectors, STRIDE tool, Cybersecurity Software Bill of Materials (SBOM), OWASP/CWE SANS Top 25

penetration testing, Assess vulnerabilities in proposed SBOM, Authentication (PKI, SSO/SAML etc.,) Authorization mechanisms