Position Summary
At STERIS, we help our Customers create a healthier and safer world by providing innovative healthcare and life science product and service solutions around the globe. The Cybersecurity Engineer II will be a specialist working within the STERIS R&D controls department. Responsibilities include analyzing software and hardware for potential vulnerabilities, creating work instructions for secure software maintenance, collaborating with product development teams on secure designs, conducting vulnerability assessments, and participating in incident response efforts. The candidate will focus on creating and maintaining security standards that support the safety and integrity of critical healthcare technology.
Duties
* Receive and analyze CVEs from open‑source sources, determine applicability to STERIS products, and collaborate with product teams to gather information needed for CVE impact and applicability assessments.
* Develop and track software bill of materials (SBOM), track vulnerabilities in SBOM, and work with product teams to remediate the vulnerabilities.
* Identify potential software security vulnerabilities and collaborate with product teams for remediation and planning.
* Assist and support product security risk assessments, requirements analysis, and test methods.
* Evaluate and execute product security testing including test planning, cases, and procedure development.
* Perform vulnerability assessment and network scanning activities.
* Perform internal fuzz testing to identify potential product vulnerabilities.
* Reproduce penetration testing findings to help product teams understand security issues and develop effective remediations.
* Implement proposed security controls/methods to software embedded in STERIS products and other software applications for the assigned product(s) or project(s).
* Research new techniques and methods to enhance internal security testing practices and improve overall device security.
Duties - cont'd
* Participate in improvement projects related to Cybersecurity technology, tools, and practices.
* Work on cybersecurity assessments and documentation required for FDA 510(k) submissions, including security risk management, threat modeling, security architecture views, vulnerability management, and regulatory compliance deliverables.
* Respond to Cybersecurity Questionnaires from STERIS Customers.
* Create and update FAQs, White Paper/Knowledge Articles based on commonly asked questions by Customers.
* Perform other related and evolving job‑related duties as assigned.
Education
* Bachelor’s Degree in Computer Science.
Required Experience & Competencies
* Bachelor’s degree in computer engineering, software engineering, or cybersecurity required.
* At least 3 years of direct experience in the field of cybersecurity, conducting cybersecurity risk assessments and security testing.
* At least 1 year’s experience in cybersecurity vulnerability assessment and software development lifecycle.
* Knowledge in programming languages such as Python, C++, C#, Java, etc.
* Experience in analyzing penetration test results and recommending corrective actions.
* English at level B2 minimum.
Preferred Experience
* Experience with vulnerability scanning tools and threat intelligence services is a plus.
* Experience using threat modeling tools and conducting penetration testing is desirable.
* Software security certification such as SSCP or CISSP is desirable.
* Knowledge of Windows and Linux operating systems and OS configurations is desirable.
* Experience in writing software security requirements is desirable.
Skills
* Team player with the ability to interact with multiple product development teams across multiple locations.
* Keen interest in acquiring technical knowledge of leading techniques, standards, and practices related to software system security.
* Develop knowledge about various types of cyberattacks and appropriate defenses.
* Strong communication and problem‑solving skills.
* Experience in developing applications/scripts for multiple operating systems.
STERIS strives to be an Equal Opportunity Employer.
#J-18808-Ljbffr