Advanced Cybersecurity Engineer

At STERIS, we help our Customers create a healthier and safer world by providing innovative healthcare and life science product and service solutions around the globe.

Position Summary

As the Advanced Cybersecurity Engineer, you will be an integral member of the Operating Room Integration (ORI) Software Team and will work with cross-functional teams to help ensure that our medical devices and healthcare applications, services, websites and mobile applications are designed, developed and implemented to the highest security standards required for the products. You will apply your subject matter expertise in developing security related product requirements and design specifications. You will analyze the security of our products, applications and services, discovering and addressing security issues and quickly reacting to new threat scenarios. You will recommend security and software solutions for future product development. You will help foster awareness in our department and cross functional partners of security-related concerns in our products and will help create procedures and training plans to continuously build competency of staff. A successful candidate will need a combination of troubleshooting, technical, and communication skills, as well as the ability to handle a mix of disparate tasks which may include project work, software development and escalation support.

• This position can be located in Mentor, Ohio or Hauppauge, NY and is eligible for a hybrid work schedule.
  
  

What You'll Do As An Advanced Cybersecurity Engineer

• Ensures compliance with relevant regulatory guidance on cybersecurity and works to implement industry best practices.
• Establishes and maintains local work instructions related to cybersecurity. Participates in the development and maintenance of the corporate cybersecurity program.
• Leads the response to cybersecurity incidents.
• Ensures cybersecurity documentation is maintained as per internal procedures and regulatory requirements.
• Leads or facilitates product and cyber security risk assessments to ensure appropriate and traceable control measures implemented in the product to mitigate security risks.
• Responsible for working with, Regulatory, Corporate IT and 3rd party testing agencies to ensure product adherence to latest industry security standards and perform security vulnerability and penetration testing on our products
• Responsible for product security documents for customers such as MDS2 forms (Manufacturer Disclosure Statement for Medical Device Security) and/or technical guides that describe product security characteristics and processes used to ensure a secure product.
• Coordinates with the product development and implementation teams in the specification, development, verification and deployment of security measures in both new and currently marketed products
• Work as a collaborative member within engineering teams and other functions such as Quality, Regulatory, Marketing, and Corporate IT, while also establishing your subject matter expertise in product security.
• Shares responsibility for ensuring secure architecture designs.
• Determines required tasks and completes on time with minimal supervision. Identifies problems and formulates solutions to complex and ambiguous product and/or network related security problems.
• Participates in design and code reviews to identify security-related issues and recommend design changes as appropriate.
• Proposes solutions and defines technical direction for product security development efforts.
• Owns the development and execution of security plans, threat modeling and product security specifications.
• Provides support on product security issues when escalated to R&D.
• Develops awareness of security concerns and shares best engineering practices
• Supports project teams in implementing and verifying security measures by providing guidance, helping to establish security measures and applying appropriate tools.
• Collaborates with other business units and corporate IT in the development and implementation of security-related practices and procedures while sharing best practices and helping to drive security related initiatives.
• Champions continued improvement of security-related processes and tools.
• Assists with creating department procedures and work instructions for implementing appropriate design techniques for the development of medical device systems.
• Provides training on good design techniques to improve product security to internal teams.
• Continuously expands knowledge and expertise in cybersecurity
• Assists with researching and evaluating best practices in designing secured systems, attending conferences and classes.
• Proposes solutions and helps define future technical direction for product security.
• Serves as a contact point for security solution vendors.
• Evaluates the security regulations for new markets.
  
  

The Experience, Skills And Abilities Needed

Required:

Bachelor's Degree in Computer Science, Information Assurance, Computer Networking or other related technical fields

Minimum 8 years of working knowledge and understanding of security engineering, system and network security, authentication, network and web related protocols, cryptography, or application security, including multiple combinations of the following: Vulnerability assessment and risk analysis Software development processes and secure coding Threat modeling for products Developing security procedures and product security specifications Secure web and server-side application development SOAP and REST web services Identity management, authentication, cryptography and encryption, including data encryption in transfer and at rest System administration and network security, including firewalls, VPNs, SSH, Site-to-Site tunnels, and network certificates Vulnerability/penetration testing Mobile applications and security

TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols

Cybersecurity experience within software new product development where multiple software products are being developed for external customers

Minimum 5 years of experience programming in 3 or more of the following: Java, JavaScript, C#, C , Ruby, etc.

Experience deploying, securing, and managing applications on Linux-based operating systems (e.g., Red Hat, Rocky Linux) within Azure environments; familiarity with multiple OS platforms preferred.

Experience managing and securing Linux-based web servers (Apache, NGINX) on Linux environments, including configuration, hardening, and troubleshooting. Familiarity with developing and securing RESTful APIs is a plus.

Experience with database products such as SQL Server, MySQL, etc…

Experience with secure design, configuration and installation of networked devices such as servers, client PCs, NAS drives, and mobile devices, preferably on a hospital network

Knowledge of various types of cyber-attacks and the appropriate defenses

Use of development tools to facilitate and automate the analysis of software systems and code for security deficiencies

Documentation experience in a highly regulated environment

Experience in a highly regulated environment such as defense or aerospace

Preferred:

• Experience within the medical device industry
• Experience with cloud computing platforms and services
• Certificates and training in cyber security and software security
• Experience with Windchill PLM
• Awareness of DOD RMF
• Awareness of GDPRKnowledge of the Internet of Things (IoT) and associated solutions like remote monitoring solutions
  
  

Other:

• Strong communication both oral and written, problem-solving and trouble shooting skills
• Awareness of HIPAA/PCI compliance
  
  

What STERIS Offers

We value our employees and are committed to providing a comprehensive benefits package that supports your health, well-being and financial future.

Here is a brief overview of what we offer:

Market Competitive Pay

Extensive Paid Time Off and (9) added Holidays

Excellent Healthcare, Dental and Vision Benefits

Long/Short Term Disability Coverage

401(k) with a company match

Maternity and Paternity Leave

Additional Add-on Benefits/discounts For Programs Such As Pet Insurance

Tuition Reimbursement and continued education programs

Excellent opportunities for advancement in a stable long-term career

Pay range for this opportunity is $150,000 - $160,00. This position is eligible for bonus participation.

Minimum pay rates offered will comply with county/city minimums, if higher than range listed. Pay rates are based on a number of factors, including but not limited to local labor market costs, years of relevant experience, education, professional certifications, foreign language fluency, etc.

STERIS offers a comprehensive and competitive benefits portfolio. Click here for a complete list of benefits: STERIS Benefits

Open until position is filled.

STERIS is an Equal Opportunity Employer. We are committed to equal employment opportunity to ensure that persons are recruited, hired, trained, transferred and promoted in all job groups regardless of race, color, religion, age, disability, national origin, citizenship status, military or veteran status, sex (including pregnancy, childbirth and related medical conditions), sexual orientation, gender identity, genetic information, and any other category protected by federal, state or local law. We are not only committed to this policy by our status as a federal government contractor, but also we are strongly bound by the principle of equal employment opportunity.