Cybersecurity Engineer II

Position Summary

As a Cybersecurity Engineer II you will be a cybersecurity specialist working within STERIS R&D. You will apply cybersecurity standards and safe development practices to new and existing products and platforms in close collaboration with product development teams. In this role you will be analyzing software and hardware for potential vulnerabilities, executing secure software development and maintenance, collaborating with product development teams for secure designs, conducting vulnerability assessments, identifying mitigating and compensating controls, and participating in incident response efforts. You will focus on creating and maintaining the security standards that contribute to the safety and integrity of critical healthcare technology. **This is not an IT/Network Cybersecurity position. This role focuses on cybersecurity within the software application development life cycle for commercial software. 

* This role is located onsite in Mentor, Ohio with the opportunity for a hybrid work schedule. 

What You'll Do as a Cybersecurity Engineer II

• Coordinates with the product development, implementation and CPE teams in the specification, development, verification, and deployment of security measures in new, currently marketed, and legacy products, which run Linux, Windows, or embedded operating systems.


• Identify potential software security vulnerabilities in software bill of material (SBOM), security testing, and threat modeling and collaborate with product teams for assessment, remediation and planning.


• Execute and evaluate product security risk assessments, requirements analysis, and test methods.


• Execute and evaluate and product security testing including test planning, cases, and procedure development.


• Participates in design and code reviews to identify security-related issues and recommends design changes as appropriate.


• Coordinates with development teams in penetration and fuzz testing and third-party attestations of cyber devices.


• Assist in developing customer facing product security documents such as MDS2 forms (Manufacturer Disclosure Statement for Medical Device Security) and medical device security labelling.


• Performs code assessments for implemented security controls/methods for software embedded in STERIS products and other software applications for the assigned product(s) or project(s).


• Develop new techniques and methods to enhance internal security testing practices and improve overall device security. Participate in improvement projects related to Cybersecurity technology, tools, and practices.


• Respond to Cybersecurity Questionnaires from STERIS Customers. Create and update FAQs, White Paper/Knowledge Articles based on commonly asked questions by Customers.

The Experience, Skills and Abilities Needed

Required: 

• Bachelor’s degree in Computer Engineering, Software Engineering, or Cybersecurity required. (A degree in another engineering  discipline may be acceptable with proven cybersecurity education and/or training and demonstrated experience in software security.)


• Minimum 3 years of direct experience in the field of cybersecurity in software product development.


• Minimum of 1 year experience conducting cybersecurity risk assessments, vulnerability assessments, and security testing.


• Proficiency in programming and scripting languages such as Python, C/C++, Java, Ruby/Rails, and Bash within a Linux environment.


• Experience in analyzing penetration test results and recommending corrective actions.


• Experience working in a regulated industry. (ie: Medical device, automotive, aerospace)

Preferred: 

• Experience with vulnerability scanning tools and threat intelligence services is a plus.


• Experience using Threat Modeling tools and conducting penetration testing is desirable.


• Software security certification such as SSCP or CISSP is desirable.


• Knowledge of Windows and Linux operating systems and OS configurations is desirable.


• Experience in writing software security requirements is desirable.

Other: 

• Team player with the ability to interact with multiple product development teams across multiple locations.


• Keen interest in acquiring technical knowledge of leading techniques, standards and practices related to software system security.


• Develop knowledge about various types of cyberattacks and appropriate defenses.


• Strong communication and problem-solving skills.


• Experience in developing applications/scripts for multiple operating systems.


• Knowledge of Internet and Things (IoT) and related solutions.

What STERIS Offers

We value our employees and are committed to providing a comprehensive benefits package that supports your health, well-being and financial future.

Here is a brief overview of what we offer: 

Market Competitive Pay
Extensive Paid Time Off and (9) added Holidays
Excellent Healthcare, Dental and Vision Benefits
Long/Short Term Disability Coverage
401(k) with a company match
Maternity and Paternity Leave
Additional add-on benefits/discounts for programs such as Pet Insurance
Tuition Reimbursement and continued education programs
Excellent opportunities for advancement in a stable long-term career

#LI-KK1