Cybersecurity Engineer II

About The Position

Requirements

• Bachelor’s degree in Computer Engineering, Software Engineering, or Cybersecurity required. (A degree in another engineering discipline may be acceptable with proven cybersecurity education and/or training and demonstrated experience in software security.)
• Minimum 3 years of direct experience in the field of cybersecurity in software product development.
• Minimum of 1 year experience conducting cybersecurity risk assessments, vulnerability assessments, and security testing.
• Proficiency in programming and scripting languages such as Python, C/C++, Java, Ruby/Rails, and Bash within a Linux environment.
• Experience in analyzing penetration test results and recommending corrective actions.
• Experience working in a regulated industry. (ie: Medical device, automotive, aerospace)

Nice To Haves

• Experience with vulnerability scanning tools and threat intelligence services is a plus.
• Experience using Threat Modeling tools and conducting penetration testing is desirable.
• Software security certification such as SSCP or CISSP is desirable.
• Knowledge of Windows and Linux operating systems and OS configurations is desirable.
• Experience in writing software security requirements is desirable.
• Team player with the ability to interact with multiple product development teams across multiple locations.
• Keen interest in acquiring technical knowledge of leading techniques, standards and practices related to software system security.
• Develop knowledge about various types of cyberattacks and appropriate defenses.
• Strong communication and problem-solving skills.
• Experience in developing applications/scripts for multiple operating systems.
• Knowledge of Internet and Things (IoT) and related solutions.

Responsibilities

• Coordinates with the product development, implementation and CPE teams in the specification, development, verification, and deployment of security measures in new, currently marketed, and legacy products, which run Linux, Windows, or embedded operating systems.
• Identify potential software security vulnerabilities in software bill of material (SBOM), security testing, and threat modeling and collaborate with product teams for assessment, remediation and planning.
• Execute and evaluate product security risk assessments, requirements analysis, and test methods.
• Execute and evaluate and product security testing including test planning, cases, and procedure development.
• Participates in design and code reviews to identify security-related issues and recommends design changes as appropriate.
• Coordinates with development teams in penetration and fuzz testing and third-party attestations of cyber devices.
• Assist in developing customer facing product security documents such as MDS2 forms (Manufacturer Disclosure Statement for Medical Device Security) and medical device security labelling.
• Performs code assessments for implemented security controls/methods for software embedded in STERIS products and other software applications for the assigned product(s) or project(s).
• Develop new techniques and methods to enhance internal security testing practices and improve overall device security. Participate in improvement projects related to Cybersecurity technology, tools, and practices.
• Respond to Cybersecurity Questionnaires from STERIS Customers. Create and update FAQs, White Paper/Knowledge Articles based on commonly asked questions by Customers.

Benefits

• Market Competitive Pay
• Extensive Paid Time Off and (9) added Holidays
• Excellent Healthcare, Dental and Vision Benefits
• Long/Short Term Disability Coverage
• 401(k) with a company match
• Maternity and Paternity Leave
• Additional add-on benefits/discounts for programs such as Pet Insurance
• Tuition Reimbursement and continued education programs
• Excellent opportunities for advancement in a stable long-term career
• Eligible for bonus participation