The Smith+Nephew Product Security Engineer, in collaboration with Global IT, RD and Compliance Teams, will provide hands on cybersecurity architecture and engineering services with the ultimate goal of ensuring Smith + Nephew products and their data is secure and resilient to cybersecurity threats
What will you be doing
Technical Cybersecurity Architecture and Engineering Services
- Lead the definition and ensure the implementation of cybersecurity requirements and controls in support of multiple Smith + Nephew technologies, capital devices, digital accessories, connected infrastructures and software applications.
Product Security Risk Management and Threat Modelling
- Lead the creation and maintenance of Product Cybersecurity Risk Registers and Threat Models throughout the development lifecycle to identify and mitigate cybersecurity deficiencies as early in the development lifecycle as possible.
Product Security Testing and Assessment
- Lead the execution and integration of cybersecurity testing and assessment activities throughout the development lifecycle to identify and formulate mitigation strategies for cybersecurity deficiencies. Support the identification of technical solutions and ensure the integration of automated security tools and processes to help mitigate security vulnerabilities.
- This includes but is not limited to: Vulnerability Testing, Penetration Testing, Code Analysis, Endpoint Protections, etc
Incident Response
- support best practice (ISO 29147/30111) product cyber security incident response (IR) activities.
Secure-Software Development Life Cycle
- Help develop and mature Global Product Security Strategy and Secure-Software Development Life Cycle (S-SDLC) to ensure robust cyber security controls are present and effective in our products from product conceptualization through commercial launch and ultimately product/product family decommissioning. Ensure ongoing awareness and understanding of emerging threats and industry best practices.
Outward Facing
- Provide technical leadership and competency in communications with stakeholders outside of Smith + Nephew. Help to answer questions regarding the security of different products. This includes but is not limited to: Regulators, Customers, Auditors, Industry Groups, Researchers, etc
Education:
Bachelors degree in life science, computer science, information systems and/or equivalent formal training or work experience.
Five (5) years of experience in product/device security, application security, or IT information security.
Other reasons why you will love it here
Your future: stock purchase program, referral bonus, subsidy in transport and food, recognition program.
Work/Life Balance: Extra days off, birthday off, voluntary hours.
Your Wellbeing: company doctor, medical insurance, gym, health campaigns, employee assistance program, parental leave,
Flexibility : Hybrid work model (for more professional roles), flexible schedules.
Training: Training program, unlimited learning.
Extra perks: employees association, and more
