Were on the lookout for hard-working individual who is ready to make an impact in medical equipment industry. If youre eager to be part of a dynamic environment that fosters growth and collaboration, look no further. Explore our latest job opening for Product Security Engineer role and embark on a journey where your talents are valued and your potential is limitless. In collaboration with Global IT, R&D and Compliance Teams with the ultimate goal of ensuring Smith + Nephew products and their data is secure and resilient to cybersecurity threats. We encourage you to apply for this exciting opportunity. Lets craft the future together!
What will you be doing
- Your will contribute, Technical Cybersecurity Architecture and Engineering Services.
- Define and ensure implementation of cybersecurity requirements and controls in support of multiple Smith + Nephew technologies, capital devices, digital accessories, connected infrastructures and software applications.
- Product Security Testing and Assessment - Be responsible for the execution and integration of cybersecurity testing, assessment activities throughout the development lifecycle - which includes but is not limited to Static Application Security Testing, Dynamic App. Security Testing, and Software Composition Analysis.
- Vulnerability response support - Provide technical expertise in evaluating and assessing potential vulnerabilities, support vulnerability response efforts, and efficiently communicate risks and mitigation strategies to the business.
- Secure-Software Development Life Cycle - Help develop and mature Global Product Security Strategy and (S-SDLC) to ensure robust cyber security controls are present and effective in our products from product conceptualization through commercial launch and ultimately product/product family decommissioning.
- Threat model - Provide technical leadership and proficiency in crafting comprehensive threat models using industry-standard methods in close collaboration with the product teams and the product security engineers.
What will you need to be successful
- Education: Bachelors or equivalent experience or Master s degree in Computer Science or Information Technology.
- Licenses/Certifications : Current CISM, CISSP, CRISC, or similar certification preferred.
- Experience: Minimum 3 + years of experience in hands-on cybersecurity experience.
- Good understanding of mitigating security controls. Vulnerability Management, Penetration Testing, Code Security.
- Good to have - FDA and other medical device regulators experience. Knowledge of cyber security standard frameworks such as HIPAA, FDA, ISO 27001/2, NIST CSF, and OWASP.
- Understanding of network infrastructure, including firewalls, web proxy and/or email architecture- particularly as they apply in a mitigating control functionality.
- Experience with different cloud computing platforms and the cloud security framework. Ability to craft, recommend, plan, guide, and support implementation of innovative security solutions.
- Understand the current Medical Device market, including what customers want to see with regards to product security
- Understanding of back-channels typically used by threat actors for malicious activity.
- Understanding of different connectivity protocols and any risks involved with them.
- Superb communication, collaboration, and relationship building and collaborator engagement skills.
