STERIS · 1 day ago
Advanced Cybersecurity Engineer
Hauppauge, NY
Full-time
Hybrid
Senior Level, Lead/Staff
8+ years expSTERIS is dedicated to providing innovative healthcare and life science solutions to create a healthier and safer world. The Advanced Cybersecurity Engineer will play a crucial role in ensuring the security of medical devices and healthcare applications, developing security requirements, and addressing security issues while collaborating with cross-functional teams.
BiotechnologyHealth CareMedical Device
Responsibilities
Ensures compliance with relevant regulatory guidance on cybersecurity and works to implement industry best practices
Establishes and maintains local work instructions related to cybersecurity
Participates in the development and maintenance of the corporate cybersecurity program
Leads the response to cybersecurity incidents
Ensures cybersecurity documentation is maintained as per internal procedures and regulatory requirements
Leads or facilitates product and cyber security risk assessments to ensure appropriate and traceable control measures implemented in the product to mitigate security risks
Responsible for working with, Regulatory, Corporate IT and 3rd party testing agencies to ensure product adherence to latest industry security standards and perform security vulnerability and penetration testing on our products
Responsible for product security documents for customers such as MDS2 forms (Manufacturer Disclosure Statement for Medical Device Security) and/or technical guides that describe product security characteristics and processes used to ensure a secure product
Coordinates with the product development and implementation teams in the specification, development, verification and deployment of security measures in both new and currently marketed products
Work as a collaborative member within engineering teams and other functions such as Quality, Regulatory, Marketing, and Corporate IT, while also establishing your subject matter expertise in product security
Shares responsibility for ensuring secure architecture designs
Determines required tasks and completes on time with minimal supervision
Identifies problems and formulates solutions to complex and ambiguous product and/or network related security problems
Participates in design and code reviews to identify security-related issues and recommend design changes as appropriate
Proposes solutions and defines technical direction for product security development efforts
Owns the development and execution of security plans, threat modeling and product security specifications
Provides support on product security issues when escalated to R&D
Develops awareness of security concerns and shares best engineering practices
Supports project teams in implementing and verifying security measures by providing guidance, helping to establish security measures and applying appropriate tools
Collaborates with other business units and corporate IT in the development and implementation of security-related practices and procedures while sharing best practices and helping to drive security related initiatives
Champions continued improvement of security-related processes and tools
Assists with creating department procedures and work instructions for implementing appropriate design techniques for the development of medical device systems
Provides training on good design techniques to improve product security to internal teams
Continuously expands knowledge and expertise in cybersecurity
Assists with researching and evaluating best practices in designing secured systems, attending conferences and classes
Proposes solutions and helps define future technical direction for product security
Serves as a contact point for security solution vendors
Evaluates the security regulations for new markets
Qualification
Required
Bachelor's Degree in Computer Science, Information Assurance, Computer Networking or other related technical fields
Minimum 8 years of working knowledge and understanding of security engineering, system and network security, authentication, network and web related protocols, cryptography, or application security, including multiple combinations of the following: Vulnerability assessment and risk analysis Software development processes and secure coding Threat modeling for products Developing security procedures and product security specifications Secure web and server-side application development SOAP and REST web services Identity management, authentication, cryptography and encryption, including data encryption in transfer and at rest System administration and network security, including firewalls, VPNs, SSH, Site-to-Site tunnels, and network certificates Vulnerability/penetration testing Mobile applications and security - TCP/IP, UDP, IPSEC, HTTP, HTTPS, routing protocols
Cybersecurity experience within software new product development where multiple software products are being developed for external customers
Minimum 5 years of experience programming in 3 or more of the following: Java, JavaScript, C#, C++, Ruby, etc
Experience deploying, securing, and managing applications on Linux-based operating systems (e.g., Red Hat, Rocky Linux) within Azure environments; familiarity with multiple OS platforms preferred
Experience managing and securing Linux-based web servers (Apache, NGINX) on Linux environments, including configuration, hardening, and troubleshooting. Familiarity with developing and securing RESTful APIs is a plus
Experience with database products such as SQL Server, MySQL, etc…
Experience with secure design, configuration and installation of networked devices such as servers, client PCs, NAS drives, and mobile devices, preferably on a hospital network
Knowledge of various types of cyber-attacks and the appropriate defenses
Use of development tools to facilitate and automate the analysis of software systems and code for security deficiencies
Documentation experience in a highly regulated environment
Experience in a highly regulated environment such as defense or aerospace
Preferred
Experience within the medical device industry
Experience with cloud computing platforms and services
Certificates and training in cyber security and software security
Experience with Windchill PLM
Awareness of DOD RMF
Awareness of GDPR
Knowledge of the Internet of Things (IoT) and associated solutions like remote monitoring solutions
Benefits
Market Competitive Pay
Extensive Paid Time Off and (9) added Holidays
Excellent Healthcare, Dental and Vision Benefits
Long/Short Term Disability Coverage
401(k) with a company match
Maternity and Paternity Leave
Additional Add-on Benefits/discounts For Programs Such As Pet Insurance
Tuition Reimbursement and continued education programs
Excellent opportunities for advancement in a stable long-term career
Company
STERIS
STERIS is a leading provider of infection prevention and other procedural products and services, focused primarily on healthcare, pharmaceutical and medical device Customers.
10001+ employees
H1B Sponsorship
STERIS has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (26)
2024 (28)
2023 (15)
2022 (33)
2021 (18)
2020 (19)
Funding
Current Stage
Public CompanyTotal Funding
$0.28M2010-05-21Post Ipo Debt· $0.28M
1998-12-01IPO
Leadership Team
Daniel Carestio
President and CEO, STERIS
Walter Rosebrough
CEO Emeritus & Senior Advisor
Recent News
2025-11-05
Company data provided by crunchbase