Regulatory Cybersecurity Specialist

Position Summary

STERIS has a shared responsibility with our healthcare Customers, Regulators, and Cybersecurity Industry Professionals to help our healthcare Customers build a more secure and resilient healthcare sector infrastructure for the future. The Regulatory Cybersecurity Specialist will work directly with the STERIS Regulatory Cybersecurity team, internal stakeholders, and external security industry partners to ensure that STERIS products and solutions are designed to meet best class cybersecurity industry standards and best practices to protect our products against today’s cybersecurity threats.

The Regulatory Cybersecurity Specialist will support cybersecurity activities for new product development and maintenance of existing products to develop or improve cyber hygiene of our healthcare products and related solutions. Through cybersecurity related activities such as static code analysis, vulnerability scanning, web application scanning, threat and vulnerability assessments, networking and security log analysis, he/she will gain experience in cybersecurity risk management and secure product development for healthcare products and solutions.

This position is based in Mentor, OH and requires regular time spent working in the office.

Duties

• Researches and assesses new threats and security alerts to recommend remediations.
• Assists with identification and use of security tools for monitoring vulnerabilities, including ensuring timely resolution of detected product security issues.
• Vulnerability scanning & testing.
• Assist with audit log analyses.
• Creates cybersecurity risk management plans and summary reports.
• Assist with performing threat modeling, threat and vulnerability assessments, and other cybersecurity related activities.
• Works collaboratively with other functional areas to create cybersecurity deliverables for regulatory submissions.
• Assists with secure software development process activities. Analyzes workflows and recommends ways to reduce steps and increase efficiencies through use of technology and automation.
• Assists with the development of product cybersecurity requirements and security test plans.
• Assists with establishing and maintaining secure configuration baselines for the products.
• Help create & execute fuzzing test suite for communication ports.
• Participate in security industry information sharing forum meetings and webinars.
• Effectively communicates the Product Cybersecurity Program procedures and policies to internal cybersecurity practitioners and other internal stakeholders.
• Collaborates with the Regulatory Cybersecurity Team, I & S Cybersecurity, and the Product Cybersecurity Working Group to increase organizational cybersecurity awareness.
• Other duties as assigned.

Education

• Bachelor’s Degree or completion of Boot Camp in Information Security, Information Technology, Computer Science, Cybersecurity Engineering, or related field.

Required Work Experience

• Minimum of 1 year of Information or Cybersecurity experience required that includes experience in providing specialized technical expertise and support on projects, in threat and vulnerability assessments, and in implementation and operational aspects of cybersecurity procedures and products.
• Practical knowledge of network topology and the underlying OSI model.
• Practical knowledge of security technologies such as user authentication mechanisms and cryptography.
• Familiarity with writing software languages and creating scripts with Powershell, Python or similar.
• Exposure to static code analysis tools
• Familiar with Networking, Security, Systems Administration (Linux or Windows Servers)
• Prior experience with virtual machines such as Virtual Box and VM Ware
• Exposure to vulnerability scanning, malware detection and remediation methods

Preferred Qualifications

• Master’s Degree
• Completion of Boot Camp in one of the related fields can substitute for required work experience.
• Certifications are desired but not required initially (e.g., Computing Technology Industry Association (CompTIA) Network+, Security+ or other position related certifications.
• Exposure to intrusion detection and data correlation is desirable.
• Exposure to Metasploit and Kali Linux is desirable
• Exposure to Secure Software Lifecycle Development Processes is desirable.
• Exposure to Agile software development methodology and the Scrum process framework is desirable

Skills & Competencies

• Capabilities related to the principles, methods, and tools used for threat and vulnerability assessment and mitigation, including assessment of failures and their consequences.
• Capabilities related to the principles, methods, and tools for assessing vulnerabilities and developing or recommending appropriate mitigation countermeasures.
• Understanding of networking/distributed computing environment concepts.
• Understands principles of client/server concept and configurations.
• Strong analytical, administrative, presentation, and project management skills are required.
• Must have strong communication skills (both written and verbal).

What we offer

The opportunity to join a company that will invest in you for the long-term. STERIS couldn’t be where it is today without our incredible people. That’s why we share in our success together by rewarding you for your hard work. Hiring people who are in it for the long run with STERIS is our ultimate goal. We do this by providing competitive salaries, healthcare benefits, tuition assistance, paid-time off, holidays, matching 401(k), annual merit, and incentive plans. Join us and help write our next chapter.

#LI-SA2 #ZRSA-1