Manager, Product & Platform Cybersecurity Engineering

At STERIS, we help our Customers create a healthier and safer world by providing innovative healthcare and life science product and service solutions around the globe.

Position Summary The Manager, Product & Platform Cybersecurity Engineering leads the strategy, development, and implementation of a unified cybersecurity framework for medical devices, data‑handling systems, and connected services across multiple business units. You will establish product security baselines, determine applicability of

NIST SP 800

‑53 controls, and oversee a team responsible for control mapping, verification, and evidence generation throughout the software development life cycle. You will operationalize

NIST CSF

2.0 and embed

NIST SP 800

‑218 secure‑by‑design practices into engineering pipelines to elevate product security maturity and improve release quality. You will partner closely with the Product Regulatory Cybersecurity and Quality/Regulatory teams to ensure compliance with healthcare and medtech premarket and postmarket requirements, including FD&C §524B and industry standards such as

IEC 81001

‑5‑1 and

ISO/IEC 27001

2022. You will serve as both a strategic leader and hands‑on expert—translating cybersecurity risks into backlog priorities, guiding engineering teams through secure design and verification, advising leaders on practical risk remediation and compensating controls, and defining enterprise requirements for secure development infrastructure and product operations. •This position is located onsite in Mentor, Ohio with the opportunity for a hybrid work schedule. What You'll Do as a Manager, Product and Platform Cybersecurity Engineering Coordinate with the product development, implementation and CPE teams in the specification, development, verification, and deployment of security measures in new, currently marketed, and legacy products, which run Linux, Windows, or embedded operating systems. Propose solutions and defines the technical direction for product security development efforts. Shares responsibility for ensuring secure architecture designs. Own the development and execution of security plans and product security specifications for new and legacy products. Lead cybersecurity risk management activities, including threat modeling and vulnerability assessments. Work with the product team to perform vulnerability scans, assessments, and specify risk controls on software prior to release. Participate in design and code reviews to identify security-related issues and recommends design changes as appropriate. Coordinate with development teams in penetration and fuzz testing and third-party attestations of cyber devices. Implement secure code and server configuration practices within products and supporting infrastructure. Responsible for customer facing product security documents such as MDS2 forms (Manufacturer Disclosure Statement for Medical Device Security) and medical device security labelling. Provide level 3 support on product security issues and questions that are escalated to Engineering. Facilitate product security incident response and coordinated vulnerability disclosure. Develop awareness of security concerns, shares best engineering practices, and creates/updates procedures to ensure compliance. Continuously expands broader team knowledge and expertise in cybersecurity.

The Experience, Skills and Abilities Needed Required:

Bachelors Degree in Software Engineering, Computer Engineering, Electrical Engineering or related technical degree required. 10+ years of product software development experience. 5+ years new product development cybersecurity experience. 2+ years managing a team in a new product development (NPD) or Cybersecurity capacity. Experience working in a highly regulated industry, ie: Medical Device, Automotive, Aerospace, etc. Experience in the following: Working knowledge and understanding of security engineering, system and network security, authentication, network and web-related protocols, cryptography, or application security Software development processes and secure coding Developing security procedures and product security specifications Vulnerability/penetration testing TCP/IP, UDP, HTTP, HTTPS, routing protocols Experience with secure design, configuration, and installation of networked devices such as servers, client PCs, NAS drives, and mobile devices, preferably on a hospital network. Use of development tools to facilitate and automate the analysis of software systems and code for security deficiencies.

Preferred:

Medical device industry experience. Secure web and server-side application development; REST or GraphQL web services. Identity management, authentication, DDKG, cryptography, and encryption, including data encryption in transfer and at rest. Experience with system administration and network security, including firewalls, VPNs, SSH, Site-to-Site tunnels, and network certificates. Hardening Linux systems to DoD RMF standards. What STERIS Offers We value our employees and are committed to providing a comprehensive benefits package that supports your health, well-being and financial future. Here is a brief overview of what we offer: Market Competitive PayExtensive Paid Time Off and (9) added HolidaysExcellent Healthcare, Dental and Vision BenefitsLong/Short Term Disability Coverage401(k) with a company matchMaternity and Paternity LeaveAdditional add-on benefits/discounts for programs such as Pet InsuranceTuition Reimbursement and continued education programsExcellent opportunities for advancement in a stable long-term career #LI-KK1Pay range for this opportunity is $143,750 - $158,125.00. This position is eligible for bonus participation. Minimum pay rates offered will comply with county/city minimums, if higher than range listed. Pay rates are based on a number of factors, including but not limited to local labor market costs, years of relevant experience, education, professional certifications, foreign language fluency, etc. STERIS offers a comprehensive and competitive benefits portfolio. Click here for a complete list of benefits: STERIS Benefits Open until position is filled. STERIS is a leading global provider of products and services that support patient care with an emphasis on infection prevention.

WE HELP OUR CUSTOMERS CREATE A HEALTHIER AND SAFER WORLD

by providing innovative healthcare and life sciences products and services around the globe. For more information, visit www.steris.com. If you need assistance completing the application process, please call 1 (440) 392.7047. This contact information is for accommodation inquiries only and cannot be used to check application status. STERIS is an Equal Opportunity Employer. We are committed to equal employment opportunity to ensure that persons are recruited, hired, trained, transferred and promoted in all job groups regardless of race, color, religion, age, disability, national origin, citizenship status, military or veteran status, sex (including pregnancy, childbirth and related medical conditions), sexual orientation, gender identity, genetic information, and any other category protected by federal, state or local law. We are not only committed to this policy by our status as a federal government contractor, but also we are strongly bound by the principle of equal employment opportunity. The full affirmative action program, absent the data metrics required by § 60-741.44(k), shall be available to all employees and applicants for employment for inspection upon request. The program may be obtained at your location's HR Office during normal business hours.