Principle Product Security Engineer

Principal Product Security Engineer, Orthopedics/Robotics

Life Unlimited. At Smith+Nephew, we design and manufacture technology that takes the limits off living!

The Smith + Nephew Product Cybersecurity Engineer - Robotics, in collaboration with Global IT, R&D and Compliance Teams, will provide hands on cybersecurity architecture and engineering services with the ultimate goal of ensuring Smith + Nephew Robotics products and their data is secure and resilient to cybersecurity threats.

You will serve as the definitive voice of cybersecurity considerations for Smith + Nephew's portfolio of Robotic and Surgical Enabler technologies, capital devices, digital accessories, connected infrastructures and software applications.

You will identify, develop, and implement technical and process driven cybersecurity requirements and controls. Requirements and controls will be sourced from processes driven activities (ex. Policies, Standards, Frameworks, Threat Modelling and Risk Assessments) and technical assessments (ex. Code Analysis, Requirements Analysis, Static Application Security Testing, Dynamic Application Security Testing, Software Composition Analysis, and Penetration Testing). Requirements and controls will range from hardening activities and requirements (Identify/Protect) to incident response (Detect, Respond, Recover).

What will you do?

• Technical Cybersecurity Architecture and Engineering Services - Lead the Architecting, Designing, and Implementation of managed and repeatable cybersecurity requirements and controls in support of multiple Smith + Nephew Robotics and Surgical Enabler technologies, capital devices, digital accessories, connected infrastructures and software applications.
• Product Cyber Security Risk Management and Threat Modelling - Lead the creation and maintenance of Product Cybersecurity Risk Registers and Threat Models (STRIDE, Kill Chain Analysis) throughout the development lifecycle to identify and mitigate cybersecurity deficiencies as early in the development lifecycle as possible.
• Product Cybersecurity Testing and Assessment - Lead the execution and integration of cybersecurity testing and assessment activities throughout the development lifecycle to identify and mitigate cybersecurity deficiencies. Develop technical solutions and integrate automated security tools and processes to help mitigate security vulnerabilities. This includes but is not limited to: Vulnerability Testing, Penetration Testing, Code Analysis, Endpoint Protections, etc.
• Incident Response - support best practice (ISO 29147/30111) product cyber security incident response services (IR).
• Secure-Software Development Life Cycle - Help develop and mature Global Product & Digital Health Cybersecurity Strategy and Secure-Software Development Life Cycle (S-SDLC) to ensure robust cyber security controls are present and effective in our products from product conceptualization through commercial launch and ultimately product/product family decommissioning.

Location:

Andover, MA | Pittsburgh, PA | Remote

15% travel required to Pittsburgh, PA

What will you need to be successful?

• Education: Bachelor's degree in life science, computer science, information systems and/or equivalent formal training or work experience.
• 8+ years of experience in product/device security, application security, or IT information security.
• Licenses/ Certifications: Current CISSP, CRISC, CISA, GIAC or equivalent certification preferred., SANS-related certifications acceptable
• 8+ years in hands-on cybersecurity experience.
• Strong understanding of mitigating security controls
• Vulnerability Management, Penetration Testing, Code Security
• Security Governance models
• IT Risk and Vendor Risk Assessments
• FDA and other medical device regulators
• Knowledge of cyber security standard frameworks such as ISO and NIST
• Understanding of network infrastructure, including firewalls, web proxy and/or email architecture- particularly as they apply in a mitigating control functionality
• Experience with different cloud computing platforms and the cloud security framework.
• Ability to design, recommend, plan, develop and support implementation of innovative security solutions.
• Excellent written and oral communication skills.
• Excellent customer service skills and problem resolution.

You Unlimited.

We believe in creating the greatest good for society. Our strongest investments are in our people and the patients we serve.

• Inclusion, Diversity and Equity: Committed to Welcoming, Celebrating and Thriving on Diversity, Learn more about Employee Inclusion Groups on our website (https://www.smith-nephew.com/)
• Your Future: 401k Matching Program, 401k Plus Program, Discounted Stock Options, Tuition Reimbursement
• Work/Life Balance: Flexible Personal/Vacation Time Off, Paid Holidays, Flex Holidays, Paid Community Service Day
• Your Wellbeing: Medical, Dental, Vision, Health Savings Account (Employer Contribution of $500+ annually), Employee Assistance Program, Parental Leave, Fertility and Adoption Assistance Program
• Flexibility: Hybrid Work Model (For most professional roles)
• Training: Hands-On, Team-Customized, Mentorship
• Extra Perks: Discounts on fitness clubs, travel and more!

Smith+Nephew is committed to the full inclusion of all qualified individuals. As part of this commitment, Smith+Nephew will ensure that persons with disabilities are provided reasonable accommodations. If reasonable accommodation is needed, please alert the recruiter if you are selected to move forward.

The anticipated base compensation range for this position is $140,000 - $150,000 USD annually. The actual base pay offered to the successful candidate will be based on multiple factors, including but not limited to job-related knowledge/skills, experience, geographical location, and internal equity. It is not typical for an individual to be hired at the high end of the range for their role at Smith +Nephew.

Compensation decisions are dependent upon the facts and circumstances of each position and candidate. In addition to base pay, we provide competitive bonus, discretionary long term incentive plan (senior level roles) and benefits, which include medical, dental, and vision coverage, 401k, tuition reimbursement, medical leave programs, parental leave, and generous PTO (accrual of 12 hours per month to a max of 18 days), 10 paid company holidays annually and 8 hours of Volunteer time and a variety of wellness offerings such as EAP.

Smith+Nephew provides equal employment opportunities to applicants and employees without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, protected veteran status, or disability.