Description :

What will you be doing ?

- Your will contribute, Technical Cybersecurity Architecture and Engineering Services.

- Define and ensure implementation of cybersecurity requirements and controls in support of multiple Smith + Nephew technologies, capital devices, digital accessories, connected infrastructures and software applications.

Product Security Testing and Assessment :

- Be responsible for the execution and integration of cybersecurity testing, assessment activities throughout the development lifecycle which includes but is not limited to Static Application Security Testing, Dynamic App Security Testing, and Software Composition Analysis.

Vulnerability response support :

- Provide technical expertise in evaluating and assessing potential vulnerabilities, support vulnerability response efforts, and efficiently communicate risks and mitigation strategies to the business.

Secure-Software Development Life Cycle :

- Help develop and mature Global Product Security Strategy and (S-SDLC) to ensure robust cyber security controls are present and effective in our products from product conceptualization through commercial launch and ultimately product/product family decommissioning.

Threat model :

- Provide technical leadership and proficiency in crafting comprehensive threat models using industry-standard methods in close collaboration with the product teams and the product security engineers.

What will you need to be successful :

Education : Bachelor's or equivalent experience or Masters degree in Computer Science or Information Technology.

- To align with our global operations and diverse team, we ask that you provide your CV in English.

- This will facilitate detailed communication with our hiring managers worldwide.

- Licenses/Certifications : Current CISM, CISSP, CRISC, or similar certification preferred.

- Experience : Minimum 3+ years of experience in hands-on cybersecurity experience.

- Good understanding of mitigating security controls.

- Vulnerability Management, Penetration Testing, Code Security.

- Good to have FDA and other medical device regulators experience.

- Knowledge of cyber security standard frameworks such as HIPAA, FDA, ISO 27001/2, NIST CSF, and OWASP.

- Understanding of network infrastructure, including firewalls, web proxy and/or email architecture particularly as they apply in a mitigating control functionality.

- Experience with different cloud computing platforms and the cloud security framework.

- Ability to craft, recommend, plan, guide, and support implementation of innovative security solutions.

- Understand the current Medical Device market, including what customers want to see with regards to product security.

- Understanding of back-channels typically used by threat actors for malicious activity.

- Understanding of different connectivity protocols and any risks involved with them.

- Superb communication, collaboration, and relationship building and collaborator engagement skills.

- Working from Office for 2 days Hybrid Kharadi, Pune.

- Shift Timings UK shift (12 : 30 PM to 9 : 30 PM IST).

Other reasons why you will love it here!.

- Your Future : Major Medical coverage + Policy exclusions and insurance non-medical limit.

Educational Assistance :

- Work/Life Balance : Flexible Personal/Vacation Time Off, Privilege Leave, Floater Leave.

- Your Wellbeing : Parents / Parents in Laws Insurance, Employee Assistance Program, Parental Leave.

- Flexibility : Hybrid Work Model (For most professional roles).

- Training : Hands-On, Team-Customized, Mentorship.

- Extra Perks : Free Cab Transport facility for all employees, One Time Meal provided to all employees as per shift.