PRINCIPAL PRODUCT SECURITY ENGINEER, ORTHOPEDICS/ROBOTICS

Life Unlimited . At Smith+Nephew, we design and manufacture technology that takes the limits off living!
The Smith + Nephew Product Cybersecurity Engineer - Robotics, in collaboration with Global IT, R&D and Compliance Teams, will provide hands on cybersecurity architecture and engineering services with the ultimate goal of ensuring Smith + Nephew Robotics products and their data is secure and resilient to cybersecurity threats.
You will serve as the definitive voice of cybersecurity considerations for Smith + Nephew’s portfolio of Robotic and Surgical Enabler technologies, capital devices, digital accessories, connected infrastructures and software applications.
You will identify, develop, and implement technical and process driven cybersecurity requirements and controls. Requirements and controls will be sourced from processes driven activities (ex. Policies, Standards, Frameworks, Threat Modelling and Risk Assessments) and technical assessments (ex. Code Analysis, Requirements Analysis, Static Application Security Testing, Dynamic Application Security Testing, Software Composition Analysis, and Penetration Testing). Requirements and controls will range from hardening activities and requirements (Identify/Protect) to incident response (Detect, Respond, Recover).

• Technical Cybersecurity Architecture and Engineering Services - Lead the Architecting, Designing, and Implementation of managed and repeatable cybersecurity requirements and controls in support of multiple Smith + Nephew Robotics and Surgical Enabler technologies, capital devices, digital accessories, connected infrastructures and software applications.
• Product Cyber Security Risk Management and Threat Modelling - Lead the creation and maintenance of Product Cybersecurity Risk Registers and Threat Models (STRIDE, Kill Chain Analysis) throughout the development lifecycle to identify and mitigate cybersecurity deficiencies as early in the development lifecycle as possible.
• Product Cybersecurity Testing and Assessment - Lead the execution and integration of cybersecurity testing and assessment activities throughout the development lifecycle to identify and mitigate cybersecurity deficiencies. Develop technical solutions and integrate automated security tools and processes to help mitigate security vulnerabilities. This includes but is not limited to: Vulnerability Testing, Penetration Testing, Code Analysis, Endpoint Protections, etc.
• Incident Response - support best practice (ISO 29147/30111) product cyber security incident response services (IR).
• Secure-Software Development Life Cycle - Help develop and mature Global Product & Digital Health Cybersecurity Strategy and Secure-Software Development Life Cycle (S-SDLC) to ensure robust cyber security controls are present and effective in our products from product conceptualization through commercial launch and ultimately product/product family decommissioning.