Product Security Analyst (US Shift)

Life Unlimited. At Smith+Nephew, we design and manufacture technology that takes the limits off living. Join our dynamic team and embark on an exciting journey of innovation and growth as we seek a hard-working and dedicated individual for role of Product Security Analyst (US shift) to join our Global IT team.

You will work in collaboration with Product Cybersecurity Engineer focused on delivering product security scanning and threat models to cross-functional stakeholders across product security and product development teams with the ultimate goal of ensuring Smith + Nephew products and their data is secure and resilient to cybersecurity threats. What will you be doing? Role will collaborate with Product Cybersecurity Engineer focused on overseeing and required to continue maintaining, configuring, and leveraging the existing product security tools related to static application security testing (SAST), dynamic application security testing (DAST), software composition analysis (SCA) and software bill of materials (SBOM), fuzz testing, and threat modeling You will be responsible for collaborating with a diverse cohort of internal stakeholders to design, engineer, and ensure implementation of security tools that are utilized through the entire product lifecycle (e.g. threat model, Static Application Security Testing, Dynamic Application Security Testing, Software Composition Analysis).

Responsible for running security scans (e.g. Static Application Security Testing, Dynamic Application Security Testing, Software Composition Analysis) and support the creation of Software Bill of Materials (SBOMs) based on an understanding of the products and the tools. Initiate and manage security scans across threat modelling, SAST, DAST, SCA, and SBOM tools.

Monitor scan completion, troubleshoot failures, and drive issues to resolution. Maintain user guide for each tool and ensure users are trained. Distribute scan results and reports to relevant teams, stakeholders.

Support developers working in tools. Ensure vulnerabilities are properly routed and triaged. What will you need to be successful?

Education: Bachelor’s degree in a Computer Science or related field, or an equivalent combination of training and experience. Licenses/ Certifications: Current CISM, CISSP, CRISC, or equivalent certification preferred. Operating Mode: Work from office – Hybrid, 2 days in a week working in US shift – 5:30 PM to 2:30 AM IST.

Experience: 3+ years in hands-on cybersecurity experience. Ability to run security tools and complete troubleshooting. Strong understanding of mitigating security controls.

Vulnerability Management and Application Security. Threat modelling and SBOM generation. HIPAA, FDA, ISO 27001/2, NIST CSF, and OWASP Experience creating threat models and generating SBOMs.

Excellent customer service skills and problem resolution. Experience in being able to manage and prioritize multiple tasks in an effective manner. Ability to work independently and proactively without daily direction.

Working across multiple teams and business lines. You. Unlimited.

We believe in crafting the greatest good for society. Our strongest investments are in our people and the patients we serve. Inclusion + Belonging - Committed to Welcoming, Celebrating and Thriving.

Learn more about our Employee Inclusion Groups on our website Other reasons why you will love it here! Your Future: Major Medical coverage + Policy exclusions and insurance non-medical limit. Educational Assistance.

Work/Life Balance: Flexible Personal/Vacation Time Off, Privilege Leave, Floater Leave. Your Wellbeing: Parents / Parents in Law’s Insurance, Employee Assistance Program, Parental Leave. Flexibility : Hybrid Work Model (For most professional roles) Training: Hands-On, Team-Customized, Mentorship Extra Perks: Free Cab Transport facility for all employees, One Time Meal provided to all employees as per shift.

Night Shift Allowances. #YS1