AppSec Jobs
← Back to all jobs

Smith+Nephew

Product Security Analyst (US Shift)

Pune District, Maharashtra, IndiaWebsite

Full details on LinkedIn

The complete job description, requirements, and application details are available on the original posting.

About Smith+Nephew

Smith & Nephew is a medical device company specializing in the repair, regeneration, and replacement of soft and hard tissue. With a presence in over 35 countries, the company offers a diverse range of products in orthopaedics, endoscopy, advanced wound management, and rehabilitation. Founded in 1856 in Hull, UK, Smith & Nephew initially focused on pharmaceuticals before shifting to bandages and surgical dressings. The company has grown significantly over the years, particularly during the World Wars, and has expanded its product offerings through various acquisitions. Its portfolio includes advanced wound management products, orthopaedic devices, arthroscopy equipment, and first aid kits. Smith & Nephew values care, courage, and collaboration in its corporate culture.

Industry

medical devices

Employees

18,000

1225 engineers

Revenue

$6.2B

Website

Visit →

Security at Smith+Nephew

Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.

3 Intel Signals

Security Philosophy

The philosophy centers on 'DevSecOps' and 'Developer Enablement,' with a focus on fostering a culture of 'collaboration, engagement, and continuous learning.' The mission is to 'define and ensure implementation of cybersecurity requirements and controls' while driving initiatives that 'enhance the productivity, efficiency and quality of the software team.' Risk is managed through a formal 'enterprise risk management framework.'

Security Team

The AppSec function at Smith+Nephew appears to be integrated within 'Product Security.' Key leaders include Ashley Woyak Bellus (Product Security Director) and Sahil Bhirud (Product Security). While a specific reporting line to the CISO or CTO is not publicly stated, the company is actively hiring for Product Security Engineers to 'define and ensure implementation of cybersecurity requirements.' As of April 2026, there is at least one active posting for a Product Security Engineer. Total team size is not publicly available.

Key Initiatives

Active initiatives include the adoption of DevSecOps, automation of test coverage, and formal 'Vulnerability Management.' The company follows a Secure SDLC that incorporates design control requirements such as IEC 62304 and ISO 14971. There is no public evidence of a formal 'Security Champions' program or specific recent tool rollouts in the last six months.

Preparing for an AppSec interview?

Get the weekly briefing 2,000+ security pros trust.