Principal Product Security Engineer (Remote)

Why engineering at Stryker?

At Stryker we are dedicated to improving lives, with a passion for researching and developing new medical device products. As an engineer at Stryker, you will be proud of the work that you will be doing, using cutting-edge technologies to make healthcare better. Here, you will work in a supportive culture with other incredibly talented and intelligent people, creating industry-leading medical technology products. You will also have growth opportunities as we have a culture that supports your personal and professional development.

Need another reason to apply? Check out these 8 reasons to join Stryker's engineering team:https://www.strykercareersblog.com/post/8-reasons-to-join-strykers-engineering-team

We are proud to be named one of the World’s Best Workplaces and a Best Workplace for Diversity by Fortune Magazine! Learn more about our award-winning organization by visiting stryker.com

Who We Want:

The Product Security Principal Engineer will be a valued professional within the Stryker Product Security organization. They will lead efforts to design, execute, and continually improve the effectiveness of the vulnerability management processes for Stryker products. The Principal Engineer will develop strategies and plans to create, sustain, and optimize the various aspects of vulnerability management including roles, processes, and technologies for Stryker medical devices and advanced solutions including AI, XR, and IoMT. This role will develop and optimize automated solutions for the generation of software bills of material, continuous vulnerability monitoring, and vulnerability resolution processes throughout the product lifecycle.

What You Will Do:

Technical Responsibilities:

• Create and own strategies that prioritize objectives for creating effective vulnerability management processes across the entire lifecycle of medical device and associated solutions.
• Develop efficient solutions for determining the disposition of vulnerabilities produced through internal assessments and analysis efforts throughout the product lifecycle.
• Guide product development teams in completing overall vulnerability management procedures within a defined security risk management process.
• Work with product teams and Product Security services teams to develop and optimize the generation, repositories, and version management of software bills of material (SBOM) for a variety of medical device technologies.
• Design and implement SBOM configuration management solutions to enable continuous vulnerability management processes.
• Develop and own the policy and process of coordinated vulnerability disclosure.
• Review current state and desired state of vulnerability assessment capabilities to define a roadmap needed improvements.
• Work with tool vendors to develop and implement vulnerability management solutions associated with in-market medical devices and health software products.
• Develop standards and internal guidance for the timeliness of security patches for medical products and related systems.
• Apply regulatory guidance and industry best practices to drive strategies for Product Security procedures and work instructions.
• Provide Product Security guidance and leadership to internal taskforce teams.
• Collaborate with product teams to assess security risks and drive design decisions for new products and related systems based on vulnerability assessment results.
• Develop and deliver presentations and communications to clearly convey security topics up to the senior leadership level.
• Collaborate with Stryker enterprise functions to leverage domain expertise and capabilities and identify areas of opportunity.
• Recommend efficiency and process improvements to Product Security capabilities and functions.

Knowledge and Capabilities:

• Demonstrated knowledge of various vulnerability management aspects including SBOM generation, vulnerability assessments, threat modeling, security risk assessment processes, and security patching best practices.
• Proficient in identifying security vulnerabilities across several areas of computing such as cloud, distributed applications, embedded systems, or IOT.
• Thorough understanding of the current revisions of NIST, ISO, and other related security frameworks especially those that apply to vulnerability management.
• Proven experience building successful working relationships with internal and external personnel in various departments.
• Expertise in applying security control frameworks, security risk assessments, and scoring the severity of security threats and vulnerabilities.
• Proficient in using one or more vulnerability scanning tools.
• Proven expertise working with product development teams in a broad number of computing environments.
• Excellent written and verbal communication skills.
• Proven ability to facilitate meetings to accomplish goals and objectives in a collaborative environment.
• Proven ability to develop and analyze procedural documents and associated artifacts.
• Demonstrated ability to understand and communicate how objectives fit into broader organizational goals, prioritize tasks, and develop timelines and work estimates.

What You Will Need:

Basic Qualifications:

• Bachelor's Degree in Product Security, computer science, mathematics, statistics, or related field
• 8+ years of applicable (product) security work experience required.

Preferred Qualifications:

• Master's Degree in security related discipline preferred.
• Understands security risk management processes preferably in the healthcare or medical device industry.
• Direct experience working in a product focused vulnerability management process.
• One or more active, industry recognized, and relevant cybersecurity certifications.

• $126k - $279k salary plus bonus eligible + benefits. Actual minimum and maximum may vary based on location. Individual pay is based on skills, experience, and other relevant factors.

About Stryker

Our benefits:

• 12 paid holidays annually

• Health benefits include: Medical and prescription drug insurance, dental insurance, vision insurance, critical illness insurance, accident insurance, hospital indemnity insurance, personalized healthcare support, wellbeing program and tobacco cessation program.

• Financial benefits include Health Savings Account (HSA), Flexible Spending Accounts (FSAs), 401(k) plan, Employee Stock Purchase Plan (ESPP), basic life and AD&D insurance, and short-term disability insurance.

For a more detailed overview of our benefits or time off, please follow this link to learn more: US Stryker employee benefits
About Stryker
Stryker is a global leader in medical technologies and, together with its customers, is driven to make healthcare better. The company offers innovative products and services in MedSurg, Neurotechnology, Orthopaedics and Spine that help improve patient and healthcare outcomes. Alongside its customers around the world, Stryker impacts more than 130 million patients annually. More information is available at stryker.com.
Know someone at Stryker?
Be sure to have them submit you as a referral prior to applying for this position. Learn more about our employee referral program on our referral page
Stryker is driven to work together with our customers to make healthcare better. Employees and new hires in sales and field roles that require access to customer accounts as a function of the job may be required, depending on customer requirements, to obtain various vaccinations as an essential function of their role.