Senior Staff Product Security Engineer (Remote)

Work Flexibility: Remote
Who We Want:
The Product SecuritySenior Staff Engineer will work with Product Security, product development, and regulatory team members to effectively apply Product Security policies and procedures in pre-market and post-market scenarios. The Senior Staff Engineer will demonstrate a high degree of self-leadership and be able to mentor and influence their peers. They will have a deep understanding of cybersecurity principles, control frameworks and risk management processes as well as expertise in one or more specialty areas.
This position works to guide product development teams in developing secure products and conduct security risk assessments on software as a medical device products and solutions. You will help to create, define, and implement security controls and software requirements in collaboration with product development teams and product owners. You will also work with security stakeholders in other organizations to make decisions and help lead initiatives to ensure timely delivery of security solutions that support business objectives. In this role, you will an opportunity to define a high standard for software security for multiple products and technologies that help surgeons provide positive patient outcomes.
What You Will Do:
General:

• Develop presentations and communications to effectively convey complex security topics to leadership levels.
• Develop high quality strategies and lead plans to accomplish organizational goals.
• Provide technical guidance to ensure that product features and services are built with security in mind.
• Work with other Product Security leads to standardize best practices and quality levels.
• Manage expectations on timing and scope of project work.

Technical:

• Coordinate the implementation of DevSecOps (CI/CD) security testing and auditing.
• Coordinate and execute vulnerability analysis of software-enabled products.
• Execute strategies to implement standards and tools for security testing or software enabled products.
• Analyze vulnerabilities, rate their severity, and propose appropriate security controls to resolve security risks to an acceptable level.
• Respond to security events and incidents by collecting information and researching evidence of unauthorized access to data.
• Experience in mentoring product development teams in developing software bill of materials and assessing the risk of third-party software components (OTS and OSS).
• Review security deliverables and provide sound guidance to product teams on what is required to meet regulatory expectations.
• Build high-quality threat models and conduct risk assessments for new products.

• Collect evidence of adherence to cyber controls for specific software products and platforms

Knowledge & Capabilities:

• Proven experience working with product development teams in a broad number of computing environments.
• Expertise in an area of specialized computing such as cloud, distributed applications, embedded systems, or IOT.
• Experience in mentoring others in applying security control frameworks, threat modeling, and scoring the severity of security threats and vulnerabilities.
• Hands on experience with various types of security testing like SAST, DAST, fuzzing and penetration testing.
• Thorough understanding of public vulnerability resources, CVE/CWE vulnerability descriptors, and CVSS v3.0 scoring methods.
• Experience with secure SDLC, governance and compliance concepts.
• Proven competence in leading incident response and forensics activities and coordination across teams.
• Experience documenting evidence to demonstrate security control compliance.
• Excellent written and verbal communication skills.
• Proven ability to facilitate meetings to accomplish goals and objectives in a collaborative environment.
• Proven ability to develop and analyze procedural documents and associated artifacts.
• Demonstrated ability to understand and communicate how objectives fit into broader organizational goals, prioritize tasks, and develop timelines and work estimates.

What You Will Need:
Basic Qualifications:

• Bachelor of Science in Product Security, computer science, mathematics, statistics, or related field with applicable Product Security work experience
• 6+ years of related work experience
• One or more active, industry recognized, and relevant cybersecurity certifications.

Preferred Qualifications:

• Understands quality management systems preferably in the healthcare or medical device industry.
• Experience implementing secure network technologies, devices, and secure transport and communication protocols.

• $112k - $239k salary plus bonus eligible + benefits. Actual minimum and maximum may vary based on location. Individual pay is based on skills, experience, and other relevant factors.

Travel Percentage: 10%
Stryker Corporation is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status. Stryker is an EO employer - M/F/Veteran/Disability.
Stryker Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor's legal duty to furnish information.