Senior Staff Product Security Engineer (Remote)

Why engineering at Stryker?

At Stryker we are dedicated to improving lives, with a passion for researching and developing new medical device products. As an engineer at Stryker, you will be proud of the work that you will be doing, using cutting-edge technologies to make healthcare better. Here, you will work in a supportive culture with other incredibly talented and intelligent people, creating industry-leading medical technology products. You will also have growth opportunities as we have a culture that supports your personal and professional development.

Need another reason to apply? Check out these 8 reasons to join Stryker's engineering team:https://www.strykercareersblog.com/post/8-reasons-to-join-strykers-engineering-team

We are proud to be named one of the World’s Best Workplaces and a Best Workplace for Diversity by Fortune Magazine! Learn more about our award-winning organization by visiting stryker.com

Who We Want:

The Product SecuritySenior Staff Engineer will work with Product Security, product development, and regulatory team members to effectively apply Product Security policies and procedures in pre-market and post-market scenarios. The Senior Staff Engineer will demonstrate a high degree of self-leadership and be able to mentor and influence their peers. They will have a deep understanding of cybersecurity principles, control frameworks and risk management processes as well as expertise in one or more specialty areas.

This position works to guide product development teams in developing secure products and conduct security risk assessments on software as a medical device products and solutions. You will help to create, define, and implement security controls and software requirements in collaboration with product development teams and product owners. You will also work with security stakeholders in other organizations to make decisions and help lead initiatives to ensure timely delivery of security solutions that support business objectives. In this role, you will an opportunity to define a high standard for software security for multiple products and technologies that help surgeons provide positive patient outcomes.

What You Will Do:

General:

• Develop presentations and communications to effectively convey complex security topics to leadership levels.
• Develop high quality strategies and lead plans to accomplish organizational goals.
• Provide technical guidance to ensure that product features and services are built with security in mind.
• Work with other Product Security leads to standardize best practices and quality levels.
• Manage expectations on timing and scope of project work.

Technical:

• Coordinate the implementation of DevSecOps (CI/CD) security testing and auditing.
• Coordinate and execute vulnerability analysis of software-enabled products.
• Execute strategies to implement standards and tools for security testing or software enabled products.
• Analyze vulnerabilities, rate their severity, and propose appropriate security controls to resolve security risks to an acceptable level.
• Respond to security events and incidents by collecting information and researching evidence of unauthorized access to data.
• Experience in mentoring product development teams in developing software bill of materials and assessing the risk of third-party software components (OTS and OSS).
• Review security deliverables and provide sound guidance to product teams on what is required to meet regulatory expectations.
• Build high-quality threat models and conduct risk assessments for new products.

• Collect evidence of adherence to cyber controls for specific software products and platforms

Knowledge & Capabilities:

• Proven experience working with product development teams in a broad number of computing environments.
• Expertise in an area of specialized computing such as cloud, distributed applications, embedded systems, or IOT.
• Experience in mentoring others in applying security control frameworks, threat modeling, and scoring the severity of security threats and vulnerabilities.
• Hands on experience with various types of security testing like SAST, DAST, fuzzing and penetration testing.
• Thorough understanding of public vulnerability resources, CVE/CWE vulnerability descriptors, and CVSS v3.0 scoring methods.
• Experience with secure SDLC, governance and compliance concepts.
• Proven competence in leading incident response and forensics activities and coordination across teams.
• Experience documenting evidence to demonstrate security control compliance.
• Excellent written and verbal communication skills.
• Proven ability to facilitate meetings to accomplish goals and objectives in a collaborative environment.
• Proven ability to develop and analyze procedural documents and associated artifacts.
• Demonstrated ability to understand and communicate how objectives fit into broader organizational goals, prioritize tasks, and develop timelines and work estimates.

What You Will Need:

Basic Qualifications:

• Bachelor of Science in Product Security, computer science, mathematics, statistics, or related field with applicable Product Security work experience
• 6+ years of related work experience
• One or more active, industry recognized, and relevant cybersecurity certifications.

Preferred Qualifications:

• Understands quality management systems preferably in the healthcare or medical device industry.
• Experience implementing secure network technologies, devices, and secure transport and communication protocols.

• $112k - $239k salary plus bonus eligible + benefits. Actual minimum and maximum may vary based on location. Individual pay is based on skills, experience, and other relevant factors.

About Stryker

Our benefits:

• 12 paid holidays annually

• Health benefits include: Medical and prescription drug insurance, dental insurance, vision insurance, critical illness insurance, accident insurance, hospital indemnity insurance, personalized healthcare support, wellbeing program and tobacco cessation program.

• Financial benefits include Health Savings Account (HSA), Flexible Spending Accounts (FSAs), 401(k) plan, Employee Stock Purchase Plan (ESPP), basic life and AD&D insurance, and short-term disability insurance.

For a more detailed overview of our benefits or time off, please follow this link to learn more: US Stryker employee benefits
About Stryker
Stryker is a global leader in medical technologies and, together with its customers, is driven to make healthcare better. The company offers innovative products and services in MedSurg, Neurotechnology, Orthopaedics and Spine that help improve patient and healthcare outcomes. Alongside its customers around the world, Stryker impacts more than 130 million patients annually. More information is available at stryker.com.
Know someone at Stryker?
Be sure to have them submit you as a referral prior to applying for this position. Learn more about our employee referral program on our referral page
Stryker is driven to work together with our customers to make healthcare better. Employees and new hires in sales and field roles that require access to customer accounts as a function of the job may be required, depending on customer requirements, to obtain various vaccinations as an essential function of their role.