Principal Product Security Engineer (REMOTE)

at  Stryker Corporation

WHY ENGINEERING AT STRYKER?

At Stryker we are dedicated to improving lives, with a passion for researching and developing new medical device products. As an engineer at Stryker, you will be proud of the work that you will be doing, using cutting-edge technologies to make healthcare better. Here, you will work in a supportive culture with other incredibly talented and intelligent people, creating industry-leading medical technology products. You will also have growth opportunities as we have a culture that supports your personal and professional development.
Need another reason to apply? Check out these 8 reasons to join Stryker’s engineering team: https://www.strykercareersblog.com/post/8-reasons-to-join-strykers-engineering-team
We are proud to be named one of the World’s Best Workplaces and a Best Workplace for Diversity by Fortune Magazine! Learn more about our award-winning organization by visiting stryker.com

KNOWLEDGE AND CAPABILITIES:

• Demonstrated knowledge of various vulnerability management aspects including SBOM generation, vulnerability assessments, threat modeling, security risk assessment processes, and security patching best practices.
• Proficient in identifying security vulnerabilities across several areas of computing such as cloud, distributed applications, embedded systems, or IOT.
• Thorough understanding of the current revisions of NIST, ISO, and other related security frameworks especially those that apply to vulnerability management.
• Proven experience building successful working relationships with internal and external personnel in various departments.
• Expertise in applying security control frameworks, security risk assessments, and scoring the severity of security threats and vulnerabilities.
• Proficient in using one or more vulnerability scanning tools.
• Proven expertise working with product development teams in a broad number of computing environments.
• Excellent written and verbal communication skills.
• Proven ability to facilitate meetings to accomplish goals and objectives in a collaborative environment.
• Proven ability to develop and analyze procedural documents and associated artifacts.
• Demonstrated ability to understand and communicate how objectives fit into broader organizational goals, prioritize tasks, and develop timelines and work estimates.

KNOW SOMEONE AT STRYKER?

Be sure to have them submit you as a referral prior to applying for this position. Learn more about our employee referral program on our referral page
Stryker is driven to work together with our customers to make healthcare better. Employees and new hires in sales and field roles that require access to customer accounts as a function of the job may be required, depending on customer requirements, to obtain various vaccinations as an essential function of their role

TECHNICAL RESPONSIBILITIES:

• Create and own strategies that prioritize objectives for creating effective vulnerability management processes across the entire lifecycle of medical device and associated solutions.
• Develop efficient solutions for determining the disposition of vulnerabilities produced through internal assessments and analysis efforts throughout the product lifecycle.
• Guide product development teams in completing overall vulnerability management procedures within a defined security risk management process.
• Work with product teams and product security services teams to develop and optimize the generation, repositories, and version management of software bills of material (SBOM) for a variety of medical device technologies.
• Design and implement SBOM configuration management solutions to enable continuous vulnerability management processes.
• Develop and own the policy and process of coordinated vulnerability disclosure.
• Review current state and desired state of vulnerability assessment capabilities to define a roadmap needed improvements.
• Work with tool vendors to develop and implement vulnerability management solutions associated with in-market medical devices and health software products.
• Develop standards and internal guidance for the timeliness of security patches for medical products and related systems.
• Apply regulatory guidance and industry best practices to drive strategies for product security procedures and work instructions.
• Provide product security guidance and leadership to internal taskforce teams.
• Collaborate with product teams to assess security risks and drive design decisions for new products and related systems based on vulnerability assessment results.
• Develop and deliver presentations and communications to clearly convey security topics up to the senior leadership level.
• Collaborate with Stryker enterprise functions to leverage domain expertise and capabilities and identify areas of opportunity.
• Recommend efficiency and process improvements to product security capabilities and functions.