Senior Staff Product Security Engineer, Embedded (REMOTE)

at  Stryker Corporation

WHY ENGINEERING AT STRYKER?

At Stryker we are dedicated to improving lives, with a passion for researching and developing new medical device products. As an engineer at Stryker, you will be proud of the work that you will be doing, using cutting-edge technologies to make healthcare better. Here, you will work in a supportive culture with other incredibly talented and intelligent people, creating industry-leading medical technology products. You will also have growth opportunities as we have a culture that supports your personal and professional development.
Need another reason to apply? Check out these 8 reasons to join Stryker’s engineering team: https://www.strykercareersblog.com/post/8-reasons-to-join-strykers-engineering-team
We are proud to be named one of the World’s Best Workplaces and a Best Workplace for Diversity by Fortune Magazine! Learn more about our award-winning organization by visiting stryker.com

KNOW SOMEONE AT STRYKER?

Be sure to have them submit you as a referral prior to applying for this position. Learn more about our employee referral program on our referral page
Stryker is driven to work together with our customers to make healthcare better. Employees and new hires in sales and field roles that require access to customer accounts as a function of the job may be required, depending on customer requirements, to obtain various vaccinations as an essential function of their role

WHAT YOU WILL DO:

Product Security is driven to make healthcare better by ensuring that Stryker designs, develops, and maintains industry leading cyber secure products for our customers. As a Senior Staff Product Security Engineer, you will improve the safety, integrity, and resilience of medical devices developed by the Acute Care business unit at Stryker Medical and their embedded software. You will participate in project planning, product cybersecurity risk analysis, and risk mitigation strategies. You will lead various product cybersecurity tasks and activities established by product design controls and SDLC procedures and you will be involved in all facets of the product development life cycle. The ideal candidate is excited to protect our customers and their patients through the design and implementation of effective security controls.

KEY RESPONSIBILITIES:

• Understand the overall technical capabilities of our products, typical deployment scenarios, and drive platform security posture improvement.
• Collaborate with product teams to create comprehensive product cybersecurity threat models. Guide security risk analysis including threat identification, severity scoring, and selection of appropriate controls to mitigate risks.
• Work closely with cross-functional teams, including Quality, Regulatory, and Marketing in driving alignment around medical device cybersecurity standards and regulations.
• Support all facets of product hardware and software security including system hardening, automated and manual penetration testing, vulnerability scanning, and issue remediation.
• Identify product vulnerabilities through design review, code review, and security testing.
• Lead and own vulnerability and incident response activities through assessing applicability, exploitability, and impact with product teams; developing POC exploits; and planning and executing mitigation and remediation to closure.
• Leverage and implement DevSecOps to create efficiencies in managing security posture of our products.
• Support cybersecurity documentation requests from legal and sales teams on an as-needed basis.
• Lead product teams on conversations from a security PoV. Author and contribute artifacts such as Security Assessment, MDS2, Security Risk, Threat Model, SBOM, OSS etc.
• Coordinate security war gaming activities with R&D product teams to enhance security practices and overall security posture throughout life of a product.