Principal Product Security Engineer - Embedded (REMOTE)

Work Flexibility: Remote

Who We Want:

The Principal Product Security Engineer will be a valued professional within the Stryker Product Security organization. They will work with product development team members during the systems development processes to guide product teams with security controls through concept, requirements, design and build phases of new/evolving product. This Engineer will focus mainly on embedded devices, but can support cloud, mobile devices (iOS, Android, and others) in the IoT ecosystem, to shape how the security of Stryker products is defined before release to market. This role will drive the consistent generation of threat models, security requirements, aligned design, build and configuration of products through definition and execution of validation, verification, and post-market processes, as needed throughout the product lifecycle.

What You Will Do:

 Technical Responsibilities:

• Collaborate with product teams to assess security risks and drive design decisions for new and evolving products and related systems.
• Guide product development teams in completing threat models as input into security risk analysis processes.
• Assemble Security requirements applicable to the new or evolving product under consideration.
• Support the Security Assurance team working with product teams to guide the generation of software bills of material for a variety of medical device technologies.
• Support product security incident response (PSIRT) teams, when needed, so they can effectively address (contain or remediate) and then document security incidents.
• Draft internal and external communications summarizing details concerning security concepts used in requirements, design, and build phases related to medical products and related systems.
• Provide product security guidance and leadership to internal taskforce teams.
• Develop and deliver presentations and communications to clearly convey complex technical topics up to next level leaders.
• Recommend efficiency and process improvements.

Knowledge and Capabilities:

• Thorough understanding of the current revisions of FDA, NIST, ISO, IEC and other related security frameworks.
• Proven experience building successful working relationships with internal and external personnel in various departments.
• Expertise in applying security control frameworks, threat modeling, and scoring the severity of security threats and vulnerabilities.
• Experience analyzing and selecting embedded hardware that enabled security controls to be established, along with designing secure products, as part of a broad eco-system (embedded devices + clouds + mobile devices) in the IoT ecosystems that healthcare providers need and expect to support safety.

What You Will Need:

Basic Qualifications:

• Bachelor's Degree in product security, computer science, mathematics, statistics, or related field
• 8+ years of applicable (product) security work experience

Preferred Qualifications:

• Master’s degree in security related discipline
• Understands quality management systems, preferably in the healthcare, medical device, or industries that leverage cyber-physical systems.
• Experience implementing secure technologies in embedded devices, clouds and mobile devices using secure controls, including but not limited to transport and communication protocols.
• One or more active, industry recognized, and relevant cybersecurity certifications.

• $126k - $279k salary plus bonus eligible + benefits. Actual minimum and maximum may vary based on location. Individual pay is based on skills, experience, and other relevant factors.

Travel Percentage: 10%

Stryker Corporation is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status. Stryker is an EO employer – M/F/Veteran/Disability.

Stryker Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.