Senior Principal Product Security Engineer (Remote)
Location: Kalamazoo, Michigan
Internal Number: R441330
Product Security is driven to make healthcare better by ensuring that Stryker designs, develops and maintains industry leading cyber secure products for our customers. This corporate program guides and governs the implementation and maintenance of security across the global product portfolio. The program is responsible to ensure the security, integrity, and resilience of our products to protect our customers and their patients. These efforts help Stryker to improve quality, optimize product security features that bring safe and secure life-saving solutions to the world.
The Product Security Senior Principal Engineer will report to the Head of Product Security and support Stryker global businesses. In this role you will have the capability to directly influence technical innovation and enhance security maturity of our digital health services and product information networks.
What you will do-
Monitor global regulatory changes and emerging technologies related to Digital Health Cyber Security.
Actively participate in standards working groups and reviews (i.e. AAMI, NH-ISAC, AdvaMed, ISO, etc.).
Acts as subject matter expert for Product Security.
Research, select, test, and implement new technologies and tools that will be used to advance security across the company.
Facilitate the creation of Security policies for medical devices, including post-market software management and software bill of materials.
Act as subject matter expert and consult, as necessary, with new product development (NPD) teams as the implement Product Security.
Define and own Managed Technology Blocks that will be available across the company.
Work closely with leadership and teams from all Stryker divisions to implement security controls and cloud service offerings for NPD and sustainment activities.
Coordinate and monitor vulnerability assessments and communications from all Stryker Divisions.
Advising on risk table and mitigation approaches.
Guide software technology and architecture documentation related to Product Security (Software requirements specifications, Software Architecture Diagrams, Risk mitigation traceability).
Follows established quality measures to assess overall success of team and information security program and provides reports to leadership. Recommends changes to established quality measurements as appropriate.
Encourages ongoing skill development by providing opportunities for continued education.
What you need-
Bachelor's Degree in Computer Science, Information Systems, Engineering or related field is required. (An advanced degree is preferred).
10+ years of experience in product cyber security, software design, or embedded software engineering is required.
Direct experience with Microsoft Cloud very strongly preferred
Strong, demonstrable security architecture experience in Azure, AWS, and hybrid environments.
Knowledge of ISO/IEC, NIST, EU MDR/MDCG standards and requirements.
Knowledge of System and Software Development Processes and Lifecycles for new product development
Experience in the use of Agile software development
Experience in the integration of security enablement in DevOps (DevSecOps)
Experience with risk management methodologies, trending, design control, threat modelling, vulnerability ranking, and product enhancements (bug fixes/ patch delivery)
Experience in developing and delivering detailed training and presentations
Demonstrated experience in developing and streamlining key aspects of quality system procedure definition to ensure compliance with applicable regulations
Experience with incident response teams and efforts, including documentation
Demonstrated knowledge of networks and network troubleshooting techniques
Demonstrated knowledge of SW Licensing and configuration management
Demonstrated knowledge of Program/Project Management
Experience in supporting compliance requirements for industry certifications (HIPAA, SOC2 Type 2, and CMMC) are preferred.
CISSP, CSSLP, CCSP or Azure Security Engineer/AWS Certified Security, CEH or LPT or other security specific certifications are preferred.
This job may be performed remotely from anywhere in the United States, except that this job may not be filled or performed in Colorado.
Stryker is one of the world's leading medical technology companies and, together with our customers, we are driven to make healthcare better. The Company offers a diverse array of innovative products and services in Orthopaedics, Medical and Surgical, and Neurotechnology and Spine that help improve patient and hospital outcomes. Stryker is active in over 100 countries around the world.
Together with our customers, we are driven to make healthcare better.
At Stryker, quality is first in everything we do. We are driven to make healthcare better for our customers by
providing innovative products and services that meet regulatory requirements through our effective quality system.
The Company was founded in 1941 by Dr. Homer Stryker and incorporated in 1946 as the Orthopedic Frame Company. In 1964, the Company’s name was changed to Stryker Corporation.
• $13.6 billion in annual sales in 2018; annual revenue has grown for 39 straight years
• 17.1% CAGR (compound annual growth rate) in sales over 39 years
• ~36,000 employees globally in 2018
• 43 manufacturing and research & development locat...ions worldwide
• Included in the Standard & Poor’s 500 Index
• Ranked # 233 on Fortune Magazine’s “FORTUNE 500” list for 2019
• Ranked # 3 on Fortune Magazine’s “World’s Most Admired Companies” list for the “Medical Equipment” industry for 2019
• Ranked # 11 on Fortune Magazine’s “100 Best Companies to Work For” list (U.S.) for 2019
• Spent $862 million on R&D in 2018
• 7,784 patents owned globally in 2018
• Initial public offering of stock was in 1979
• Listed on the New York Stock Exchange under ticker SYK