Product Security Engineer (Remote) (R454989)
Stryker is driven to work together with our customers to make healthcare better. In order to fulfill our commitment as a federal contractor, while focusing on the health and safety of our employees and those that we serve, COVID-19 vaccines will be required for all Stryker US employees effective January 4, 2022, as well as all new US employees joining our company. Fully vaccinated persons are those who are >=14 days post-completion of the primary series of an FDA-authorized COVID-19 vaccine. If you are applying to a sales and field role which requires access to customer accounts as a function of your job, you may be required, depending on customer requirements, to obtain the COVID-19 vaccination before the January 4 effective date of Stryker's vaccine policy. For more information, please visit our COVID-19 Vaccination Requirements FAQs page.Why join Stryker?
We are proud to be named one the World’s Best Workplaces and a Best Workplace for Diversity by Fortune Magazine! Learn more about our award-winning organization by visiting stryker.com
Our benefits include bonuses; commissions; healthcare; insurance benefits; retirement programs; stock based plans; paid time off plans; family and parenting leaves; tuition reimbursement; wellness programs; onsite fitness centers and cafeterias; discount purchase programs; and service and performance awards – not to mention various social and recreational activities.
What you will do-
This position works to conduct security assessments on software as a medical device products and solutions. You will help to create, define, and implement security controls and software requirements in collaboration with product development teams and product owners. You will also work with security stakeholders in other organizations to make decisions and help lead initiatives to ensure timely delivery of security solutions that support business objectives.
The position is responsible for assessing the compliance of application development and platform processes against the Information Security Management System (ISMS) policies and division departmental standards using ISO 27001 and other industry security models as guidance.
In this role, you will an opportunity to define a high standard for software security for multiple products and technologies that help surgeons provide positive patient outcomes.
Coordinate the implementation of CI/CD security testing and auditing
Coordinate Vulnerability testing with internal teams or consultants
Work with the product teams to perform security design/code reviews and threat modeling
Build threat models and conduct risk assessments for new features and services
Collect evidence of adherence to cyber controls for specific software products and platforms
Med Device Compliance:
Create security user stories and security test cases for products and track them to completion with the development teams
Help respond to security and data privacy breaches by collecting information and researching evidence of unauthorized access to data
Plan and execute security testing, and update testing plans to ensure known vulnerabilities will not resurface
Analyze vulnerabilities, rate their severity, propose, track and review fixes
Provide technical guidance to ensure that product features and services are built with security in mind
Work with other product security leads to standardize best practices and quality levels
What you need-
Bachelor's degree is required (Degree in computer science or related preferred)
4+ years related experience is required
Understanding of Cloud Services, like AWS, Azure or GCP
Understanding of Docker, Kubernetes and CI/CD pipeline
Hands on experience on security testing like SAST, DAST and Pen testing
Experience using tools like Kali Linux and Metasploit for penetration testing
Thorough understanding of CVSSv3, CWE, OWASP Top 10, CIS Top 20
Experience researching and reporting on security incidents
Administrative knowledge of operating systems including Linux and Windows
Knowledge of application security vulnerabilities, secure coding, and countermeasures
Experience with secure SDLC, governance and compliance concepts
Thorough understanding of ISO 80001 and its relationship to ISO 14971 in the healthcare or medical device industry
Experience documenting evidence to demonstrate security control compliance
Experience working in an ISO 27001 certified environment
An active cyber security certification such as Certified Ethical Hacker (CEH), Comp TIA Security +, or Certified Information Systems Security Professional (CISSP) strongly preferred
** This job may be performed remotely from anywhere in the United States, except that this job may not be filled or performed in Colorado. **
Know someone at Stryker?
Be sure to have them submit you as a referral prior to applying for this position. Learn more about our employee referral program at https://careers.stryker.com/referrals/About Stryker
Stryker is one of the world’s leading medical technology companies and, together with our customers, is driven to make healthcare better. We offer innovative products and services in Orthopaedics, Medical and Surgical, and Neurotechnology and Spine that help improve patient and hospital outcomes.
We are proud to be named one of the World’s Best Workplaces and a Best Workplace for Diversity by Fortune Magazine! Learn more about our award-winning organization by visiting stryker.com