Job was saved successfully.
Job was removed from Saved Jobs.

Job Details


Product Security Engineer (Remote) (R454989)

Law Enforcement and Security

Diplomatic Security



Knoxville, Tennessee, United States

COVID-19 vaccination requirements

Stryker is driven to work together with our customers to make healthcare better. In order to fulfill our commitment as a federal contractor, while focusing on the health and safety of our employees and those that we serve, COVID-19 vaccines will be required for all Stryker US employees effective January 4, 2022, as well as all new US employees joining our company. Fully vaccinated persons are those who are >=14 days post-completion of the primary series of an FDA-authorized COVID-19 vaccine. If you are applying to a sales and field role which requires access to customer accounts as a function of your job, you may be required, depending on customer requirements, to obtain the COVID-19 vaccination before the January 4 effective date of Stryker's vaccine policy. For more information, please visit our COVID-19 Vaccination Requirements FAQs page.

Why join Stryker?

We are proud to be named one the World’s Best Workplaces and a Best Workplace for Diversity by Fortune Magazine! Learn more about our award-winning organization by visiting

Our benefits include bonuses; commissions; healthcare; insurance benefits; retirement programs; stock based plans; paid time off plans; family and parenting leaves; tuition reimbursement; wellness programs; onsite fitness centers and cafeterias; discount purchase programs; and service and performance awards – not to mention various social and recreational activities.

What you will do-

This position works to conduct security assessments on software as a medical device products and solutions. You will help to create, define, and implement security controls and software requirements in collaboration with product development teams and product owners. You will also work with security stakeholders in other organizations to make decisions and help lead initiatives to ensure timely delivery of security solutions that support business objectives.

The position is responsible for assessing the compliance of application development and platform processes against the Information Security Management System (ISMS) policies and division departmental standards using ISO 27001 and other industry security models as guidance.

In this role, you will an opportunity to define a high standard for software security for multiple products and technologies that help surgeons provide positive patient outcomes.

Technical Responsibilities:

  • Coordinate the implementation of CI/CD security testing and auditing

  • Coordinate Vulnerability testing with internal teams or consultants

Business Responsibilities:

  • Work with the product teams to perform security design/code reviews and threat modeling

  • Build threat models and conduct risk assessments for new features and services

  • Collect evidence of adherence to cyber controls for specific software products and platforms

Med Device Compliance:

  • Create security user stories and security test cases for products and track them to completion with the development teams

  • Help respond to security and data privacy breaches by collecting information and researching evidence of unauthorized access to data

General Responsibilities:

  • Plan and execute security testing, and update testing plans to ensure known vulnerabilities will not resurface

  • Analyze vulnerabilities, rate their severity, propose, track and review fixes

  • Provide technical guidance to ensure that product features and services are built with security in mind

  • Work with other product security leads to standardize best practices and quality levels

What you need-

Minimum Qualifications:

  • Bachelor's degree is required (Degree in computer science or related preferred)

  • 4+ years related experience is required

Preferred Qualifications:

  • Understanding of Cloud Services, like AWS, Azure or GCP

  • Understanding of Docker, Kubernetes and CI/CD pipeline

  • Hands on experience on security testing like SAST, DAST and Pen testing

  • Experience using tools like Kali Linux and Metasploit for penetration testing

  • Thorough understanding of CVSSv3, CWE, OWASP Top 10, CIS Top 20

  • Experience researching and reporting on security incidents

  • Experience programming in one or more of the following: Java, C/C++, C#, Python, JavaScript

  • Administrative knowledge of operating systems including Linux and Windows

  • Knowledge of application security vulnerabilities, secure coding, and countermeasures

  • Experience with secure SDLC, governance and compliance concepts

  • Thorough understanding of ISO 80001 and its relationship to ISO 14971 in the healthcare or medical device industry

  • Experience documenting evidence to demonstrate security control compliance

  • Experience working in an ISO 27001 certified environment

  • An active cyber security certification such as Certified Ethical Hacker (CEH), Comp TIA Security +, or Certified Information Systems Security Professional (CISSP) strongly preferred

** This job may be performed remotely from anywhere in the United States, except that this job may not be filled or performed in Colorado. **


Know someone at Stryker?

Be sure to have them submit you as a referral prior to applying for this position. Learn more about our employee referral program at

About Stryker

Stryker is one of the world’s leading medical technology companies and, together with our customers, is driven to make healthcare better. We offer innovative products and services in Orthopaedics, Medical and Surgical, and Neurotechnology and Spine that help improve patient and hospital outcomes.

We are proud to be named one of the World’s Best Workplaces and a Best Workplace for Diversity by Fortune Magazine! Learn more about our award-winning organization by visiting