Principal Product Security Engineer
Principal Product Security Engineer
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
The Product Security Principal Architect is a valued professional within the Stryker organization. They work with product development team members during the digital systems development processes on effective security controls. Stryker has products that reside on bespoke embedded devices applications on mobile devices (iOS and Android) or personal computers along with services deployed in the clouds (Azure AWS GCP). This person has the ability to shape the security of Stryker products before release to market and the responsibility to guide teams to build Security by Default enabling products to be resilient in the marketplace.
This role will help through consistent generation of threat models with risk scoring identifying the effective security controls during requirements refined during design then applied at build and configuration provide oversight through verification and validation. Once the product is onmarket this team also aids others with the security investigations and response as needed throughout the product life.
What You Will Do:
Technical Responsibilities:
- Collaborate with product teams to assess security risks and drive design decisions for new and evolving products and related systems ensuring secure by design.
- Guide product development teams in completing threat models towards security as it relates to product risk.
- Assemble Security requirements applicable to the new or evolving product under consideration.
- Working with product teams to remediate issues or vulnerabilities found by security tooling or reports for Strykers variety of medical device technologies.
- Support product security incident response (PSIRT) teams when needed so they can effectively address (contain or remediate) and then document security incidents.
- Draft internal and external communications summarizing details concerning security concepts used in requirements design and build phases related to medical products and related systems.
- Provide product security guidance to internal taskforce teams.
Knowledge and Capabilities:
- Understanding of the current revisions from FDA NIST ISO IEC on the related security topics.
- Expertise in applying security control frameworks threat modeling and scoring the severity of security threats and vulnerabilities.
- Experience analyzing and supporting enablement of security controls along with designing secure products as part of a broad ecosystem (embedded devices clouds mobile devices) in the IoT ecosystems that healthcare providers need and expect to support safety.
- Driven to stay up to date on vulnerabilities and exploits that may affect the Stryker ecosystem across several areas of computing such as cloud distributed applications embedded systems or IoT.
What You Will Need:
Basic Qualifications:
- Bachelors Degree in product security computer science mathematics statistics or related field
- 8 years of applicable (product) security work experience
Preferred Qualifications:
- Masters degree in security related discipline
- Understands quality management systems in the healthcare medical device or industries that leverage cyberphysical systems.
- Experience implementing secure technologies in embedded devices clouds and mobile devices using secure controls including but not limited to transport and communication protocols.
- One or more active industry recognized and relevant cybersecurity certifications.
- $129k $286k salary plus bonus eligible benefits. Actual minimum and maximum may vary based on pay is based on skills experience and other relevant factors.
Required Experience:
Staff IC
Employment Type
Full-Time
