Senior Staff Security Engineer

Responsibilities:

• Architect and implement security solutions across public cloud platforms (AWS Azure GCP) to ensure application security identity management and data protection. Enforce best practices for securing onprem as well as cloud services resources and APIs.
• Develop and execute vulnerability management strategies including regular scans (using tools like Qualys Orca Veracode etc.) and the timely remediation of security weaknesses. Generate detailed reports on vulnerabilities provide risk assessments and coordinate with teams for effective resolution.
• Conduct threat modeling exercises for the platform components and applications. Identify potential attack vectors security weaknesses and vulnerabilities early in the design and development process. Implement mitigation strategies and collaborate with teams to address risks proactively.
• Design and implement automation for security processes to enhance scalability security and stability. Leverage tools like Terraform Ansible and CloudFormation to automate the deployment of security controls at scale.
• Integrate security into our CI/CD pipelines to ensure that security testing (e.g. static/dynamic analysis SCA) is automated and runs as part of the deployment process. Embed automated vulnerability scanning policy enforcement and other security practices into the pipeline.
• Work closely with development teams to ensure secure coding practices are followed and that security is embedded throughout the software development lifecycle (SDLC). Provide guidance and handson expertise to help developmement and QA teams.
• Manage and configure SIEM tools like Orca and Wazuh to monitor and detect security threats across our cloud environments. Analyze security events and logs respond to incidents and continuously improve detection and response capabilities.
• Maintain comprehensive documentation of security policies threat models vulnerability management reports incident response plans and best practices.
• Provide regular security reports to stakeholders including metrics and assessments of the security posture.
• Ensure that security measures align with industry compliance standards and regulatory requirements and assist with relevant audits and accreditions (SOC 2 HIPAA FedRAMP).

Competencies:

• Strong knowledge of cloud platform security (AWS Azure GCP) including networking Storage Compute IAM data encryption Identity management Access management AD SSO SAML and securing cloudnative services.
• Experience with security methodologies (e.g. SAST SCA DAST penetration testing) and tools (Veracode Qualys Orca Black Duck)
• Strong understanding of network security protocols (firewalls intrusion detection/prevention systems)
• Experience automating and integrating security workflows using tools such as Terraform Ansible CloudFormation Jenkins or similar.
• Strong handson experience remediating code based vulnerabilities and scripting/automating remediation scripts.
• Experience configuring and using SIEM for security monitoring log analysis and threat detection.
• Strong communication and collaboration skills especially in crossfunctional teams.
• Ability to explain complex security concepts to technical and nontechnical stakeholders.
• Strong analytical and problemsolving skills with the ability to act quickly in highpressure situations.
• Leadership abilities to mentor junior engineers and advocate for security best practices.

Requirements:

• Bachelors degree in computer science Engineering or a related field.
• 6 years of experience in security engineering or a related field with a focus on cloud security vulnerability management and automation.
• 4 years of experience with public cloud platforms (AWS strongly preferred) and securing cloudnative infrastructures.
• Minimum of 3 years of hands on development experience in a common programming language. (Java strongly preferred).
• Flexibility to occasionally work US Pacific Standard Time (PST) hours as needed.

Stryker is a global leader in medical technologies and together with its customers is driven to make healthcare better. The company offers innovative products and services in MedSurg Neurotechnology Orthopedics and Spine that help improve patient and healthcare outcomes. Alongside its customers around the world Stryker impacts more than 150 million patients annually.