Principal Product Security Engineer (REMOTE)

Work Flexibility: Remote

What You Will Do:

 Product Security is driven to make healthcare better by ensuring that Stryker designs, develops, and maintains industry leading cyber secure products for our customers.  We are seeking a highly skilled Secure Product Lifecycle Expert to ensure the security of our medical devices across their entire lifecycle.  This role is critical in embedding robust security practices into our software development lifecycle (SDL), overseeing post-market security management, and integrating product security into our quality management systems (QMS).  The ideal candidate will have experience with embedded systems, a strong understanding of security maturity frameworks such as BSIMM, and familiarity with secure product lifecycle standards like ISO 81001-5-1.

Key Responsibilities:

• Secure Development Lifecycle (SDL): Establish and maintain a robust SDL framework, integrating secure coding, threat modeling, and security testing for embedded systems and IoT devices while ensuring compliance with industry regulations (e.g., FDA, IEC 62304, ISO 81001-5-1).

• Post-Market Security Management: Develop and oversee security monitoring, vulnerability management, and incident response, ensuring timely patches and regulatory compliance while collaborating with external stakeholders.

• Quality Management System (QMS) Integration: Embed security processes into the QMS, support audits, and drive continuous improvements for alignment with security standards such as ISO 81001-5-1.

• Security Maturity & Collaboration: Apply security maturity frameworks (e.g., BSIMM), align with secure product lifecycle standards, and work cross-functionally with R&D, IT, and regulatory teams to prioritize security.

What You Will Need:

Required Qualifications:

• Bachelor's degree in Cybersecurity, Computer Science, or related field with 8+ years of experience, strong expertise in secure development, embedded systems security, and regulatory compliance 8+ years of related experience
• Proficiency in security frameworks (e.g., NIST, OWASP, MITRE ATT&CK) and standards such as FDA cybersecurity guidance, IEC 62304, ISO 14971, and GDPR.
• Experience with threat modeling, penetration testing, security assessments, and the ability to communicate cybersecurity concepts across technical and non-technical teams.
• Industry certifications (e.g., CISSP, CSSLP, CISM),
• Experience in medical devices or regulated industries with familiarity in risk management processes (e.g., FedRAMP, RMF, ATO).

Preferred Qualifications:

• Experience conducting HIPAA security assessments.
• Familiarity with VA or DHA risk management processes (FedRAMP, RMF, ATO).

 

• $129k - $286k salary plus bonus eligible + benefits. Actual minimum and maximum may vary based on location. Individual pay is based on skills, experience, and other relevant factors.

Travel Percentage: 10%

Stryker Corporation is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status. Stryker is an EO employer – M/F/Veteran/Disability.

Stryker Corporation will not discharge or in any other manner discriminate against employees or applicants because they have inquired about, discussed, or disclosed their own pay or the pay of another employee or applicant. However, employees who have access to the compensation information of other employees or applicants as a part of their essential job functions cannot disclose the pay of other employees or applicants to individuals who do not otherwise have access to compensation information, unless the disclosure is (a) in response to a formal complaint or charge, (b) in furtherance of an investigation, proceeding, hearing, or action, including an investigation conducted by the employer, or (c) consistent with the contractor’s legal duty to furnish information.