Remote and finance Jobs

The Product Security Principal Engineer focused on Vulnerability Management and Incident Response of Stryker Products is a valued professional within the Stryker Product Security organization. They lead efforts to execute and continually improve the effectiveness of the vulnerability management processes for Stryker products and when the need arises, can take lead on coordinating incident response activities.

The Principal Engineer will develop strategies and plans to create, sustain, and optimize the various aspects of vulnerability management including roles, processes, and technologies for Stryker medical devices and advanced solutions including AI, XR, and IoMT. This role will work in manual and automated solutions to manage software bill of materials and within other security tools for continuous vulnerability monitoring, and vulnerability resolution processes throughout the product lifecycle.

What You Will Do:

 Technical Responsibilities:

• Create and own strategies that prioritize objectives for creating effective vulnerability management processes across the entire lifecycle of medical device and associated solutions.
• Develop efficient solutions for determining the disposition of vulnerabilities produced through internal assessments and analysis efforts throughout the product lifecycle.
• Guide product development teams in completing overall vulnerability management procedures within a defined security risk management process.
• Work with product teams and product security services teams to develop and optimize the generation, repositories, and version management of software bills of material (SBOM) for a variety of medical device technologies.
• Design and implement SBOM configuration management solutions to enable continuous vulnerability management processes.
• Develop and own the policy and process of coordinated vulnerability disclosure.
• During the occurrence of security events or incidents on Stryker products, this individual will have the capability to take lead in coordinating incident response with product teams and other members in Product Security.

Knowledge and Capabilities:

• Demonstrated knowledge of various vulnerability management aspects including SBOM management, triggering or supporting vulnerability and security risk assessments, along with software patching leading practices.
• Proficient in identifying security vulnerabilities across several areas of computing such as cloud, distributed applications, embedded systems, or IOT.
• Thorough understanding of the current revisions of NIST, ISO, and other related security frameworks especially those that apply to vulnerability management.
• Expertise in applying security control frameworks, security risk assessments, and scoring the severity of security threats and vulnerabilities.
• Demonstrated ability to understand and communicate how objectives fit into broader organizational goals, prioritize tasks, and develop timelines and work estimates.
• Experience analyzing and supporting enablement of security controls, along with designing secure products, as part of a broad eco-system (embedded devices + clouds + mobile devices) in the IoT ecosystems that healthcare providers need and expect to support safety.

What You Will Need:

Basic Qualifications:

• Bachelor's Degree in product security, computer science, mathematics, statistics, or related field
• 8+ years of applicable (product) security work experience

Preferred Qualifications:

• Understands security risk management processes in the healthcare or medical device industry.
• Experience leading CIRT/SIRT teams in a cybersecurity or product security organization.
• Experience working in a SOC/SOM team.

• $129k - $286k salary plus bonus eligible + benefits. Actual minimum and maximum may vary based on location. Individual pay is based on skills, experience, and other relevant factors.