Principal Product Security Engineer (REMOTE)

Work Flexibility: Remote

What You Will Do:

 Product Security is driven to make healthcare better by ensuring that Stryker designs, develops, and maintains industry leading cyber secure products for our customers.  We are seeking a highly skilled Secure Product Lifecycle Expert to ensure the security of our medical devices across their entire lifecycle.  This role is critical in embedding robust security practices into our software development lifecycle (SDL), overseeing post-market security management, and integrating product security into our quality management systems (QMS).  The ideal candidate will have experience with embedded systems, a strong understanding of security maturity frameworks such as BSIMM, and familiarity with secure product lifecycle standards like ISO 81001-5-1.

Key Responsibilities:

• Secure Development Lifecycle (SDL): Establish and maintain a robust SDL framework, integrating secure coding, threat modeling, and security testing for embedded systems and IoT devices while ensuring compliance with industry regulations (e.g., FDA, IEC 62304, ISO 81001-5-1).

• Post-Market Security Management: Develop and oversee security monitoring, vulnerability management, and incident response, ensuring timely patches and regulatory compliance while collaborating with external stakeholders.

• Quality Management System (QMS) Integration: Embed security processes into the QMS, support audits, and drive continuous improvements for alignment with security standards such as ISO 81001-5-1.

• Security Maturity & Collaboration: Apply security maturity frameworks (e.g., BSIMM), align with secure product lifecycle standards, and work cross-functionally with R&D, IT, and regulatory teams to prioritize security.

What You Will Need:

Required Qualifications:

• Bachelor's degree in Cybersecurity, Computer Science, or related field with 8+ years of experience, strong expertise in secure development, embedded systems security, and regulatory compliance 8+ years of related experience
• Proficiency in security frameworks (e.g., NIST, OWASP, MITRE ATT&CK) and standards such as FDA cybersecurity guidance, IEC 62304, ISO 14971, and GDPR.
• Experience with threat modeling, penetration testing, security assessments, and the ability to communicate cybersecurity concepts across technical and non-technical teams.
• Industry certifications (e.g., CISSP, CSSLP, CISM),
• Experience in medical devices or regulated industries with familiarity in risk management processes (e.g., FedRAMP, RMF, ATO).

Preferred Qualifications:

• Experience conducting HIPAA security assessments.
• Familiarity with VA or DHA risk management processes (FedRAMP, RMF, ATO).

• $129k - $286k salary plus bonus eligible + benefits. Actual minimum and maximum may vary based on location. Individual pay is based on skills, experience, and other relevant factors.