Senior Staff Product Security Engineer (REMOTE)

Minneapolis, MN, United States

We are excited to be named one of the World’s Best Workplaces by Fortune Magazine! We are proud to offer you 12 paid holidays annually, as well other great perks. For an overview of our benefits and time off, please follow this link to learn more: US Stryker employee benefits. (https://d25zu39ynyitwy.cloudfront.net/oms/000000/document/2024/6/SMVZW_USStrykerEmployeebenefits/USStrykerEmployeebenefits.pdf)

Who We Want:

Customer-oriented achievers – Individuals with an unparalleled work ethic and customer focused attitude who bring value to their partnerships.

Self-directed innovators - People who take ownership of their work and need no prompting to drive productivity, change, and outcomes.

Detail-oriented process improvers - Critical thinkers who naturally see opportunities to develop and optimize work processes – finding ways to simplify, standardize and automate.

Collaborative partners - People who build and leverage cross-functional relationships to bring together ideas, information, use cases, and industry analyses to develop best practices.

What You Will Do:

Product Security is driven to make healthcare better by ensuring that Stryker designs, develops, and maintains industry leading cyber secure products for our customers. As a Senior Staff Product Security Engineer , you will be responsible for ensuring the safety, integrity, and resilience of SaaS products developed by the Acute Care business unit at Stryker Medical. You will work with cross-functional stakeholders to identify, evaluate, and mitigate security risks across products. The ideal candidate is excited to advocate for the protection our customers and their patients through creation and implementation of efficient meaningful security processes.

Key Responsibilities:

Apply common risk assessment frameworks (e.g., NIST 800-53, ISO 27001) to assess security risks in relation to business objectives and risk tolerance.

Operate third party compliance programs (e.g., SOC2, HITRUST) through audits, gap assessments, and continuous monitoring.

Guide product teams in interpreting and mapping security requirements to control implementation.

Develop, update, and manage product security policies, procedures, and trainings based on industry security standards.

Identify security policy compliance issues and coordinate remediation with leadership and cross-functional stakeholders.

Monitor, analyze, and report product security metrics to provide visibility and accountability for the effectiveness of security tools and processes.

Assist sales teams in responding to customer queries about product security and organizational controls.

Maintain and operate vulnerability scanning and security monitoring solutions.

Investigate and coordinate response to security incidents and vulnerability reports including analysis of exploitability, remediation planning, and disclosure strategy.

Maintain vendor relationships for third-party security tools and services.

What You Will Need:

Basic Qualifications:

Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or related discipline

Minimum 6 years of related experience

Demonstrated competence with compliance, security, and privacy standards and frameworks (e.g., NIST 800-53, HIPAA, HITECH, GDPR, EU MDCG, SOC2, HITRUST)

Experience leading product security projects.

Solid understanding of security for SaaS applications and cloud-based services (e.g., AWS)

Strong ability to communicate cybersecurity information to engineering, sales, customers, and other non-subject matter experts.

Preferred Qualifications:

Experience conducting HIPAA security assessments.

Experience working in medical device, health care, or other regulated industry.

Professional cybersecurity certifications such as CISSP, CSSLP, CCSP, Security+, HCISSP, CISA, SSCP, and GSEC.

Familiarity with VA or DHA risk management processes (FedRAMP, RMF, ATO).

Understanding of encryption, authentication, authorization, and identity management technologies (e.g., LDAP, OAuth, PKI, FIPS 140-2).

Proficiency with available cybersecurity tools and their usage (e.g., Orca, Tenable, Qualys, CrowdStrike, Veracode, JamF, Okta etc.)

Familiarity with additional secure product lifecycle frameworks such as IEC 81001 5-1, IEC 62443 4-1

$112k - $239ksalary plus bonus eligible + benefits. Actual minimum and maximum may vary based on location. Individual pay is based on skills, experience, and other relevant factors.

Health benefits include: Medical and prescription drug insurance, dental insurance, vision insurance, critical illness insurance, accident insurance, hospital indemnity insurance, personalized healthcare support, wellbeing program and tobacco cessation program. Financial benefits include: Health Savings Account (HSA), Flexible Spending Accounts (FSAs), 401(k) plan, Employee Stock Purchase Plan (ESPP), basic life and AD&D insurance, and short-term disability insurance. Stryker offers innovative products and services in MedSurg, Neurotechnology, Orthopaedics and Spine that help improve patient and healthcare outcomes. Alongside its customers around the world, Stryker impacts more than 150 million patients annually. Depending on customer requirements employees and new hires in sales and field roles that require access to customer accounts as a function of the job may be required to obtain various vaccinations as an essential function of their role.

Stryker Corporation is an equal opportunity employer. Qualified applicants will receive consideration for employment without regard to race, ethnicity, color, religion, sex, gender identity, sexual orientation, national origin, disability, or protected veteran status. Stryker is an EO employer – M/F/Veteran/Disability.

#J-18808-Ljbffr