Principal Product Security Engineer (REMOTE)

Work Flexibility: Remote

Product Security is driven to make healthcare better by ensuring that Stryker designs, develops, and maintains industry-leading cyber secure products for our customers. We are seeking a highly skilled Secure Product Lifecycle Expert to ensure the security of our medical devices across their entire lifecycle. This role is critical in embedding robust security practices into our software development lifecycle (SDL), overseeing post-market security management, and integrating product security into our quality management systems (QMS). The ideal candidate will have experience with embedded systems, a strong understanding of security maturity frameworks such as BSIMM, and familiarity with secure product lifecycle standards like ISO 81001-5-1.

1. Secure Development Lifecycle (SDL): Establish and maintain a robust SDL framework, integrating secure coding, threat modeling, and security testing for embedded systems and IoT devices while ensuring compliance with industry regulations (e.g., FDA, IEC 62304, ISO 81001-5-1).
2. Post-Market Security Management: Develop and oversee security monitoring, vulnerability management, and incident response, ensuring timely patches and regulatory compliance while collaborating with external stakeholders.
3. Quality Management System (QMS) Integration: Embed security processes into the QMS, support audits, and drive continuous improvements for alignment with security standards such as ISO 81001-5-1.
4. Security Maturity & Collaboration: Apply security maturity frameworks (e.g., BSIMM), align with secure product lifecycle standards, and work cross-functionally with R&D, IT, and regulatory teams to prioritize security.

• Bachelor's degree in Cybersecurity, Computer Science, or related field with 8+ years of experience, strong expertise in secure development, embedded systems security, and regulatory compliance.

• Proficiency in security frameworks (e.g., NIST, OWASP, MITRE ATT&CK) and standards such as FDA cybersecurity guidance, IEC 62304, ISO 14971, and GDPR.

• Experience with threat modeling, penetration testing, security assessments, and the ability to communicate cybersecurity concepts across technical and non-technical teams.

• Industry certifications (e.g., CISSP, CSSLP, CISM).

• Experience in medical devices or regulated industries with familiarity in risk management processes (e.g., FedRAMP, RMF, ATO).

• Experience conducting HIPAA security assessments.

• Familiarity with VA or DHA risk management processes (FedRAMP, RMF, ATO).

Salary range: $129,600 - $286,500, plus bonus eligibility and benefits. Actual salary may vary based on location, skills, and experience. Individual pay is determined accordingly.

Travel Percentage: 10%

Stryker Corporation is an equal opportunity employer. Qualified applicants will receive consideration regardless of race, ethnicity, color, religion, sex, gender identity, sexual orientation, national origin, disability, or veteran status. Stryker prohibits discrimination and maintains a respectful workplace environment.