This position works to conduct security assessments on software as a medical device products and solutions. You will help to create, define, and implement security controls and software requirements in collaboration with product development teams and product owners. You will also work with security stakeholders in other organizations to make decisions and help lead initiatives to ensure timely delivery of security solutions that support business objectives.
The position is responsible for assessing the compliance of application development and platform processes against the Information Security Management System (ISMS) policies and division departmental standards using ISO 27001 and other industry security models as guidance.
In this role, you will an opportunity to define a high standard for software security for multiple products and technologies that help surgeons provide positive patient outcomes.
Coordinate the implementation of CI/CD security testing and auditing
Coordinate Vulnerability testing with internal teams or consultants
Work with the product teams to perform security design/code reviews and threat modeling
Build threat models and conduct risk assessments for new features and services
Collect evidence of adherence to cyber controls for specific software products and platforms
Med Device Compliance:
Create security user stories and security test cases for products and track them to completion with the development teams
Help respond to security and data privacy breaches by collecting information and researching evidence of unauthorized access to data
Plan and execute security testing, and update testing plans to ensure known vulnerabilities will not resurface
Analyze vulnerabilities, rate their severity, propose, track and review fixes
Provide technical guidance to ensure that product features and services are built with security in mind
Work with other product security leads to standardize best practices and quality levels
What you need-
Bachelor's degree is required (Degree in computer science or related preferred)
4+ years related experience is required
Understanding of Cloud Services, like AWS, Azure or GCP
Understanding of Docker, Kubernetes and CI/CD pipeline
Hands on experience on security testing like SAST, DAST and Pen testing
Experience using tools like Kali Linux and Metasploit for penetration testing
Thorough understanding of CVSSv3, CWE, OWASP Top 10, CIS Top 20
Experience researching and reporting on security incidents
Administrative knowledge of operating systems including Linux and Windows
Knowledge of application security vulnerabilities, secure coding, and countermeasures
Experience with secure SDLC, governance and compliance concepts
Thorough understanding of ISO 80001 and its relationship to ISO 14971 in the healthcare or medical device industry
Experience documenting evidence to demonstrate security control compliance
Experience working in an ISO 27001 certified environment
An active cyber security certification such as Certified Ethical Hacker (CEH), Comp TIA Security +, or Certified Information Systems Security Professional (CISSP) strongly preferred
** This job may be performed remotely from anywhere in the United States, except that this job may not be filled or performed in Colorado. **
Stryker is one of the world's leading medical technology companies and, together with our customers, we are driven to make healthcare better. The Company offers a diverse array of innovative products and services in Orthopaedics, Medical and Surgical, and Neurotechnology and Spine that help improve patient and hospital outcomes. Stryker is active in over 100 countries around the world.
Together with our customers, we are driven to make healthcare better.
At Stryker, quality is first in everything we do. We are driven to make healthcare better for our customers by
providing innovative products and services that meet regulatory requirements through our effective quality system.
The Company was founded in 1941 by Dr. Homer Stryker and incorporated in 1946 as the Orthopedic Frame Company. In 1964, the Company’s name was changed to Stryker Corporation.
• $13.6 billion in annual sales in 2018; annual revenue has grown for 39 straight years
• 17.1% CAGR (compound annual growth rate) in sales over 39 years
• ~36,000 employees globally in 2018
• 43 manufacturing and research & development locat...ions worldwide
• Included in the Standard & Poor’s 500 Index
• Ranked # 233 on Fortune Magazine’s “FORTUNE 500” list for 2019
• Ranked # 3 on Fortune Magazine’s “World’s Most Admired Companies” list for the “Medical Equipment” industry for 2019
• Ranked # 11 on Fortune Magazine’s “100 Best Companies to Work For” list (U.S.) for 2019
• Spent $862 million on R&D in 2018
• 7,784 patents owned globally in 2018
• Initial public offering of stock was in 1979
• Listed on the New York Stock Exchange under ticker SYK