Staff Product Security Engineer

Why engineering at Stryker?

At Stryker we are dedicated to improving lives, with a passion for researching and developing new medical device products. As an engineer at Stryker, you will be proud of the work that you will be doing, using cutting-edge technologies to make healthcare better. Here, you will work in a supportive culture with other incredibly talented and intelligent people, creating industry-leading medical technology products. You will also have growth opportunities as we have a culture that supports your personal and professional development.

Need another reason to apply? Check out these 8 reasons to join Stryker's engineering team: https://www.strykercareersblog.com/post/8-reasons-to-join-strykers-engineering-team

Who we want:

Dedicated achievers. People who thrive in a fast-paced environment and will stop at nothing to ensure a project is complete and meets regulations and expectations.

Curious learners. People who seek out cutting-edge research and information to expand and enhance their ability to be ready for what's next.

Self-directed initiators. People who take ownership of their work and need no prompting to drive productivity, change, and outcome

and will stop at nothing to ensure a project is complete and meets regulations and expectations

Inspires others. A genuine, relationship-focused leader who connects, collaborates and fosters an inclusive environment of enthusiasm, trust and pride. He/she makes others want to follow, building momentum for action and positively influencing outcomes.

Champions talent development. A manager who focuses on maximizing the ability, potential and contributions of themselves and others. Fosters an environment where people can excel through developing, coaching and rewarding performance.

What you will do:

The candidate must have a great inclination towards conducting deep rooted research on Embedded/IoT systems/devices in order to uncover the vulnerabilities and methods that can be used to compromise device security. He/She should have proven credentials in different phases for compromising device security:-

• Initial Reconnaissance (Understand product's internal as well as communication mechanism)
• Attack Surface Identification - Physical, Wireless, Wired & Web
• Threat Modelling (Identification of Actors and Entity Boundary)
• Protocol Endpoints - Read/Understand Protocol Specification, Gather Sample Protocol Implementations & Protocol Simulators, Testing with the Simulators and ability to write Scripts to Interact with The device
• Firmware Vulnerability Analysis - Firmware Extraction and Analysing Firmware, Vulnerability Analysis, Manual Reversing of Binaries, Understand Firmware Update Process
• Hardware Vulnerability Analysis - Identify and analyse Hardware Debug ports, Memory extraction and analysis, Malicious data injection
• Manage all facets of Vulnerability Assessment and Penetration testing involving embedded devices.
• Perform attacks and identify vulnerabilities on interfaces like USB, WiFi. Ethernet etc.
• Expertise/Familiarity with Hardware & Radio Security Testing:-
• Data extraction from external flash memory, UART Debug port testing, JTAG Debug port testing, Hardcoded Sensitive information in firmware, sensor manipulation, Bluetooth testing, Zigbee testing, Wi-Fi testing, MQTT testing, Radio testing etc.

What you need:

Minimum Qualifications (Required):

• Bachelor's in Software/Electronics Engineering or equivalent degree.
• 8+ years of hands-on experience in Vulnerability and Penetration Testing using tools like Kali, Nessus, Burpsuite, Qualys etc.
• Excellent communication and interpersonal skills.

Preferred Qualifications (Strongly desired):
Technical Skills:

• Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby or Python.
• Understanding of Cloud based environments like Azure and AWS.
• At least one professional certification like ECSA Practical/CPENT/LPT/OSCP/OSWE/OSCE or similar involving practical exams.
• Must be flexible, independent and self-motivated.
• Ability to conceptualize, eager to learn and detail orientation.
• Good to have: Prior work experience in medical devices.

About Stryker
Stryker is a global leader in medical technologies and, together with its customers, is driven to make healthcare better. The company offers innovative products and services in MedSurg, Neurotechnology, Orthopaedics and Spine that help improve patient and healthcare outcomes. Alongside its customers around the world, Stryker impacts more than 130 million patients annually. More information is available at stryker.com.