Posted On: 09-May-2023 | Last Date to Apply: 30-Jun-2023 | No: of Vacancies : 1
Company Profile:
Stryker is one of the world’s leading medical technology companies and together with our customers we are driven to make healthcare better We offer innovative products and services in Medical and Surgical Neurotechnology Orthopaedics and Spine that help improve patient and hospital outcomes
Job description:
What you will do
Act as subject matter expert on secure lifecycle for a digital product eco system
Responsible for understanding the overall technical capabilities of a product, typical deployment scenarios
Partner with product teams to perform threat modeling and drive the associated security requirements.
Help product teams to prioritize roadmap items to balance security and business risks.
Work closely with product teams in assessing the risks, mitigations and preparing responses to external organizations.
Perform manual and automated security code review for complex Desktop, Web and Mobile applications to identify security flaws.
Leverage DevSecOps to embed security testing into all phases of SDLC to eliminate the repeated steps and drive efficiency (SAST, DAST and IAST)
Formulates security testing needs
Supports RnD to implement security risk controls and findings from internal/external audits
Defines post market monitoring plan including pen tests
Supports post market vulnerability assessments
What you need
Bachelor’s in Software/Electronics Engineering or equivalent degree.
Overall 9+ years of hands-on experience involving software and hardware platforms.
7+ years of experience in the field of security involving Thick Client, Web and Mobile applications.
Experience in testing interfaces like USB, WiFi, Ethernet, Bluetooth etc is a plus
Experience working with software development teams
Experience in NIST framework like using NIST SP 800-53 controls
Experience in automation of routine tasks using tools like Jenkins and/or scripting languages such as PowerShell, Ruby or Python.
Experience in web application security testing tools like Nessus, Metasploit, Burp Suite, SQL map, OWASP ZAP Proxy, HP Fortify.
Knowledge in CWE, OWASP Top 10 and WASC THREAT CLASSIFICATION 2.0 methodologies
Integrating tools like Synopsys Blackduck, Sonatype Nexus-IQ, etc for Software Composition Analysis
Professional certificate like CEH, SSCP, CompTIA CySA+/Security+ ,OSCP
Excellent communication and interpersonal skills.
Deep technical understanding of common security vulnerabilities and risks, as well as countermeasures and compensating controls