Principal Product Security Engineer

About The Position

Requirements

• Must be willing to work locally from our office in Lafayette, Colorado (On-Site 4 days/week)
• EDUCATION REQUIRED: Bachelor’s Degree
• YEARS OF EXPERIENCE: 7+ years of cybersecurity experience with a bachelor's degree
• 5+ years of cybersecurity experience with a master's degree
• SPECIALIZED SKILLS OR EXPERIENCE:
• Ability to work in a team-oriented environment
• Experience working in an agile environment
• Knowledge of cybersecurity standards, including IEC 81001-5-1
• Knowledge of FDA pre and post-market cybersecurity guidance
• Ability to navigate and align with Regulatory, Quality, and other cross functions.
• Superb written and oral communication skills
• Experience working in medical device space
• Experience communicating with external stakeholders, such as auditors and customers
• Experience with vulnerability monitoring software, such as Dependency-Track
• Experience with threat modeling tools, such as Microsoft Threat Modeling Tool
• Experience with penetration testing, SAST, and DAST tools

Nice To Haves

• A valid cybersecurity certification, such as CISSP, CSSLP, CISM, CySA+ or Security+

Responsibilities

• Act as point person for the AC&M organization on product security, taking accountability for the organization’s security posture
• Answer questions related to product security during internal and external audits
• Maintain the product security Confluence site and organize documentation related to product security
• Establish and lead implementation of roadmap of goals for product security team and organization
• Organize day-to-day activities of the product security team members and lead standups
• Provide mentorship and guidance to junior and senior product security engineers
• Support definition of roles and responsibilities for product security
• Provide guidance to R&D project teams on security controls and assist with security-focused design and code reviews
• Collaborate with the Medtronic Product Security Office and other R&D organizations to ensure alignment
• Collaborate with project teams to create, review, and maintain threat models
• Assist project teams with creating security architecture diagrams
• Assist project teams with performing and documenting security risk assessments
• Evaluate project deliverables for compliance with security-related standards and guidance
• Assist with creation of MDS2 forms and answering product security questions from customers
• Assist project teams with executing and reviewing results from SAST and DAST tools
• Capture metrics to measure the organization’s security posture
• Respond to product security incidents and work with customers on security-related issues
• Provide security training and documentation to the R&D organization as needed
• Assist project teams with building and reviewing SBOMs
• Assist project teams with analyzing vulnerabilities identified by penetration testing and SBOM analysis

Benefits

• Medtronic offers a competitive Salary and flexible Benefits Package
• We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage.
• Health, Dental and vision insurance, Health Savings Account, Healthcare Flexible Spending Account, Life insurance, Long-term disability leave, Dependent daycare spending account, Tuition assistance/reimbursement, and Simple Steps (global well-being program).
• Incentive plans, 401(k) plan plus employer contribution and match, Short-term disability, Paid time off, Paid holidays, Employee Stock Purchase Plan, Employee Assistance Program, Non-qualified Retirement Plan Supplement (subject to IRS earning minimums), and Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums).