Senior Product Security Engineer

At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world. A Day in the Life In this critical role you will act as Senior Product Security Engineer, reporting to the Senior Engineering Director within the Product Security Office (PSO) in Corporate Quality. This role is a member of the PSIRT (Product Security Incident Response Team) which is responsible for monitoring, assessing impact, and coordinating Medtronic’s response to security vulnerabilities that could impact our medical device products. This team owns the Coordinated Vulnerability Disclosure Program. We believe that when people from different cultures, genders, and points of view come together, innovation is the result —and everyone wins. Medtronic walks the walk, creating an inclusive culture where you can thrive. Our unwavering commitment to inclusion, diversity, and equity (ID&E) means zero barriers to opportunity within Medtronic and a culture where all employees belong, are respected, and feel valued for who they are and the life experiences they contribute. We know equity starts beyond our workplace, and we must play a role in addressing systemic inequities in our communications if we hope to have long-term sustainable impact. Anchored in our Mission, we continue to drive ID&E forward both to enhance the well-being of Medtronic employees and to accelerate innovation that brings our lifesaving technologies to more people in more places around the world. At Medtronic, we bring bold ideas forward with speed and decisiveness to put patients first in everything we do. In-person exchanges are invaluable to our work. We’re working a minimum of 4 days a week onsite as part of our commitment to fostering a culture of professional growth and cross-functional collaboration as we work together to engineer the extraordinary. This position supports the PSIRT processes including vulnerability vigilance, signal monitoring, and incident response, and assists with managing the coordinated disclosure work at Medtronic. This role will collaborate with a diverse set of stakeholders to intake and assess vulnerabilities and/or incidents, determine their relevance to MDT products, and disposition the communication of these vulnerabilities, to key stakeholders. Familiarity of embedded systems, security environments, authoritative sources of vulnerability data, security scanning tools, and common attack vectors is important. Key objectives include: Support ongoing assessment of product security related “signals” pertaining to potential vulnerabilities and/or incidents regarding Medtronic connected products. Provide both planned and on-demand support for vulnerability assessments for Medtronic businesses in support of regulatory activities. Readiness for meeting forthcoming cybersecurity reporting requirements in CY 2026 from US Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) and EU Cyber Resilience Act. Support identification, documentation, and assessment of technology, tools, and associated processes in use by the PSO. Assist in developing an appropriate architecture framework in alignment with the key strategic pillars of Security by Design and Vulnerability Vigilance. Participate in conducting an industry assessment for appropriate tooling/solution selection if necessary. Implement proposed framework to improve PSO visibility, reporting, metrics, and overall maturity in the PSO strategy Support enterprise quality program for SBOMs (“Software Bill of Materials”) with adherence to industry defined standards such as CycloneDX, SPDX (“Software Package Data Exchange”), VEX (“Vulnerability Exploitability eXchange”), and the evolving needs of the SBOM program. Enable creation of high-quality SBOMs and dissemination of best practices for SBOM generation in support of need for both internal teams inside Medtronic and outside partners such as HDOs, regulators, and customers. Apply technical understanding of vulnerability management, security controls/threat modeling, penetration testing/DAST (“Dynamic Application Security Testing”). Partner with internal product teams to support implementation of mature DevSecOps practices, and drive improvements to existing product development processes (verification, validation, release).