Senior Product Security Penetration Testing Engineer

Medtronic•Mounds View, MN

20h

About The Position

At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world. A Day in the Life Act boldly. Compete to win. Move with speed and decisiveness. Foster belonging. Deliver results…the right way. That’s the Medtronic Mindset — our cultural norms. Our brand is rooted in action, not just words. The Medtronic Mindset defines the expectations of our culture. Every person here plays a role in bringing it to life. We recognize your extraordinary potential to ensure future generations live better, healthier lives. The Medtronic Product Security Office (PSO), within the Enterprise Quality organization, provides corporate-level oversight, services, strategy, and collaboration across the Medtronic Operating Units to safeguard medical devices. The Penetration Testing team within the Product Security Office is responsible for providing attacker-like testing, product assessments, and other feedback on the security of devices for Medtronic’s products to the distributed Operating Units across the organization. The Senior Product Security Penetration Testing Engineer will execute complex testing to identify vulnerabilities in Medtronic products and assist with the identification of mitigation strategies. This testing will occur throughout a product’s lifecycle for new product development and market-released products. This person will report to Enterprise Quality, members of this team will consult with product development and support organizations, scope assessments, conduct testing, summarize results, and report findings; all with a high degree of quality, autonomy, and speed.

Requirements

Requires a Bachelors degree and minimum of 4 years of relevant experience OR Master's degree with a minimum of 2 years relevant experience OR PhD with 0 years relevant experience.

Nice To Haves

Experience in product and embedded security, including assessment and penetration testing of regulated or safety‑critical devices, preferably in the medical device industry
Relevant penetration testing and information security certifications (e.g., OSCP/CEH, CISSP/Security+)
Hands‑on experience with hardware and software penetration testing, reverse engineering (Ghidra, IDA, Binary Ninja), and use of LLMs to assist firmware and application analysis
Strong background in embedded systems and architectures, including Embedded Linux, RTOS, bare‑metal systems, SoC/SoM hardware, ARM ISA, and serial/USB communication protocols
Engineering or development experience across embedded hardware/firmware and application platforms (mobile, web, desktop)
Knowledge of secure product development lifecycles, risk management methodologies, security frameworks, global regulations, and work within formal quality systems
Strong research skills with the ability to evaluate emerging technologies and adapt proactively to change
Creative, innovative, and independent self‑starter comfortable working in ambiguous environments
Excellent written, verbal, and interpersonal communication skills with a collaborative work style and experience facilitating working sessions
Willingness to support global partners with occasional after‑hours availability and travel up to 20%
For Baccalaureate degrees earned outside of the United States, a degree that satisfies the requirements of 8 C.F.R. § 214.2(h)(4)(iii)(A) is required.

Responsibilities

Scope, conduct, and report results of embedded product security penetration tests to key stakeholders
Contribute ideas to the team to help design test scenarios and improve penetration testing processes related to embedded security
Coach junior members on the team and review testing results to ensure accuracy and completeness
Rate the severity of vulnerabilities that are identified through testing
Stay up to date on current security knowledge
Employ a variety of test methods to perform comprehensive vulnerability assessment and penetration testing of products
Identify and leverage appropriate tools and techniques to accomplish testing
Coordinate with product development engineers to ensure understanding of findings
Document, communicate, and summarize the results of testing to relevant stakeholders, including formal test reports
Maintain awareness of existing and emerging security research and leverage that knowledge during internal testing activities (an “attacker-like” approach to testing)
Analyze, triage and recreate vulnerabilities submitted to Medtronic by 3rd party security researchers
Understand current regulations and utilize that knowledge to inform internal testing activities
Show creativity and innovation in all aspects of your responsibilities
Operate with a high level of independence
Contribute to Product Security Office Fiscal Year Initiatives and strategic plans
Support ad hoc Product Security Office campaigns and initiatives

Benefits

Medtronic offers a competitive Salary and flexible Benefits Package
We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage.
Health, Dental and vision insurance
Health Savings Account
Healthcare Flexible Spending Account
Life insurance
Long-term disability leave
Dependent daycare spending account
Tuition assistance/reimbursement
Simple Steps (global well-being program)
Incentive plans
401(k) plan plus employer contribution and match
Short-term disability
Paid time off
Paid holidays
Employee Stock Purchase Plan
Employee Assistance Program
Non-qualified Retirement Plan Supplement (subject to IRS earning minimums)
Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums)
Temporary employees are eligible for paid sick time, as required under applicable state law, and the Employee Stock Purchase Plan.