Sr Product Security Engineer - Neuro

Medtronic•Minneapolis, MN

12d

About The Position

At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world. A Day in the Life At Medtronic, we’re driven by our Mission to alleviate pain, restore health, and extend life for millions of people around the world, with our innovative Biomedical devices and solutions. Our people are the foundation of our mission, together with Medtronic mindset, we pursue continuous innovation to breach new frontiers of Biomedical research As the world is getting more connected, complexity and security challenges increase many folds to protect the devices, the patients and sensitive data. The Sr. Product Security Engineer will be acting at this frontline of these emerging challenges to proactively find actionable and measurable cyber security solutions while ensuring uninterrupted functionality and patient safety. The primary responsibilities include overseeing all phases of cyber security life cycle of medical devices. These include proactive initiates to identify, model, and evaluate cyber security threats, define security measures to mitigate the threats, develop robust implementation strategies and rigorous verification and validation mechanisms. Proactively engage with cross-functional development teams, prepare reports meeting quality and regulatory requirements. The ideal candidate has strong technical understanding of cyber security frameworks, architectures for connected systems. Experiences in medical devices, FDA guideline and international standards (e.g. NIST, ISO/IEC 27001, MITRE security framework, etc.) is highly desired

Requirements

Previous experience as cyber security engineer for embedded software products in a regulated industry
Experience in cybersecurity, threat modeling, security incident management, and contributing to proactive security strategies.
Hands-on experience in cyber security architecture, cloud security, cryptography
Experience working in agile software development teams
Bachelor’s degree in Computer Science, or a related field  with a minimum of 4+ years of experience in cyber security, embedded systems security, IoT security, IT security, or a related role
Advance Degree in Computer Science, or related field with significant academic work on cyber security with a minimum of 2+ years of experience in cyber security, embedded systems security, IoT security, IT security, or a related role
Strong understanding of cyber security concepts and frameworks (e.g.: NIST, OWASP, MITRE)
Familiarity with security standards such as ISO 27001, ISO 14971 or HITRUST
Working knowledge of secure software development lifecycle (SDLC) principles, DevSecOps
Good understanding of Advanced Cryptography, Hardware Security Module concepts, Secure key generation and management
Proactive communication skills to identify, present and persuade leadership on cyber security risks
Strong problem-solving and analytical skills
Ability to collaborate effectively in cross-functional teams

Nice To Haves

Experience with medical devices, or regulated industries
Cyber Security expert with all-round skills in proactive and reactive cyber security risk management.
CompTIA Security+, CISSP, CISM, or similar security certifications.
ITIL Certification or other process-oriented qualifications.

Responsibilities

Product Security – Implement security requirements across the medical device development lifecycle by collaborating with teams to uphold best practices from design to deployment.
Risk Assessment – Conduct threat modeling and vulnerability assessments to identify and mitigate security risks throughout the product lifecycle.
Security Architecture - Support the design and deployment of secure medical devices by implementing features like secure boot, communications, data protection, updates, integration, and access controls.
Post-Quantum Strategy and Advanced Cryptography: Develop a comprehensive post-Quantum security strategy integrating quantum-resistant cryptographic algorithms—such as lattice-based, hash-based, and multivariate polynomial schemes—along with strong key management and the use of Hardware Security Modules (HSMs) for medical device protection.
Use of advanced methods like LLMs, Deep learning to identify cyber security threats, bugs and automate fixing of code
Automation and AI for Cyber Security: Adopt advanced AI techniques, including large language models and deep learning to efficiently identify, classify, and remediate cybersecurity vulnerabilities in medical device software and systems
Security Standards & Compliance – Ensure the implementation and maintenance of security policies for medical devices in accordance with industry standards and regulations, including NIST, IEC 60601-4-5, and IEC 81001-5-1. Conduct regular assessments and collaborate with development teams to enforce compliance and continuously enhance security practices.
Incident Management – Oversee and support efficient security incident response, ensuring quick resolution, mitigation, and stakeholder communication as required.
Follow the Trend - Maintain awareness of current cybersecurity trends in medical devices and health software through ongoing professional development. Collaborate to refine product security strategies and implement industry best practices.

Benefits

Medtronic offers a competitive Salary and flexible Benefits Package
We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage.
Health, Dental and vision insurance
Health Savings Account
Healthcare Flexible Spending Account
Life insurance
Long-term disability leave
Dependent daycare spending account
Tuition assistance/reimbursement
Simple Steps (global well-being program)
Incentive plans
401(k) plan plus employer contribution and match
Short-term disability
Paid time off
Paid holidays
Employee Stock Purchase Plan
Employee Assistance Program
Non-qualified Retirement Plan Supplement (subject to IRS earning minimums)
Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums)