Sr. Product Security Engineer

Medtronic•Newton, MN

21h•Onsite

About The Position

At Medtronic, we bring bold ideas forward with speed and decisiveness to put patients first in everything we do. In-person exchanges are invaluable to our work. We’re working a minimum of 4 days a week onsite as part of our commitment to fostering a culture of professional growth and cross-functional collaboration as we work together to engineer the extraordinary. Medtronic Cardiac Ablation Solutions (CAS) is seeking a Senior Product Security Engineer to join our R&D organization and help secure cardiac ablation medical device solutions. This role focuses on cybersecurity for medical devices and embedded systems. It is not an IT security, compliance, or GRC-focused position. The ideal candidate will bring strong experience partnering with engineering teams to integrate cybersecurity into real-time systems, embedded firmware, connected devices, and other product security contexts. The selected candidate will support the integration of advanced cybersecurity controls, identify and mitigate vulnerabilities, and contribute to initiatives that improve cyber resilience across the product lifecycle. This person will serve as a technical subject matter expert, mentor others, collaborate across functions, and help drive long-term improvements in product security posture.

Requirements

Bachelor's degree and a minimum of 4 years of relevant experience OR Master’s degree with a minimum of 2 years of relevant experience OR PhD with 0 years relevant experience

Nice To Haves

Experience in embedded device security within a regulated industry.
Strong understanding of cybersecurity concepts and frameworks such as NIST and OWASP.
Working knowledge of secure software development lifecycle principles and security-by-design practices.
Experience collaborating with engineering teams to identify and address product security risks.
Familiarity with medical device cybersecurity standards and guidance, including IEC 81001-5-1, ISO 14971, and FDA premarket and post-market cybersecurity guidance.
Experience supporting FDA and other regulatory cybersecurity submissions.
Experience with connected healthcare systems or cloud-connected medical devices.
Security certifications such as CompTIA Security+, CISSP, or similar.

Responsibilities

Implement security requirements across the medical device development lifecycle by partnering with cross-functional teams and applying best practices from design through deployment.
Conduct threat modeling and vulnerability assessments to identify, prioritize, and help mitigate security risks throughout the product lifecycle.
Support the design and delivery of secure medical devices through implementation of capabilities such as secure boot, secure communications, data protection, software update mechanisms, system integration protections, and access controls.
Apply medical device cybersecurity standards and guidance, including NIST, OWASP, and IEC 81001-5-1, and partner with development teams to strengthen security practices.
Stay current on cybersecurity trends affecting medical devices and health software, share best practices, and help advance long-term product security strategy.

Benefits

Health, Dental and vision insurance
Health Savings Account
Healthcare Flexible Spending Account
Life insurance
Long-term disability leave
Dependent daycare spending account
Tuition assistance/reimbursement
Simple Steps (global well-being program)
Incentive plans
401(k) plan plus employer contribution and match
Short-term disability
Paid time off
Paid holidays
Employee Stock Purchase Plan
Employee Assistance Program
Non-qualified Retirement Plan Supplement (subject to IRS earning minimums)
Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums)