Sr Product Security Engineer

Medtronic•Boston, MA

22h•Onsite

About The Position

At Medtronic, the Sr. Product Security Engineer within the Neuroscience organization is responsible for designing advanced cybersecurity architectures and effective procedural frameworks to support cyber resilience throughout the product life cycle of medical devices. This role involves overseeing all phases of the cybersecurity life cycle, including proactive initiatives to identify, model, and evaluate cyber security threats, defining security measures, developing robust implementation strategies, and rigorous verification and validation mechanisms. The engineer will collaborate with cross-functional development teams and ensure reports meet quality and regulatory requirements. The position is based onsite 4 days a week at Medtronic's Minnesota Rice Creek East facility. Medtronic's mission is to alleviate pain, restore health, and extend life for millions globally through innovative biomedical devices and solutions, driven by continuous innovation and a commitment to patient care.

Requirements

Bachelor's degree in Computer Science or a related field with 4+ years of experience in cyber security, embedded systems security, IoT security, IT security, or a related role, OR Advanced degree in Computer Science or a related field with significant academic work in cyber security and 3+ years of experience in a related role.
Previous experience as a cyber security engineer for cloud security products in a regulated industry.
Experience in cybersecurity, threat modeling, security incident management, and contributing to proactive security strategies.
Hands-on experience in cyber security architecture, cloud security, and cryptography.
Experience working in agile software development teams.
Strong understanding of cyber security concepts and frameworks (e.g. NIST, OWASP).
Familiarity with security standards such as ISO 27001, ISO 14971, or HITRUST.
Working knowledge of secure software development lifecycle (SDLC) principles and DevSecOps.
Strong understanding of advanced cryptography, Hardware Security Module concepts, and secure key generation and management.
Proactive communication skills to identify, present, and persuade leadership on cyber security risks.
Strong problem-solving and analytical skills.
Ability to collaborate effectively in cross-functional teams.
For Baccalaureate degrees earned outside of the United States, a degree that satisfies the requirements of 8 C.F.R. § 214.2(h)(4)(iii)(A) is required.
Possess unrestricted U.S. work authorization at the time of hire and for the duration of employment (for roles below Principal level).

Nice To Haves

Experience with medical devices or regulated industries.
CompTIA Security+, CISSP, CISM, or similar security certifications.

Responsibilities

Implement security requirements across the medical device development lifecycle by collaborating with teams to uphold best practices from design to deployment.
Conduct threat modeling and vulnerability assessments to identify and mitigate security risks throughout the product lifecycle.
Support the design and deployment of secure medical devices by implementing features like secure boot, communications, data protection, updates, integration, and access controls.
Implement and mature the digital health platform architecture to meet customer expectations and enable development of digital solutions across Neuromodulation and Pain & Hypertension, including PH My Future, Insights Dashboard, Remote Monitoring, Remote Programming, and the DBS BrainSense Portal.
Define and execute surveillance strategy across web applications and cloud native platforms.
Implement and maintain security policies for medical devices following industry standards like NIST, ISO27001, and IEC 81001-5-1.
Regularly assess compliance and work with development teams to improve security practices.
Stay updated on cybersecurity trends in medical devices and health software.
Work with others to improve security strategies and apply best practices.

Benefits

Competitive Salary
Flexible Benefits Package
Incentive plans (Medtronic Incentive Plan - MIP)
401(k) plan plus employer contribution and match
Short-term disability
Paid time off
Paid holidays
Employee Stock Purchase Plan
Employee Assistance Program
Non-qualified Retirement Plan Supplement (subject to IRS earning minimums)
Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums)
Health, Dental and vision insurance (for regular employees who work 20+ hours per week)
Health Savings Account (for regular employees who work 20+ hours per week)
Healthcare Flexible Spending Account (for regular employees who work 20+ hours per week)
Life insurance (for regular employees who work 20+ hours per week)
Long-term disability leave (for regular employees who work 20+ hours per week)
Dependent daycare spending account (for regular employees who work 20+ hours per week)
Tuition assistance/reimbursement (for regular employees who work 20+ hours per week)
Simple Steps (global well-being program) (for regular employees who work 20+ hours per week)
Paid sick time (for temporary employees, as required under applicable state law)