Principal Product Security Engineer

At Medtronic you can begin a life-long career of exploration and innovation while helping champion healthcare access and equity for all You ll lead with purpose breaking down barriers to innovation in a more connected compassionate world A Day in the Life We value what makes you unique Be a part of a company that thinks differently to solve problems make progress and deliver meaningful innovations The Cardiac and Vascular Group brings all our cardiac and vascular businesses together into one cross-functional collaborative operating unit to employ the full breadth of our talent technologies products services and solutions to address the needs of customers and patients across the globe Cardiac Rhythm Management offers devices and therapies to treat abnormal heart rhythms as well as cardiac monitoring solutions Be on the frontlines of the emerging area of medical device cybersecurity as an integral member and technical leader within a team responsible for creating deploying and monitoring cybersecurity and information security solutions for Medtronic s medical devices and supporting IT infrastructure Interact with external and internal cybersecurity researchers to identify and remediate vulnerabilities within Medtronic products and systems Work directly with R D teams to ensure all relevant security risks are identified and evaluated and appropriate and well-balanced solutions are implemented Develop project security management deliverables for regulatory bodies to comply with standards guidance documents and successfully communicate cybersecurity technology to customers regulatory bodies and other stakeholders Responsibilities may include the following and other duties may be assigned Lead and perform product and device-oriented cybersecurity-related activities ranging from incident response to vulnerability assessments and mitigation implementation Develop and perform product-level intrusion detection activities Lead product risk assessments in conjunction with product R D teams and develop and recommend specific security controls for product system wide security needs Participate in the creation and testing of product security-related requirements and processes Manage security-related deliverables for regulatory bodies ensuring compliance with key standards guidance documents Evaluate and test security risks on programs across the entire development lifecycle including market-released products Support emerging cybersecurity certification initiatives Maintain and update security documentation Create and maintain threat models using STRIDE Required Knowledge and Experience An undergraduate bachelors or graduate degree in computer science computer engineering electrical engineering or similar discipline CISSP or similar certification or sufficient demonstrated experience Experience in embedded devices vulnerability assessment especially medical devices and Threat Modelling and risk scoring Formal education in cybersecurity and information assurance Minimum 12-year experience 4 years of technical cybersecurity-related experience Experience in analyzing security posture and vulnerability assessment experience in penetration testing fuzz testing of Web enterprise cloud and Desktop solutions Black box gray box and Whitebox testing Experience in static code analysis for security vulnerability Software Product Development experience Programming skills in one or more of the following C C Python Java NET Go Ruby and or Scala Understanding of national and international laws regulations and policies related to regulated medical device cybersecurity Demonstrated understanding of information security practices risk management processes cybersecurity principles and incident response methodologies Experience as an analyst engineer developer or architect with core cybersecurity responsibility and knowledge in two or more areas Experience in leading application architecture reviews and threat assessments Cloud systems architecture and security Enterprise and local network infrastructure security Experience in code reviews and or penetration testing Large-scale application architecture and security Mobile device application architecture and security Risk assessments and cybersecurity regulatory requirements Experience in static and dynamic code analysis tools and methodologies Medical devices and systems security experience Security incident management experience Log event management and searching experience Splunk Sentinel or similar In-depth OS systems-level experience within one or more of the following Linux Windows Android iOS Demonstrated understanding of networking ports protocols firewalls load balancers and IPS Expertise in Agile and can work with at least one of the common frameworks Experience in Healthcare industry or other heavily regulated industry Understanding of national and international laws regulations and policies related to regulated medical device cybersecurity Experience with container technologies such as Docker Kubernetes Mesos or Open Container Initiative OCI Demonstrated ability to develop and grow productive trusting and open relationships with a wide variety of constituencies Demonstrated leadership and teamwork skills Demonstrated ability to communicate complexity in a clear manner Demonstrated experience interfacing with customers and other external stakeholders regarding cybersecurity system design and behavior Demonstrated strong analytical problem-solving skills Physical Job Requirements The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position but they are not an exhaustive list of all the required responsibilities and skills of this position Benefits Compensation Medtronic offers a competitive Salary and flexible Benefits Package A commitment to our employees lives at the core of our values We recognize their contributions They share in the success they help to create We offer a wide range of benefits resources and competitive compensation plans designed to support you at every career and life stage About Medtronic We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions Our Mission to alleviate pain restore health and extend life unites a global team of 95 000 passionate people We are engineers at heart putting ambitious ideas to work to generate real solutions for real people From the R D lab to the factory floor to the conference room every one of us experiments creates builds improves and solves We have the talent diverse perspectives and guts to engineer the extraordinary Learn more about our business mission and our commitment to diversity