Principal Product Security Engineer

At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You'll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world.

A Day in the LifeWe value what makes you unique. Be a part of a company that thinks differently to solve problems, make progress, and deliver meaningful innovations.
The Cardiac and Vascular Group brings all our cardiac and vascular businesses together into one cross-functional, collaborative operating unit to employ the full breadth of our talent, technologies, products, services, and solutions to address the needs of customers and patients across the globe. Cardiac Rhythm Management offers devices and therapies to treat abnormal heart rhythms, as well as cardiac monitoring solutions. Be on the frontlines of the emerging area of medical device cybersecurity as an integral member and technical leader within a team responsible for creating, deploying, and monitoring cybersecurity and information security solutions for Medtronic's medical devices and supporting IT infrastructure. Interact with external and internal cybersecurity researchers to identify and remediate vulnerabilities within Medtronic products and systems. Work directly with R&D teams to ensure all relevant security risks are identified and evaluated, and appropriate and well-balanced solutions are implemented. Develop project security management deliverables for regulatory bodies to comply with standards / guidance documents, and successfully communicate cybersecurity technology to customers, regulatory bodies, and other stakeholders.

Responsibilities may include the following and other duties may be assigned

• Scope, conduct, and report results of product security penetration tests to key stakeholders.
• Contribute ideas to the team to help design test scenarios and improve penetration testing processes.
• Coach junior members on the team and review testing results to ensure accuracy and completeness.
• Rate the severity of vulnerabilities that are identified through testing
• Stay up to date on current security knowledge.
• Perform hardware penetration testing and side-channel analysis (e.g., fault injection, power analysis, glitching).
• Employ a variety of test methods to perform comprehensive vulnerability assessment and penetration testing of products.
• Identify and leverage appropriate tools and techniques to accomplish testing.
• Coordinate with product development engineers to ensure understanding of findings.
• Document, communicate, and summarize the results of testing to relevant stakeholders, including formal test reports.

Required Knowledge and Experience

• An undergraduate (bachelors) or graduate degree in computer science, computer engineering, electrical engineering, or similar discipline.  
• Minimum 10 -year experience & 5 years of technical, cybersecurity-related experience
• Experience in Product Security testing, direct experience in penetration testing - Nice to have.
• Penetration Testing Certifications (e.g. CEH, OSCP, OSWA, GPEN, GMOB, Pentest+, etc.)- Nice to have.
• Identify and exploit hardware vulnerabilities including debug port access (JTAG/SWD/UART), firmware extraction, and key leakage- Nice to have.
• Conduct chip-level and board-level assessments to ensure physical tamper resistance and secure boot implementation- Nice to have.
• Analyze PCB layouts, schematics, and hardware interfaces to identify potential attack vectors- Nice to have.
• Validate security of cryptographic modules, secure elements, and TPM/TEE implementations- Nice to have.
• Conduct end-to-end IoT device assessments, including cloud, mobile app, and network layers- Nice to have.
• Evaluate firmware and protocol security (MQTT, CoAP, BLE, Zigbee, Z-Wave, Wi-Fi, LTE, etc.)- Nice to have.
• Perform static and dynamic analysis of firmware to detect vulnerabilities- Nice to have.
• Assess OTA update mechanisms, secure communication (TLS, DTLS, MQTT over SSL), and key management- Nice to have.
• Use industry-standard frameworks such as OWASP IoT Top 10 and IEC 62443 for testing and reporting- Nice to have.

Physical Job Requirements

The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position. 

Benefits & Compensation

Medtronic offers a competitive Salary and flexible Benefits Package
A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create.  We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage.
 

This position is eligible for a short-term incentive called the Medtronic Incentive Plan (MIP).About Medtronic

We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions.
Our Mission — to alleviate pain, restore health, and extend life — unites a global team of 95,000+ passionate people. 
We are engineers at heart— putting ambitious ideas to work to generate real solutions for real people. From the R&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary.

Learn more about our business, mission, and our commitment to diversity here  
 

---