Prin Product Security Engineer - Neuro

Medtronic

  • Minneapolis, MN
  • Permanent
  • Full-time
  • 16 days ago
We anticipate the application window for this opening will close on - 19 Sep 2025At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world.A Day in the LifeAt Medtronic, we’re driven by our Mission to alleviate pain, restore health, and extend life for millions of people around the world, with our innovative Biomedical devices and solutions. Our people are the foundation of our mission, together with Medtronic mindset, we pursue continuous innovation to breach new frontiers of Biomedical research.As global connectivity increases, the complexity and security challenges associated with protecting devices, infrastructure, patients, and sensitive data also grow. The Principal Product Security Engineer is responsible for designing advanced cybersecurity architectures and effective procedural frameworks to support cyber resilience throughout the product life cycle.The primary responsibilities include overseeing all phases of the cyber security life cycle of medical devices. These include proactive initiates to identify, model, and evaluate cyber security threats, define security measures to mitigate the threats, develop robust implementation strategies and rigorous verification and validation mechanisms. Proactively engage with cross-functional development teams, prepare reports meeting quality and regulatory requirements.Key Responsibilities:In general, the Principal Product Security Engineer is responsible for, but not limited to, the following tasks:
  • Product Security – Implement security requirements across the medical device development lifecycle by collaborating with teams to uphold best practices from design to deployment.
  • Risk Assessment – Conduct threat modeling and vulnerability assessments to identify and mitigate security risks throughout the product lifecycle.
  • Security Architecture - Support the design and deployment of secure medical devices by implementing features like secure boot, communications, data protection, updates, integration, and access controls.
  • Post-Quantum Strategy and Advanced Cryptography: Develop a comprehensive post-Quantum security strategy integrating quantum-resistant cryptographic algorithms—such as lattice-based, hash-based, and multivariate polynomial schemes—along with strong key management and the use of Hardware Security Modules (HSMs) for medical device protection.
  • Use of advanced methods like LLMs, Deep learning to identify cyber security threats, bugs and automate fixing of code
  • Automation and AI for Cyber Security: Adopt advanced AI techniques, including large language models and deep learning to efficiently identify, classify, and remediate cybersecurity vulnerabilities in medical device software and systems
  • Security Standards & Compliance – Ensure the implementation and maintenance of security policies for medical devices in accordance with industry standards and regulations, including NIST, IEC 60601-4-5, and IEC 81001-5-1. Conduct regular assessments and collaborate with development teams to enforce compliance and continuously enhance security practices.
  • Incident Management – Oversee and support efficient security incident response, ensuring quick resolution, mitigation, and stakeholder communication as required.
  • Follow the Trend - Maintain awareness of current cybersecurity trends in medical devices and health software through ongoing professional development. Collaborate to refine product security strategies and implement industry best practices.
  • The successful candidate will have:
  • Previous experience as cyber security engineer for embedded software products in a regulated industry
  • Experience in cybersecurity, threat modeling, security incident management, and contributing to proactive security strategies.
  • Hands-on experience in cyber security architecture, cloud security, cryptography
  • Experience working in agile software development teams
Minimum Requirements:
  • Bachelor’s degree in Computer Science, or a related field with a minimum of 7+ years of experience in cyber security, embedded systems security, IoT security, IT security, or a related role OR and Advance Degree in Computer Science, or related field with significant academic work on cyber security with a minimum of 5+ years of experience in cyber security, embedded systems security, IoT security, IT security, or a related role
Preferred :
  • Experience with medical devices, or regulated industries
  • Cyber Security expert with all-round skills in proactive and reactive cyber security risk management.
Technical Skills:
  • Strong understanding of cyber security concepts and frameworks (e.g.: NIST, OWASP, MITRE)
  • Familiarity with security standards such as ISO 27001, ISO 14971 or HITRUST
  • Working knowledge of secure software development lifecycle (SDLC) principles, DevSecOps
  • Good understanding of Advanced Cryptography, Hardware Security Module concepts, Secure key generation and management
Soft Skills:
  • Proactive communication skills to identify, present and persuade leadership on cyber security risks
  • Strong problem-solving and analytical skills
  • Ability to collaborate effectively in cross-functional teams
Certifications (Preferred):CompTIA Security+, CISSP, CISM, or similar security certifications.ITIL Certification or other process-oriented qualifications.Physical Job RequirementsThe above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position.The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. For Office Roles: While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to interact with a computer, and communicate with peers and co-workers. Contact your manager or local HR to understand the Work Conditions and Physical requirements that may be specific to each role.Benefits & CompensationMedtronic offers a competitive Salary and flexible Benefits Package
A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage.Salary ranges for U.S (excl. PR) locations (USD):$152,800.00 - $229,200.00This position is eligible for a short-term incentive called the Medtronic Incentive Plan (MIP).The base salary range is applicable across the United States, excluding Puerto Rico and specific locations in California. The offered rate complies with federal and local regulations and may vary based on factors such as experience, certification/education, market conditions, and location. Compensation and benefits information pertains solely to candidates hired within the United States (local market compensation and benefits will apply for others).The following benefits and additional compensation are available to those regular employees who work 20+ hours per week: Health, Dental and vision insurance, Health Savings Account, Healthcare Flexible Spending Account, Life insurance, Long-term disability leave, Dependent daycare spending account, Tuition assistance/reimbursement, and Simple Steps (global well-being program).The following benefits and additional compensation are available to all regular employees: Incentive plans, 401(k) plan plus employer contribution and match, Short-term disability, Paid time off, Paid holidays, Employee Stock Purchase Plan, Employee Assistance Program, Non-qualified Retirement Plan Supplement (subject to IRS earning minimums), and Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums).Regular employees are those who are not temporary, such as interns. Temporary employees are eligible for paid sick time, as required under applicable state law, and the Employee Stock Purchase Plan. Please note some of the above benefits may not apply to workers in Puerto Rico.Further details are available at the link below:About MedtronicWe lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions.
Our Mission — to alleviate pain, restore health, and extend life — unites a global team of 95,000+ passionate people.
We are engineers at heart— putting ambitious ideas to work to generate real solutions for real people. From the R&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary.Learn more about our business, mission, and our commitment to diversity .It is the policy of Medtronic to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Medtronic will provide reasonable accommodations for qualified individuals with disabilities.If you are applying to perform work for Medtronic, Inc. (“Medtronic”) in any position which will involve performing at least two (2) hours of work on average each week within the unincorporated areas of Los Angeles County, you can find a list of all material job duties of the specific job position which Medtronic reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of a conditional offer of employment. Medtronic will consider for employment qualified job applicants with arrest or conviction records in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.

Medtronic