At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You'll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world.
A Day in the Life
The Product Security Engineer position will provide Product Security support and leadership within the Neuro Mod-Pain Therapy products and solutions. Specifically, the candidate will support and drive the integration of Information Security in the Neuro Mod-Pain Therapy programs, to ensure that patient safety and information security are never compromised. The candidate will work cross-functionally with the R&D teams to ensure that:
- Neuro Mod-Pain Therapy solutions are architected and designed for the highest level of security,
- Relevant security risks are identified and evaluated
- Engineering decisions are made to support security.
- Solutions released comply to the latest regulatory or standard requirements
The candidate will execute the development and testing of security requirements, security processes & procedures and project / product security artifacts as part of the Product Security Engineering team. The candidate will be responsible to develop, maintain and review project security management deliverables for regulatory bodies to comply with standards/guidance documents, and communicate with regulatory bodies as required by the program.
The candidate will be part of a cross-functional team of security experts within the Medtronic organization to create, improve and implement security design/ testing best practices and will be the interface with the Medtronic security council.
Responsibilities may include the following and other duties may be assigned
- The Product Security Engineer is responsible for providing leadership in the development of secured products used in the medical field. Specific tasks include:
- Execute product security-related activities throughout the lifecycle of Neuro Mod-Pain Therapy solutions. This includes but not limited to:
- Security requirements definition, flow down and verification, security design architecture at system and implementation through products,
- Risk management activities to identify areas where a development project must implement specific security controls and recommendations for system-wide security enhancements, risk assessment and mitigation plans for market released products.
- Assist in the development of security-related abuse cases to identify security risks.
- Identify options for mitigating security-related risks and assist the Systems Engineering team in evaluating these options.
- Support security activities in communications with regulatory bodies.
- Contribute to Medtronic's understanding of current industry best practices and how they can be applied to Neuro Mod-Pain Therapy Products.
- Applies advanced technical principles, theories and concepts. Support across the Neuro Mod-Pain Therapy organization the development of processes, best practices leading to improve Neuro Mod-Pain Therapy OU's position as it relates to Information and Product security.
- Works under consultative direction toward long range goals and objectives.
- Develops advanced technical ideas and guides their development into final product.
- Lead / Coordinate / Execute/ Assist activities to sustain/ develop organic or inorganic security testing capabilities in alignment with Medtronic testing strategies.
- Maintains a high level of technical knowledge on security.
- Automating the running of the vulnerability scans, the report creation,
- Creating, managing/maintaining a database of vulnerabilities by product line mapping to CVE
- Performs duties in compliance with environmental, health and safety related site rules, policies or governmental regulations.
- Champion consistent implementation of the Quality System across projects
Required Knowledge And Experience
- Knowledge of programming preferably in C++
- Experience with Product Security / information security
- Experience with Risk Management and Systems Engineering processes.
- Experience analyzing and documenting requirements
- Experience in developing threat model for products
- Strong understanding of product and system security aspects
- Hands on experience on pentest and using security assessment tools at code, system and network-level
- Knowledge on secure authentication, authentication and encryption mechanisms to implement in design and code
- Knowledge of assessment and vulnerability ranking tools such as NIST and CVSS Knowledge of cybersecurity and data privacy is preferred, but not mandatory
- Well-versed in at least one of the programming languages like Java, PHP, Python, Ruby, and Perl
- Possess knowledge of AWS, Docker, Kubernetes, and how to implement developer tools such as GitHub and Dependency management
- Strong oral and written communication skills.
- Ability to work in a team environment.
Physical Job Requirements
The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position.
Benefits & Compensation
Medtronic offers a competitive Salary and flexible Benefits Package
A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage.
About Medtronic
We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions.
Our Mission to alleviate pain, restore health, and extend life unites a global team of 90,000+ passionate people.
We are engineers at heart putting ambitious ideas to work to generate real solutions for real people. From the R&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary.
Learn more about our business, mission, and our commitment to diversity here
