Sr Product Security Engineer at Medtronic in Boulder, Colorado

Job Description:

Bring your talents to an industry leader in medical technology and healthcare solutions - we're a market leader and growing every day. You can be proud to part of technologies that are rooted in our long history of mission-driven innovation. You will be empowered to shape your own career. We support your growth with the training, mentorship, and guidance you need to own your future success. Together, we can transform healthcare.

Join us for a career in IT that changes lives.

Careers that Change Lives

A Day in the Life

The Sr. Product Security Engineer works across the R&D organization to ensure compliance with pre and post-market cybersecurity expectations and help deliver secure, robust products to the marketplace. They are responsible for coordinating cybersecurity activities on projects and ensuring that R&D teams have the cybersecurity-focused tools and knowledge needed to do their jobs effectively.

POSITION RESPONSIBILITIES MAY INCLUDE THE FOLLOWING AND OTHER DUTIES MAY BE ASSIGNED:

• Must be willing to work locally from our office in Boulder, Colorado
• Coordinate between the Medtronic Product Security Office and our R&D organization to ensure alignment on security topics and requests
• Accountable for scheduling and executing penetration testing for products in pre and post-market, as well as sharing the feedback with product owners
• Accountable for vulnerability monitoring of products using SBOMs and communicating vulnerabilities to product owners
• Assist product owners and technical leads with triaging vulnerabilities
• Provide guidance to R&D project teams on security controls and assist with security-focused design and code reviews
• Collaborate with project teams to create, review, and maintain threat models, security architecture diagrams, and risk assessments
• Assist with creation of MDS2 forms and answering product security questionnaires from customers
• Evaluate and maintain security tools used by the R&D organization, including SAST and DAST tools
• Capture metrics to measure the organization's security posture
• Respond to product security incidents and work with customers on security-related issues
• Provide security training and documentation to the R&D organization as needed

• Bachelors degree required
• Minimum of 4 years of relevant experience, or advanced degree with a minimum of 2 years relevant experience

Nice to Have

• Ability to work in a team-oriented environment
• Experience working in an agile environment
• Knowledge of cybersecurity standards, including IEC 81001-5-1
• Knowledge of FDA pre and post-market cybersecurity guidance
• Ability to navigate and align with Regulatory, Quality, and other cross functions.
• Superb written and oral communication skills
• Experience working in medical device space
• Experience with vulnerability monitoring software, such as Dependency-Track
• Experience with threat modeling tools, such as Microsoft Threat Modeling Tool
• Experience with penetration testing, SAST, and DAST tools
• A valid cybersecurity certification, such as CISSP, CEH, or Security+

A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage. Learn more about our benefits here .

This position is eligible for a short-term incentive plan. Learn more about Medtronic Incentive Plan (MIP) on page 6 here .

The provided base salary range is used nationally (except in certain CA locations).The rate offered is compliant with federal/local regulations and may vary by experience,certification/education, market conditions, location, etc.
About Medtronic

Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology, therapies and services can do to help alleviate pain, restore health and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be.

We want to accelerate and advance our ability to create meaningful innovations - but we will only succeed with the right people on our team. Let's work together to address universal healthcare needs and improve patients' lives. Help us shape the future.

Physical Job Requirements

The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. For Office Roles: While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to interact with a computer, and communicate with peers and co-workers. Contact your manager or local HR to understand the Work Conditions and Physical requirements that may be specific to each role. (ADA-United States of America)