Principal Product Security Engineer

About The Position

Requirements

• Bachelor’s Degree
• 7+ years of cybersecurity experience with a bachelor's degree
• 5+ years of cybersecurity experience with a master's degree
• Ability to work in a team-oriented environment
• Experience working in an agile environment
• Knowledge of cybersecurity standards, including IEC 81001-5-1
• Knowledge of FDA pre and post-market cybersecurity guidance
• Ability to navigate and align with Regulatory, Quality, and other cross functions.
• Superb written and oral communication skills
• Experience working in medical device space
• Experience communicating with external stakeholders, such as auditors and customers
• Experience with vulnerability monitoring software, such as Dependency-Track
• Experience with threat modeling tools, such as Microsoft Threat Modeling Tool
• Experience with penetration testing, SAST, and DAST tools

Nice To Haves

• A valid cybersecurity certification, such as CISSP, CSSLP, CISM, CySA+ or Security+
• For Baccalaureate degrees earned outside of the United States, a degree that satisfies the requirements of 8 C.F.R. § 214.2(h)(4)(iii)(A) is required.

Responsibilities

• Act as point person for the AC&M organization on product security, taking accountability for the organization’s security posture
• Answer questions related to product security during internal and external audits
• Maintain the product security Confluence site and organize documentation related to product security
• Establish and lead implementation of roadmap of goals for product security team and organization
• Organize day-to-day activities of the product security team members and lead standups
• Provide mentorship and guidance to junior and senior product security engineers
• Support definition of roles and responsibilities for product security
• Provide guidance to R&D project teams on security controls and assist with security-focused design and code reviews
• Collaborate with the Medtronic Product Security Office and other R&D organizations to ensure alignment
• Collaborate with project teams to create, review, and maintain threat models
• Assist project teams with performing and documenting security risk assessments
• Evaluate project deliverables for compliance with security-related standards and guidance
• Assist with creation of MDS2 forms and answering product security questions from customers
• Assist project teams with executing and reviewing results from SAST and DAST tools
• Capture metrics to measure the organization’s security posture
• Respond to product security incidents and work with customers on security-related issues
• Provide security training and documentation to the R&D organization as needed
• Assist project teams with building and reviewing SBOMs
• Assist project teams with analyzing vulnerabilities identified by penetration testing and SBOM analysis

Benefits

• Medtronic offers a competitive Salary and flexible Benefits Package
• We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage.
• Health, Dental and vision insurance
• Health Savings Account
• Healthcare Flexible Spending Account
• Life insurance
• Long-term disability leave
• Dependent daycare spending account
• Tuition assistance/reimbursement
• Simple Steps (global well-being program)
• Incentive plans
• 401(k) plan plus employer contribution and match
• Short-term disability
• Paid time off
• Paid holidays
• Employee Stock Purchase Plan
• Employee Assistance Program
• Non-qualified Retirement Plan Supplement (subject to IRS earning minimums)
• Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums).