Principal Product Security Engineer

At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world.

A Day in the LifeAs a Principal Product Security Engineer at Medtronic, you will play a pivotal role in safeguarding our medical devices and healthcare solutions. You will be a key member of the Product Security responsible for ensuring the security and privacy of our products. Your expertise will guide us in delivering safe and secure healthcare solutions that meet the highest standards.

Responsibilities may include the following and other duties may be assigned

• Lead Security Initiatives: Take the helm in driving security initiatives for our connected enterprise products, embedded systems, and applications.
• Penetration Testing: Execute penetration testing using manual techniques and security tools such as Burp Suite and Metasploit.
• Guidelines Compliance: Collaborate with product teams to ensure adherence to harmonized penetration testing guidelines for all products.
• KPI Reporting: Generate and report Key Performance Indicators (KPIs) related to penetration testing results at enterprise, Operating Unit (OU), and product levels.
• Lab Collaboration: Work closely with lab support and tools support teams to optimize security practices.
• Tool Management: Install and configure penetration testing tools when required to enhance security.
• Reporting and Knowledge Sharing: Proactively create, share, and review reports as part of penetration testing activities. Identify and propose new penetration testing methodologies.
• Security Testing: Utilize tools like Achilles and other security assessment methodologies to identify vulnerabilities in our products. Conduct penetration testing and vulnerability scanning to assess software, hardware, and network interfaces.
• Risk Assessment: Collaborate with cross-functional teams to prioritize security testing efforts based on the potential risks associated with vulnerabilities and their impact on our products and customers.
• Compliance: Ensure that our products adhere to relevant security standards and regulations in our industry. Stay up-to-date with evolving compliance requirements and work towards compliance certifications.
• Secure Development Lifecycle: Promote a culture of security within the organization by integrating security into the product development lifecycle. Conduct code reviews and work closely with developers to ensure secure coding practices.
• Secure Configuration: Oversee the configuration of our products, ensuring that default settings are changed, unnecessary services are disabled, and security patches and updates are applied promptly.
• Access Control: Implement and manage access control mechanisms to restrict unauthorized access to sensitive resources and functions within our products.
• Data Encryption: Ensure that data is encrypted both in transit and at rest to protect it from unauthorized access or interception.
• Authentication and Authorization: Implement and maintain strong authentication and authorization mechanisms, including multi-factor authentication (MFA) where necessary.
• Logging and Monitoring: Establish robust logging and monitoring systems to detect and respond to security incidents in real-time. Implement intrusion detection systems and analyze logs for anomalies.
• Incident Response: Develop and maintain an incident response plan, including procedures for responding to security breaches or the discovery of vulnerabilities.
• User Education: Provide training and guidance to users and customers on secure product usage, password management, and the reporting of security issues.
• Third-party Assessment: Conduct security assessments of third-party components or services used in our products to ensure they meet our security standards.
• Continuous Improvement: Stay updated on emerging security threats and vulnerabilities. Regularly update and patch our products to address new security challenges.
• External Audits: Collaborate with external security experts for independent security assessments and audits of our products.

Required Knowledge and Experience

• Education: BE/ BTech in Computer Science or a related field, or equivalent demonstrated experience and knowledge.
• Total 10 Years technical experience working with cybersecurity architecture, product security engineering or a related role.
• Teamwork: Demonstrated skill working as part of a team, collaborating, and supporting peers in a fast-paced environment.
• Project Management: Project management experience for full security system lifecycles and security tool upgrades, including business case development.
• Motivation: Self-motivated with the drive to solve challenging problems and motivate others to higher levels of performance and engagement.
• Continuous Learning: A strong desire and aptitude for continuous learning and staying updated on new and emerging technologies.
• Proficiency in security testing tools.
• Strong knowledge of security best practices, standards, and regulations in Medical Devices
• Hands-on experience with secure coding practices and code reviews.
• Familiarity with encryption, authentication, access control, and incident response.
• Excellent communication skills and the ability to collaborate with cross-functional teams.
• Security certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) is a plus.

Physical Job Requirements
The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position. 

Benefits & Compensation

Medtronic offers a competitive Salary and flexible Benefits Package
A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create.We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage.
 

About Medtronic

We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions.
Our Mission — to alleviate pain, restore health, and extend life — unites a global team of 90,000+ passionate people. 
We are engineers at heart— putting ambitious ideas to work to generate real solutions for real people. From the R&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary.

Learn more about our business, mission, and our commitment to diversity here