As a Product Security Engineer II for our Energy and Therapeutics (ET) and Remote Patient Monitoring (RPM) solutions at Medtronic, you will play a critical role in safeguarding our medical devices and systems throughout their entire lifecycle. You will execute essential product security activities, from defining and verifying security requirements to conducting risk assessments and developing mitigation plans. This position requires strong technical expertise in software development, testing, and scripting, coupled with a deep understanding of cybersecurity best practices to ensure the reliability and security of our life-changing products.
A Day in the Life
You will champion product security and risk management by:
- Executing product security-related activities throughout the lifecycle of ET solutions, including security requirements definition, flow down, and verification.
- Contributing to security design architecture at both system and implementation levels across products.
- Leading risk management activities to identify areas where development projects must implement specific security controls and recommendations for system-wide security enhancements.
- Conducting risk assessments and developing mitigation plans for market-released products.
- Assisting in the development of security-related abuse cases to proactively identify potential security risks.
- Identifying options for mitigating security-related risks and assisting the Systems Engineering team in evaluating these options.
- Supporting security activities in communications with regulatory bodies, ensuring compliance with relevant standards.
- Contributing to Medtronic's understanding of current industry best practices and how they can be applied to ET Products.
- Applying advanced technical principles, theories, and concepts to improve NS-ET's position in Information and Product Security.
- Working under consultative direction towards long-range goals and objectives, developing advanced technical ideas and guiding their development into final products.
- Leading, coordinating, executing, or assisting activities to sustain/develop organic or inorganic security testing capabilities in alignment with Medtronic's testing strategies.
- Maintaining a high level of technical knowledge on security through continuous learning and research.
- Automating the running of vulnerability scans and the creation of reports.
- Creating, managing/maintaining a database of vulnerabilities by product line, mapping them to CVEs.
- Performing duties in compliance with environmental, health, and safety related site rules, policies, or governmental regulations.
- Championing consistent implementation of the Quality System across all projects.
Must-Have Skills and Experience
- B.E./B.Tech in Computer Science or similar Engineering discipline.
- 5-7 years of software development experience with a B.E./B.Tech. degree.
- OR 5 years of software development experience with an M.E./M.Tech. degree.
- Application software development experience.
- Software test experience.
- Strong expertise in scripting languages such as Python or Unix Shell, and JSON.
- Strong expertise in using Excel and generating reports.
- Cybersecurity Certification like CEH (Certified Ethical Hacker).
Preferred Skills and Qualifications
- Knowledge of programming, preferably in C++.
- Experience with Product Security / Information security.
- Experience with Risk Management and Systems Engineering processes.
- Experience analyzing and documenting requirements.
- Experience in developing threat models for products.
- Strong understanding of product and system security aspects.
- Hands-on experience with penetration testing (pentest) and using security assessment tools at code, system, and network levels.
- Knowledge on secure authentication, authorization, and encryption mechanisms to implement in design and code.
- Knowledge of assessment and vulnerability ranking tools such as NIST and CVSS.
- Knowledge of cybersecurity and data privacy is preferred, but not mandatory.
- Strong oral and written communication skills.
