Jobs · Information Technology · California

Cloud Product Cybersecurity Engineer

MiniMed · Los Angeles, California, United States · 2 wk ago
Information Technology$136k–$230k/yrFull-time

About the role

We anticipate the application window for this opening will close on 17 Jul 2026. At MiniMed, you can begin a lifelong career of exploration and innovation, while helping make a difference in the lives of people living with diabetes around the globe. You'll lead with purpose, breaking down barriers to innovation for a more connected, compassionate world.

Responsibilities

  • Secure Product Development
    • Embed cybersecurity requirements into the medical device product lifecycle (SDLC)
    • Define and implement secure design principles for cloud-based software as a medical device and non-medical cloud products
    • Conduct secure architecture reviews for new products and product updates
    • Partner with engineering teams to integrate security into DevOps / DevSecOps pipelines
    • Configure and maintain Cloud Monitoring and CNAPP platforms on cloud products
    • Define and enforce secure baseline standards for Amazon Machine Images (AMIs)
    • Ensure all AMIs include hardened OS configurations, EDR agents, logging, and telemetry configurations aligned with SOC monitoring requirements
    • Establish secure container base image standards (minimal OS, distroless, hardened images)
    • Enforce runtime security controls across Kubernetes/ECS environments
  • Threat Modeling & Risk Management
    • Conduct threat modeling exercises for medical device architectures
    • Perform cybersecurity risk assessments aligned with recognized risk management processes
    • Identify attack surfaces including: Mobile or cloud applications, Network integrations
    • Develop mitigation strategies and security control recommendations
    • Coordinate product vulnerability scanning and penetration testing
    • Manage vulnerabilities in accordance with coordinated vulnerability disclosure (CVD) processes
    • Assess vulnerability impact on deployed medical devices
    • Work with engineering teams to develop secure patches and remediation plans
    • Support vulnerability intelligence monitoring (e.g., CVE, NVD, ICS-CERT advisories)
  • Vulnerability Management
    • Coordinate product vulnerability scanning and penetration testing
    • Manage vulnerabilities in accordance with coordinated vulnerability disclosure (CVD) processes
    • Assess vulnerability impact on deployed medical devices
    • Work with engineering teams to develop secure patches and remediation plans
    • Support vulnerability intelligence monitoring (e.g., CVE, NVD, ICS-CERT advisories)
  • Security Testing & Validation
    • Conduct static and dynamic code analysis
    • Support penetration testing and red-team activities
    • Validate device security controls including: authentication mechanisms, encryption implementations, network protections
    • Container build time and runtime scans
    • Ensure security controls are validated during verification and validation (V&V) processes
  • Security Monitoring & Incident Response
    • Support product security monitoring capabilities for connected devices
    • Assist in investigating potential product cybersecurity incidents
    • Participate in post-market surveillance and vulnerability response processes
    • Collaborate with enterprise SOC teams when product threats intersect with corporate infrastructure
  • Cross-Functional Collaboration
    • Work Closely With Product Engineering, Privacy and Compliance Teams, Security Operations, Cloud and Infrastructure Security teams
    • The role ensures enterprise security capabilities are leveraged to protect products, while maintaining separation between enterprise IT security and product security requirements

Requirements

Requires a Bachelors degree and minimum of 7 years of relevant experience, or advanced degree with a minimum of 5 years relevant experience. Preferred Experience: Degree in Computer Science, Cybersecurity, Electrical Engineering, Software Engineering, or related field 7+ years in cybersecurity engineering, application security, or embedded security Experience working with embedded systems or IoT devices Experience with secure software development lifecycle (SSDLC) Secure coding practices (C/C++, Python, Java, or similar) Network security protocols (TLS, VPN, secure communication) Cryptographic implementations Threat modeling methodologies Security testing tools (SAST, DAST, fuzzing) Vulnerability management and remediation Experience with SBOM generation tools Familiarity with healthcare interoperability standards (HL7, FHIR, DICOM)

Qualifications

CISSP, CSSLP, GIAC GICSP, CEH, and/or Certified Medical Device Cybersecurity Professional

Physical Job Requirements

While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to interact with a computer and communicate with peers and co-workers.

Similar jobs