Sr. Product Security Engineer
Medtronic · Mounds View, MN · 6 days ago
On-siteInformation Technology$132k–$198k/yrFull-time
About the role
The Senior Product Security Engineer will play a crucial role in securing cardiac ablation medical device solutions. This role requires strong experience in integrating cybersecurity into real-time systems, embedded firmware, and connected devices.
Responsibilities
- Implement security requirements across the medical device development lifecycle by partnering with cross-functional teams and applying best practices from design through deployment.
- Conduct threat modeling and vulnerability assessments to identify, prioritize, and help mitigate security risks throughout the product lifecycle.
- Support the design and delivery of secure medical devices through implementation of capabilities such as secure boot, secure communications, data protection, software update mechanisms, system integration protections, and access controls.
- Apply medical device cybersecurity standards and guidance, including NIST, OWASP, and IEC 81001-5-1, and partner with development teams to strengthen security practices.
- Stay current on cybersecurity trends affecting medical devices and health software, share best practices, and help advance long-term product security strategy.
Requirements
- Bachelor's degree and a minimum of 4 years of relevant experience OR Master’s degree with a minimum of 2 years of relevant experience OR PhD with 0 years relevant experience
- Experience in embedded device security within a regulated industry
- Strong understanding of cybersecurity concepts and frameworks such as NIST and OWASP
- Working knowledge of secure software development lifecycle principles and security-by-design practices
- Experience collaborating with engineering teams to identify and address product security risks
- Familiarity with medical device cybersecurity standards and guidance, including IEC 81001-5-1, ISO 14971, and FDA premarket and post-market cybersecurity guidance
- Experience supporting FDA and other regulatory cybersecurity submissions
- Experience with connected healthcare systems or cloud-connected medical devices
- Security certifications such as CompTIA Security+, CISSP, or similar