Product Security Engineer II

At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world.

A Day in the LifeAt Medtronic, we’re driven by our Mission to alleviate pain, restore health, and extend life for millions of people around the world, with our innovative Biomedical devices and solutions. Our people are the foundation of our mission, together with Medtronic mindset, we pursue continuous innovation to breach new frontiers of Biomedical research.
As global connectivity increases, the complexity and security challenges associated with protecting devices, infrastructure, patients, and sensitive data also grow. Product Security Engineer II is responsible for designing security measures to mitigate risks, developing effective procedural frameworks to support cyber resilience throughout the product life cycle.
The primary responsibilities may include all phases of the cyber security life cycle of medical devices. These include proactive initiates to identify, model, and evaluate cyber security threats, define security measures to mitigate the threats, develop robust implementation strategies and rigorous verification and validation mechanisms. Proactively engage with cross-functional development teams, prepare reports meeting quality and regulatory requirements.

Responsibilities may include the following and other duties may be assigned

• Product Security – Implement security requirements across the medical device development lifecycle by collaborating with teams to uphold best practices from design to deployment.
• Risk Assessment – Conduct threat modeling and vulnerability assessments to identify and mitigate security risks throughout the product lifecycle.
• Security Monitoring and Vulnerability Assessment – Continuously monitor relevant security databases (e.g. NVD), open-source reports, trends on social media related to cyber security, and proactively design and assist in risk mitigation plans.
• Incident Management – Oversee and support efficient security incident response, ensuring quick resolution, mitigation, and stakeholder communication as required.
• Automation and AI for Cyber Security: Adopt advanced AI techniques, including large language models and deep learning to efficiently identify, classify, and remediate cybersecurity vulnerabilities in medical device software and systems. The candidate should also demonstrate proficiency in writing Python code to automate security tasks, build custom tooling, and support AI-driven analysis workflows.
• Security Standards & Compliance – Ensure the implementation and maintenance of security policies for medical devices in accordance with industry standards and regulations, including NIST, IEC 60601-4-5, and IEC 81001-5-1. Conduct regular assessments and collaborate with development teams to enforce compliance and continuously enhance security practices.
• Follow the Trend - Maintain awareness of current cybersecurity trends in medical devices and health software through ongoing professional development. Collaborate to refine product security strategies and implement industry’s best practices.
• Experience as cyber security engineer for mobile platforms & embedded software products in a regulated industry
• Experience in cybersecurity, vulnerability assessments, threat modeling, security incident management, and contributing to proactive security strategies.
• Hands-on experience in building custom tools and writing automation scripts to monitor security signals from the web, open databases.

Required Knowledge and Experience

• 4+ years of experience in cyber security, mobile security, web-application security, embedded systems security, IoT security, or a related role
• Advance Degree in Computer Science, or related field with significant academic work on cyber security
• 2+ years of experience in cyber security, mobile security, web-application security, embedded systems security, IoT security, or a related role
• Preferred - Experience with medical devices, or regulated industries
• Strong understanding of cyber security concepts and frameworks (e.g.: NIST, OWASP, MITRE)
• Familiarity with security standards such as IEC 62443, IEC 62304, FDA Pre/Post Market Guidance
• Working knowledge of secure software development lifecycle (SDLC) principles, DevSecOps 
• Hands on with Python to automate tasks, web screening, etc.
• Demonstrating initiative and responsibility to ensure tasks are completed efficiently.
• Demonstrates strong team player qualities and effectively collaborates within cross-functional teams.
• Excellent problem-solving and analytical skills

Physical Job Requirements

The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position. 

Benefits & Compensation

Medtronic offers a competitive Salary and flexible Benefits Package
A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create.We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage.
 

This position is eligible for a short-term incentive called the Medtronic Incentive Plan (MIP).About Medtronic

We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions.
Our Mission — to alleviate pain, restore health, and extend life — unites a global team of 95,000+ passionate people. 
We are engineers at heart— putting ambitious ideas to work to generate real solutions for real people. From the R&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary.

Learn more about our business, mission, and our commitment to diversity here