The Product Security Engineer II plays a critical role in ensuring the cybersecurity of medical devices throughout their entire lifecycle. This includes leading vulnerability assessments, driving risk mitigation strategies, and ensuring compliance with global regulatory standards such as FDA and ISO 13485. The role involves close collaboration with R&D and engineering teams to embed security into product design, development, and post-market support. The engineer is responsible for identifying, analyzing, and addressing security threats, while also contributing to the creation of secure architectures and controls. This position supports Medtronic’s mission to deliver safe, reliable, and compliant medical technologies by integrating cybersecurity best practices into Agile development workflows and maintaining robust documentation for audits and regulatory submissions.
Responsibilities
- Lead cybersecurity efforts for medical devices, including incident response, vulnerability assessment, and mitigation strategies.
- Design and implement intrusion detection capabilities at the product level to identify potential threats.
- Collaborate with R&D teams to conduct product risk assessments and recommend appropriate security controls.
- Contribute to the development, implementation, and testing of security requirements and processes for medical products.
- Ensure security documentation meets regulatory standards and supports compliance efforts.
- Evaluate and test security risks throughout the entire product development lifecycle, including post-market devices.
- Engage in Agile development practices to integrate security into continuous development workflows.
- Manage the delivery of security artifacts required for regulatory submissions and ongoing compliance.
Requirements
- Bachelor’s degree in Computer Science, Software Engineering, or a related field, or equivalent practical experience.
- Professional certification such as CISSP or comparable knowledge demonstrated through experience or education in cybersecurity and information assurance.
- Minimum of four years of relevant cybersecurity experience, or two years with an advanced degree.
- Hands-on experience with operating systems including Linux, Windows, Android, or iOS.
- Strong problem-solving abilities and meticulous attention to detail in technical environments.
Nice to Have
- Experience managing security incidents and coordinating response activities.
- Familiarity with log management and analysis tools such as Splunk.
- Programming proficiency in one or more languages including C, C++, Python, Java, .NET, Go, Ruby, Scala, or Bash.
- Knowledge of healthcare or other heavily regulated industries.
- Understanding of national and international regulations related to medical device cybersecurity.
- Familiarity with wireless communication technologies.
- Experience with FDA and ISO design control requirements is advantageous.
Tech Stack
Linux, Windows, Android, iOS, Splunk, C, C++, Python, Java, .NET, Go, Ruby, Scala, Bash
Benefits
- Competitive Salary
- Flexible Benefits Package
- Medtronic Incentive Plan (MIP) - short-term incentive
Compensation
competitive. Includes participation in the Medtronic Incentive Plan (MIP) as a short-term incentive.
Team
Collaborates with product R&D teams and participates in Agile development processes.
- Innovation
- Compassion
- Diversity
- Engineering excellence
- Global impact
- Purpose-driven work
Additional Information
- Regulatory compliance with key standards and guidance documents is required.
- Understanding of national and international laws, regulations, and policies related to regulated medical device cybersecurity is preferred.
- Position involves participation in Agile ceremonies.
- Experience with FDA and ISO design control requirements is a plus.
- Physical job requirements reflect the general nature and level of work performed but are not exhaustive.
