Medtronic plc
Principal Product Security Engineer - Software - CRDN
Medtronic plc, Mounds View, Minnesota, United States
We anticipate the application window for this opening will close on - 17 Oct 2025Bei Medtronic kannst Du eine Karriere für Dein Leben starten. Und Dich für ein gerechtes und innovatives Gesundheitswesen einsetzen, das für alle zugänglich ist. Du wirst zielstrebig Barrieren abbauen, die Innovationen in einer stärker vernetzten und solidarischen Welt im Wege stehen.**Ein Tag im Leben**Principal Software Engineer – Product Security
Careers that Change Lives
Medtronic is a global leader in medical technology, services, and solutions that take on the healthcare industry's greatest challenges. Engineers and Scientists create our market-leading portfolio of innovations. Join the Coronary & Renal Denervation team and help us bring the next generation of life-changing medical technology to patients worldwide. At Medtronic, we push the limits of what technology can do to help alleviate pain, restore health, and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be. Come for a job, stay for a career.
Treatments We Offer:
Renal Denervation
Key Technologies
Symplicity Spyral Renal Denervation (RDN) System
Medtronic’s Coronary and Renal Denervation (CRDN) business is looking for a Principal Product Security Engineer - Software to be part of a high-performing team that is revolutionizing the design and development of energy based therapeutic medical devices to treat hypertension. In this role, you will leverage both your technical breadth and business acumen to support the newly approved therapy medical device software and participate in the design and development of next generation medical devices and software products.
This position is in Mounds View, MN. within the Coronary & Renal Denervation (CRDN) operating unit. At Medtronic, we bring bold ideas forward with speed and decisiveness to put patients first in everything we do. In-person exchanges are invaluable to our work. We are working on-site 4 days per week as part of our commitment to fostering a culture of professional growth and cross-functional collaboration as we work together to engineer the extraordinary. This role will require less than 10% of travel to enhance collaboration and ensure successful completion of projects.
We believe that when people from different cultures, genders, and points of view come together, innovation is the result —and everyone wins. Medtronic walks the walk, creating an inclusive culture where you can thrive.**A Day in The Life**
The Principal Product Security Engineer - Software is instrumental in ensuring the robust security of our products and solutions. This pivotal role spearheads the integration of state-of-the-art security measures, identifies potential vulnerabilities, and champions initiatives to bolster cyber-resiliency throughout the product's life cycle. An understanding of regulated embedded devices, environments that underpin client-facing medical device solutions, and adherence to product security compliance frameworks is essential.In general, the following responsibilities apply for the Principal **Product Security Engineer – Software** role. This includes, but is not limited to the following:* Product Security - Support and lead integration of security into the product development lifecycle, ensuring that security considerations are incorporated from design to deployment. Assist in implementing security measures across medical devices, OT, ICS, IoT, and enterprise security processes/standards. Work closely with scrum teams to ensure security is a core part of the product design and development process in Agile environment.* Risk Assessment - Conduct threat modeling, security risk evaluations, and vulnerability assessments to identify and mitigate potential security risks throughout the product lifecycle. Work under limited supervision to address security threats and provide recommendations for risk mitigation. Collaborate with cross-functional teams to ensure risks are evaluated and managed in alignment with security best practices and regulatory requirements.* Security Architecture - Contribute to the design and deployment of secure medical device architectures and product designs. Assist in the implementation of key security features such as secure boot, secure communications, data protection, secure updates, secure integration, and access controls. Collaborate with senior engineers to ensure that security architecture aligns with product security requirements and best practices. Provide input on security design decisions and work to ensure effective implementation throughout the product lifecycle.* Security Standards & Testing - Assist in maintaining and implementing security standards, policies, and procedures for medical device systems and product development. Contribute to security testing activities, including vulnerability scanning, penetration testing, and code reviews. Collaborate with scrum teams to ensure adherence to security standards and participate in evaluating testing results to identify and address security vulnerabilities. Provide guidance on testing procedures and contribute to continuous improvement of security practices.* Security Awareness - Contribute to promoting security awareness and assist in delivering training across cross-functional product development teams. Help foster a security-conscious culture by sharing best practices and providing support on security-related topics. Collaborate with engineers to ensure that teams understand the importance of security in product development and work towards embedding security into everyday practices.* Compliance - Ensure compliance with industry standards and regulations related to medical device and health software product security, such as NIST, IEC 60601-4-5, IEC 81001-5-1, and others.* Vendor Assessment - Evaluate third-party vendors and suppliers for their security practices and ensure they meet our security requirements.* Incident Management - Lead and support the effective response to security incidents, ensuring swift resolution, proper mitigation, and clear communication to stakeholders, including customers when needed.* Documentation - Maintain detailed documentation of security best practices, guidance, configurations, design patterns, shared service designs, inventories, incident response plans, security architectures, and reports.* Product Security Strategy & Continuous Learning - Participate in ongoing professional development to stay current with emerging cybersecurity trends and threats related to medical devices and health software products. Contribute to the development and refinement of product security strategies within the Operating Unit (OU), ensuring alignment with established industry best practices and regulatory requirements. Collaborate with senior team members to implement security measures and continuously improve product security processes.**The successful candidate will have:*** Previous experience as security engineer for software products* Experience in cybersecurity, threat modeling, security incident management, and contributing to proactive security strategies.* Hands-on experience in developing, debugging, and troubleshooting SW issues.* Experience working in agile software development teams**Qualifications**-**MUST HAVE - MINIMUM REQUIREMENTS**:TO BE CONSIDERED FOR THIS ROLE, PLEASE BE SURE THE MINIMUM REQUIREMENTS ARE EVIDENT ON YOUR RESUME* Bachelor’s degree in Computer Engineering, Software Engineering, Computer Science, Electrical Engineering, Biomedical engineering, or technical field.* Minimum of 7 years of technical experience, or advanced degree with 5 years of technical experience**Nice to Have*** Minimum 2 years of embedded device experience in a regulated industry* Security certifications (e.g. GSEC, CISSP, CISA, GCIH, CC)* Bachelor’s degree in related #J-18808-Ljbffr
Careers that Change Lives
Medtronic is a global leader in medical technology, services, and solutions that take on the healthcare industry's greatest challenges. Engineers and Scientists create our market-leading portfolio of innovations. Join the Coronary & Renal Denervation team and help us bring the next generation of life-changing medical technology to patients worldwide. At Medtronic, we push the limits of what technology can do to help alleviate pain, restore health, and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be. Come for a job, stay for a career.
Treatments We Offer:
Renal Denervation
Key Technologies
Symplicity Spyral Renal Denervation (RDN) System
Medtronic’s Coronary and Renal Denervation (CRDN) business is looking for a Principal Product Security Engineer - Software to be part of a high-performing team that is revolutionizing the design and development of energy based therapeutic medical devices to treat hypertension. In this role, you will leverage both your technical breadth and business acumen to support the newly approved therapy medical device software and participate in the design and development of next generation medical devices and software products.
This position is in Mounds View, MN. within the Coronary & Renal Denervation (CRDN) operating unit. At Medtronic, we bring bold ideas forward with speed and decisiveness to put patients first in everything we do. In-person exchanges are invaluable to our work. We are working on-site 4 days per week as part of our commitment to fostering a culture of professional growth and cross-functional collaboration as we work together to engineer the extraordinary. This role will require less than 10% of travel to enhance collaboration and ensure successful completion of projects.
We believe that when people from different cultures, genders, and points of view come together, innovation is the result —and everyone wins. Medtronic walks the walk, creating an inclusive culture where you can thrive.**A Day in The Life**
The Principal Product Security Engineer - Software is instrumental in ensuring the robust security of our products and solutions. This pivotal role spearheads the integration of state-of-the-art security measures, identifies potential vulnerabilities, and champions initiatives to bolster cyber-resiliency throughout the product's life cycle. An understanding of regulated embedded devices, environments that underpin client-facing medical device solutions, and adherence to product security compliance frameworks is essential.In general, the following responsibilities apply for the Principal **Product Security Engineer – Software** role. This includes, but is not limited to the following:* Product Security - Support and lead integration of security into the product development lifecycle, ensuring that security considerations are incorporated from design to deployment. Assist in implementing security measures across medical devices, OT, ICS, IoT, and enterprise security processes/standards. Work closely with scrum teams to ensure security is a core part of the product design and development process in Agile environment.* Risk Assessment - Conduct threat modeling, security risk evaluations, and vulnerability assessments to identify and mitigate potential security risks throughout the product lifecycle. Work under limited supervision to address security threats and provide recommendations for risk mitigation. Collaborate with cross-functional teams to ensure risks are evaluated and managed in alignment with security best practices and regulatory requirements.* Security Architecture - Contribute to the design and deployment of secure medical device architectures and product designs. Assist in the implementation of key security features such as secure boot, secure communications, data protection, secure updates, secure integration, and access controls. Collaborate with senior engineers to ensure that security architecture aligns with product security requirements and best practices. Provide input on security design decisions and work to ensure effective implementation throughout the product lifecycle.* Security Standards & Testing - Assist in maintaining and implementing security standards, policies, and procedures for medical device systems and product development. Contribute to security testing activities, including vulnerability scanning, penetration testing, and code reviews. Collaborate with scrum teams to ensure adherence to security standards and participate in evaluating testing results to identify and address security vulnerabilities. Provide guidance on testing procedures and contribute to continuous improvement of security practices.* Security Awareness - Contribute to promoting security awareness and assist in delivering training across cross-functional product development teams. Help foster a security-conscious culture by sharing best practices and providing support on security-related topics. Collaborate with engineers to ensure that teams understand the importance of security in product development and work towards embedding security into everyday practices.* Compliance - Ensure compliance with industry standards and regulations related to medical device and health software product security, such as NIST, IEC 60601-4-5, IEC 81001-5-1, and others.* Vendor Assessment - Evaluate third-party vendors and suppliers for their security practices and ensure they meet our security requirements.* Incident Management - Lead and support the effective response to security incidents, ensuring swift resolution, proper mitigation, and clear communication to stakeholders, including customers when needed.* Documentation - Maintain detailed documentation of security best practices, guidance, configurations, design patterns, shared service designs, inventories, incident response plans, security architectures, and reports.* Product Security Strategy & Continuous Learning - Participate in ongoing professional development to stay current with emerging cybersecurity trends and threats related to medical devices and health software products. Contribute to the development and refinement of product security strategies within the Operating Unit (OU), ensuring alignment with established industry best practices and regulatory requirements. Collaborate with senior team members to implement security measures and continuously improve product security processes.**The successful candidate will have:*** Previous experience as security engineer for software products* Experience in cybersecurity, threat modeling, security incident management, and contributing to proactive security strategies.* Hands-on experience in developing, debugging, and troubleshooting SW issues.* Experience working in agile software development teams**Qualifications**-**MUST HAVE - MINIMUM REQUIREMENTS**:TO BE CONSIDERED FOR THIS ROLE, PLEASE BE SURE THE MINIMUM REQUIREMENTS ARE EVIDENT ON YOUR RESUME* Bachelor’s degree in Computer Engineering, Software Engineering, Computer Science, Electrical Engineering, Biomedical engineering, or technical field.* Minimum of 7 years of technical experience, or advanced degree with 5 years of technical experience**Nice to Have*** Minimum 2 years of embedded device experience in a regulated industry* Security certifications (e.g. GSEC, CISSP, CISA, GCIH, CC)* Bachelor’s degree in related #J-18808-Ljbffr