Senior Product Security Engineer

At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world.

A Day in the Life

We value what makes you unique. Be a part of a company that thinks differently to solve problems, make progress, and deliver meaningful innovations.

The Cardiac and Vascular Group brings all of our cardiac and vascular businesses together into one cross-functional, collaborative operating unit to employ the full breadth of our talent, technologies, products, services, and solutions to address the needs of customers and patients across the globe. Cardiac Rhythm Management offers devices and therapies to treat abnormal heart rhythms, as well as cardiac monitoring solutions.

  

Be on the frontlines of the emerging area of medical device cybersecurity as an integral member and technical leader within a team responsible for creating, deploying, and monitoring cybersecurity and information security solutions for Medtronic’s medical devices and supporting IT infrastructure. Interact with external and internal cybersecurity researchers to identify and remediate vulnerabilities within Medtronic products and systems. Work directly with R&D teams to ensure all relevant security risks are identified and evaluated, and appropriate and well-balanced solutions are implemented.  Develop project security management deliverables for regulatory bodies to comply with standards / guidance documents, and successfully communicate cybersecurity technology to customers, regulatory bodies, and other stakeholders.

Job Summary:

We are seeking a highly skilled and experienced Senior Mobile Application Security Engineer to lead the security efforts for our mobile platforms (iOS and Android). You will be responsible for identifying vulnerabilities, implementing security best practices, and working closely with development teams to ensure secure mobile application design and deployment.

Responsibilities may also include the following and other duties may be assigned.

• Conduct security assessments and code reviews of mobile applications (iOS and Android).
• Perform in-depth security assessments of mobile applications using static and dynamic analysis tools.
• Perform threat modeling and risk assessments for mobile app features and architecture.
• Integrate security tools and processes into the CI/CD pipeline for mobile development.
• Deep understanding of OWASP Mobile Top 10 and mobile attack vectors.
• Collaborate with developers to remediate vulnerabilities and implement secure coding practices.
• Lead penetration testing efforts and coordinate with third-party security vendors.
• Expert knowledge of iOS and Android security architectures and frameworks
• Proficiency in mobile security testing tools (OWASP ZAP, Burp Suite, MobSF, etc.)
• Strong understanding of mobile apps reverse engineering and binary analysis
• Monitor and respond to mobile security incidents and vulnerabilities (e.g., OWASP MASVS, CVEs).
• Stay updated on the latest mobile security threats, tools, and trends.
• Develop and maintain mobile security policies, standards, and guidelines.
• Mentor junior security engineers and provide technical leadership.
• Participate in incident response activities for mobile security events.
• Leads or participates in security architecture and design review meetings.

Must Have: Minimum Requirements

• An undergraduate (bachelors) or graduate degree in computer science, computer engineering, electrical engineering, or similar discipline.  
• Experience in embedded devices vulnerability assessment, especially medical devices and Threat Modelling and risk scoring 
• Formal education in cybersecurity and information assurance. 
• Minimum 7-year experience & 4 years of technical, cybersecurity-related experience,  
• Experience in analyzing security posture and vulnerability assessment.
• experience in penetration testing, fuzz testing of Web, enterprise cloud and Desktop solutions, (Black box, gray box and Whitebox testing)
• Demonstrated understanding of information security practices, risk management processes, cybersecurity principles, and incident response methodologies.

Nice to Have: 

• Proficiency in mobile development languages (Swift, Objective-C, Java, Kotlin)
• Security Certifications (i.e. CEH, CISA, CISM, Security+, GSEC, OSCP, etc.)
• Familiarity of embedded environments, vulnerability scanning tools, and common attack routes
• Strong technical and troubleshooting skills.
• Capability to research and evaluate emerging technologies. 
• Innovative thinker with the ability to think outside of the current norms and processes.
• Demonstrated ability to be flexible.
• Excellent written and verbal communication skills
• Demonstrated ability to develop and grow productive, trusting, and open relationships with a wide variety of constituencies.
• Demonstrated leadership and teamwork skills.
• Demonstrated ability to communicate complexity in a clear manner.
• Demonstrated experience interfacing with customers and other external stakeholders regarding cybersecurity system design and behavior.
• Demonstrated strong analytical, critical thinking skills.

About Medtronic

Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology, therapies and services can do to help alleviate pain, restore health, and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be. 

We want to accelerate and advance our ability to create meaningful innovations - but we will only succeed with the right people on our team. Let us work together to address universal healthcare needs and improve patients’ lives. Help us shape the future. 

Physical Job Requirements

The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position. 

The physical demands described within the Day in the Life section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions.

Physical Job Requirements

The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position. 

Benefits & Compensation

Medtronic offers a competitive Salary and flexible Benefits Package
A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create.  We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage.
 

About Medtronic

We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions.
Our Mission — to alleviate pain, restore health, and extend life — unites a global team of 95,000+ passionate people. 
We are engineers at heart— putting ambitious ideas to work to generate real solutions for real people. From the R&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary.

Learn more about our business, mission, and our commitment to diversity here