Sr Principal Product Security Engineer, Mounds View, MN

We anticipate the application window for this opening will close on - 2 May 2025

 

At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world.

A Day in the LifeCareers that Change Lives

We value what makes you unique. Be a part of a company that thinks differently to solve problems, make progress, and deliver meaningful innovations.

The Cardiac and Vascular Group brings all of our cardiac and vascular businesses together into one cross-functional, collaborative operating unit to employ the full breadth of our talent, technologies, products, services, and solutions to address the needs of customers and patients across the globe. Cardiac Rhythm Management offers devices and therapies to treat abnormal heart rhythms, as well as cardiac monitoring solutions.

Be on the frontlines of the emerging area of medical device cybersecurity as an integral member and technical leader within a team responsible for creating, deploying, and monitoring cybersecurity and information security solutions for
Medtronic’s medical devices and supporting IT infrastructure. Interact with external and internal cybersecurity researchers to identify and remediate vulnerabilities within Medtronic products and systems. Work directly with R&D teams to ensure all relevant security risks are identified and evaluated, and appropriate and well-balanced solutions are implemented. Develop project security management deliverables for regulatory bodies to comply with standards / guidance documents, and successfully communicate cybersecurity technology to customers, regulatory bodies, and other stakeholders.

Responsibilities may include the following and other duties may be assigned.

• Performs security assessments of company products that may include vulnerability and risk assessments, threat analysis, and security code reviews to identify potential design and implementation vulnerabilities.

• Designs and develops security features for products including systems, applications and/or solutions.

• Integrates new security features and updates into existing products and ensures the security of all products is maintained throughout the product lifecycle.

• Provides product security engineering recommendations and resolves integration and testing issues.

• Builds a standardized set of security product requirements and produces metrics to report performance against those requirements.

• Reviews and defines security diagnostics and tools to facilitate the analysis and reporting of security events.

• Detects and mitigates security risks, responds to product security incidents, and works with customers regarding product security related issues.

• Leads or participates in security architecture and design review meetings.

• Performs the post-market security activities for medical devices, including vulnerability assessments, threat modeling, and risk analysis.

• Develops and implements security strategies and best practices to protect medical device systems from emerging threats.

• Collaborates with cross-functional teams, including R&D, Quality, Regulatory, and IT, to ensure security requirements are maintained and improved upon for released systems.

• Monitors and analyzes security incidents, vulnerabilities, and threats related to medical devices in the field.

• Conducts root cause analysis and develops corrective and preventive actions for security-related issues.

• Provides technical guidance and mentorship to junior engineers and other team members.

• Prepares and presents security metrics, reports, and recommendations to senior leadership and regulatory bodies.

• Participates in external security forums, working groups, and industry conferences to represent the company and share knowledge.​

Must Have: Minimum Requirements- To be considered for this role, please ensure the minimum requirements are evident in your applicant profile. 

• Bachelors degree required

• Minimum of 10 years of relevant experience, or advanced degree with a minimum of 8 years relevant experience

Nice to Have:

• Industry-recognized certifications such as [CISSP, CSSLP, CISM, OCSP, SEC+] are highly desirable

• Demonstrated experience in staying updated with evolving regulations in the medical device sector.

• Strong knowledge of cybersecurity principles, standards, and regulations (e.g., ISO 27001, NIST, FDA cybersecurity guidelines).

• Strong knowledge of security protocols and risk management

• Experience with vulnerability management and incident response

• Proven experience with scripting via Python (or alternate programing language)

• Proficiency in security tools and technologies, such as SIEM, IDS/IPS, and vulnerability scanners.

• Previous experience in cardiac implantable systems or other high-risk medical devices.

• Experience with vulnerability assessment tools, penetration testing, and security incident response.

• Excellent problem-solving skills and the ability to think critically and strategically.

• Ability to adapt to the fast-evolving cybersecurity landscape and implement proactive strategies.

• Demonstrated aptitude in identifying challenges and providing innovative solutions.

• Experience in mentoring and leading junior security engineers, fostering growth within the team.

About Medtronic

Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology, therapies and services can do to help alleviate pain, restore health and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be. 

We want to accelerate and advance our ability to create meaningful innovations - but we will only succeed with the right people on our team. Let’s work together to address universal healthcare needs and improve patients’ lives. Help us shape the future. 

Physical Job Requirements

The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. For Office Roles: While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to interact with a computer and communicate with peers and co-workers. Contact your manager or local HR to understand the Work Conditions and Physical requirements that may be specific to each role. (ADA-United States of America).  A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create.  

We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage. Learn more about our benefits here.  

 This position is eligible for a short-term incentive plan.  Learn more about Medtronic Incentive Plan (MIP)  here. 

he provided base salary range is used nationally (except in certain CA locations). The rate offered is compliant with federal/local regulations and may vary by experience, certification/education, market conditions, location, etc.  Base pay is based on numerous factors and may vary depending on job-related knowledge, skills, and experience. 

Physical Job Requirements

The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position. 

The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. For Office Roles: While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to interact with a computer, and communicate with peers and co-workers. Contact your manager or local HR to understand the Work Conditions and Physical requirements that may be specific to each role.

Benefits & Compensation
 

Medtronic offers a competitive Salary and flexible Benefits Package
A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create.  We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage.
 

Salary ranges for U.S (excl. PR) locations (USD):$174,400- $267,600

The base salary range is applicable across the United States, excluding Puerto Rico and specific locations in California. The offered rate complies with federal and local regulations and may vary based on factors such as experience, certification/education, market conditions, and location. Compensation and benefits information pertains solely to candidates hired within the United States (local market compensation and benefits will apply for others).

The following benefits and additional compensation are available to those regular employees who work 20+ hours per week: Health, Dental and vision insurance, Health Savings Account, Healthcare Flexible Spending Account, Life insurance, Long-term disability leave, Dependent daycare spending account, Tuition assistance/reimbursement, and Simple Steps (global well-being program).

 

The following benefits and additional compensation are available to all regular employees: Incentive plans, 401(k) plan plus employer contribution and match, Short-term disability, Paid time off, Paid holidays, Employee Stock Purchase Plan, Employee Assistance Program, Non-qualified Retirement Plan Supplement (subject to IRS earning minimums), and Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums).

 

Regular employees are those who are not temporary, such as interns.  Temporary employees are eligible for paid sick time, as required under applicable state law, and the Employee Stock Purchase Plan. Please note some of the above benefits may not apply to workers in Puerto Rico.

 

Further details are available at the link below:

Medtronic benefits and compensation plans

About Medtronic

We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions.
Our Mission — to alleviate pain, restore health, and extend life — unites a global team of 95,000+ passionate people. 
We are engineers at heart— putting ambitious ideas to work to generate real solutions for real people. From the R&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary.

Learn more about our business, mission, and our commitment to diversity here.

It is the policy of Medtronic to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Medtronic will provide reasonable accommodations for qualified individuals with disabilities.

If you are applying to perform work for Medtronic, Inc. (“Medtronic”) in any position which will involve performing at least two (2) hours of work on average each week within the unincorporated areas of Los Angeles County, you can find here a list of all material job duties of the specific job position which Medtronic reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of a conditional offer of employment. Medtronic will consider for employment qualified job applicants with arrest or conviction records in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.