Key skills
Cyber SecurityIoTSDLCRAgileCI/CDPenetration Testing
About this role
Role Overview
- Embed security requirements into the medical device development lifecycle, partnering with R&D and systems teams from architecture through release.
- Perform system-level threat modeling (e.g., STRIDE or similar), attack surface analysis, and vulnerability assessments for connected and embedded medical devices.
- Support and review implementation of device security capabilities such as: Secure boot and root of trust, Secure firmware/software update mechanisms, Device identity and authentication, Secure communications and protocol hardening, Data protection at rest and in transit, Key management and Hardware Security Module (HSM) concepts.
- Apply modern cryptographic principles and support forward-looking strategies including quantum-resistant approaches where applicable.
- Partner with agile development teams to embed security into design reviews, code reviews, CI/CD pipelines, and verification activities.
- Define and support security V&V activities including penetration testing, static/dynamic analysis, fuzz testing, and vulnerability management.
- Ensure alignment with medical device cybersecurity expectations including: FDA premarket cybersecurity guidance, IEC 81001-5-1, ISO 14971, NIST frameworks, Relevant Medtronic quality processes.
- Support coordinated vulnerability disclosure, post-market monitoring, and security issue response for released products.
- Work closely with R&D, systems, software, quality, and regulatory teams to drive secure product development.
- Maintain awareness of evolving threats, healthcare cybersecurity trends, and regulatory expectations for connected medical devices.
Requirements
- Bachelor’s degree in Computer Science , Computer Engineering, Electrical Engineering, or related technical field and 4+ years of experience in: Embedded/device security IoT security Product security engineering OR advanced degree with 2+ years of relevant experience
- Demonstrated hands-on experience securing embedded or connected products (medical device experience strongly preferred).
- Practical experience performing system or device-level threat modeling and risk assessments.
- Strong understanding of: Embedded systems Firmware/software interactions Device communications Hardware-software security boundaries
- Working knowledge of: Modern cryptographic primitives Key management PKI concepts Secure protocol implementation
- Familiarity with medical device cybersecurity expectations and regulated product environments.
- Experience working with agile teams and integrating security into SDLC/ DevSecOps workflows.
- Strong ability to influence cross-functional engineering teams.
Tech Stack
- Cyber Security
- IoT
- SDLC
Benefits
- Health, Dental and vision insurance
- Health Savings Account
- Healthcare Flexible Spending Account
- Life insurance
- Long-term disability leave
- Dependent daycare spending account
- Tuition assistance/reimbursement
- Simple Steps (global well-being program)
- Incentive plans
- 401(k) plan plus employer contribution and match
- Short-term disability
- Paid time off
- Paid holidays
- Employee Stock Purchase Plan
- Employee Assistance Program
- Non-qualified Retirement Plan Supplement (subject to IRS earning minimums)
- Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums)