Senior Product Security Engineer

在Medtronic，您可以开启探索和创新的终身职业生涯，同时帮助倡导人人享有医疗保健的机会和公平性。您将有的放矢地领导，在一个联系更加紧密、更富有同情心的世界中打破创新壁垒。 工作日实录 We value what makes you unique. Be a part of a company that thinks differently to solve problems, make progress, and deliver meaningful innovations. The Cardiac and Vascular Group brings all of our cardiac and vascular businesses together into one cross-functional, collaborative operating unit to employ the full breadth of our talent, technologies, products, services, and solutions to address the needs of customers and patients across the globe. Cardiac Rhythm Management offers devices and therapies to treat abnormal heart rhythms, as well as cardiac monitoring solutions. Be on the frontlines of the emerging area of medical device cybersecurity as an integral member and technical leader within a team responsible for creating, deploying, and monitoring cybersecurity and information security solutions for Medtronic’s medical devices and supporting IT infrastructure. Interact with external and internal cybersecurity researchers to identify and remediate vulnerabilities within Medtronic products and systems. Work directly with R&D teams to ensure all relevant security risks are identified and evaluated, and appropriate and well-balanced solutions are implemented. Develop project security management deliverables for regulatory bodies to comply with standards / guidance documents, and successfully communicate cybersecurity technology to customers, regulatory bodies, and other stakeholders. The Senior Product Security Engineer will be responsible for leading and performing product and device-oriented cybersecurity-related activities ranging from incident response to vulnerability assessments and mitigation implementation. The individual will develop and perform product-level intrusion detection activities and lead product risk assessments in conjunction with product R&D teams and develop and recommend specific security controls for product/system-wide security needs. They will participate in the creation and testing of product security-related requirements and processes, manage security-related deliverables for regulatory bodies, ensuring compliance with key standards/guidance documents, evaluate and test security risks on programs across the entire development lifecycle, including market-released products, and support emerging cybersecurity certification initiatives. Responsibilities may include the following and other duties may be assigned Conduct monitoring of multiple sources of vulnerability and threat intelligence to identify and triage signals pertinent to Medtronic products Create, update, and manage databases of cybersecurity-relevant information on Medtronic products Perform product and device-oriented cybersecurity-related activities ranging from incident response to vulnerability assessments and mitigation implementation. Lead product risk assessments in conjunction with product R&D teams and develop and recommend specific security controls for product/system wide security needs. Participate in the creation and testing of product security-related requirements and processes. Manage security-related deliverables for regulatory bodies, ensuring compliance with key standards/guidance documents. Evaluate and test security risks on programs across the entire development lifecycle, including market-released products. Support emerging cybersecurity certification initiatives. Maintain and update security documentation. Analyze security posture and conduct vulnerability assessments. Understand national and international laws, regulations, and policies related to regulated medical device cybersecurity, as well as information security practices, risk management processes, cybersecurity principles, and incident response methodologies. Required Knowledge and Experience BTech/ BE in computer science, computer engineering, electrical engineering, or similar discipline. CISSP or similar certification, or sufficient demonstrated experience. Formal education in cybersecurity and information assurance. Minimum of 4 years of experience with 2 years of technical, cybersecurity-related experience. Familiarity with industry practices and terminology concerning cybersecurity vulnerabilities, including Common Vulnerabilities & Exposures (CVE), Coordinated Vulnerability Disclosure (CVD), vulnerability information sources including the National Vulnerability Database (NVD), and Vulnerability Management Programs (e.g. NIST SP 800-40) Familiarity with distinctions between open-source and closed-source software Familiarity with Software Bills of Material (SBOMs), Common Platform Enumeration (CPE), and Package URL (PURL) Understanding of national and international laws, regulations, and policies related to regulated medical device cybersecurity. Demonstrated understanding of information security practices, risk management processes, cybersecurity principles, and incident response methodologies. Experience in analyzing security posture and conducting vulnerability assessments. 实体岗位要求 上述陈述旨在描述被分配到该职位的员工所从事工作的一般性质和水平，但它们并不是该职位全部必备职责和技能的详尽列表。 福利与薪酬 Medtronic提供具有竞争力的薪酬和灵活的福利待遇 对员工的承诺是我们企业价值观的核心所在。我们将对员工的贡献给予认可和表彰。员工将分享他们助力创造的成功。 我们提供各种福利、资源和有竞争力的薪酬计划，旨在在每个职业和人生阶段为您提供支持。 关于Medtronic 我们引领全球医疗保健技术，通过探索和寻找解决方案，勇敢应对人类面临的最具挑战性的健康问题。 我们的使命是减轻病痛、恢复健康、延长寿命，这一使命让我们团结了一支由90,000多名充满激情的员工组成的全球团队。 我们有着工程师情怀，即将雄心勃勃的想法付诸实践，为实际生活中的人们打造切实可行的解决方案。从研发实验室，到工厂车间，再到会议室，我们每个人都在实验、创造、构建、改进和解决。我们拥有天赋、多元化视角，并且有勇气铸就生命因科技不凡。 在此处详细了解我们的业务、使命以及对多样性的承诺 感谢您访问这个面向最近受到裁员（RIF）影响的 Medtronic 员工的职业网站。我们鼓励您在 Medtronic 探索与您的资格和兴趣相匹配的工作机会。请注意，在本网站上注册时，您需要使用外部电子邮件地址。 对于 Medtronic 的离职员工和寻求新的外部机会的人员，我们诚邀您访问我们的外部招聘网站 MedtronicCareers 寻找工作机会。 我们期待在您的职业生涯中为您提供支持。