Principal Information Security Engineer
Gravie
AWSCloud
Senior Product Security Engineer
Medtronic
full-time
Posted on:
Location Type: Hybrid
Location: Lafayette • Colorado, Connecticut, Massachusetts, Minnesota • 🇺🇸 United States
Visit company websiteSalary
💰 $125,600 - $188,400 per year
Job Level
Senior
Tech Stack
CloudCyber SecuritySDLC
About the role
- Stay abreast of emerging cybersecurity threats, technologies, and regulations specific to medical devices and health software.
- Contribute to OU and enterprise-wide product security strategy and roadmap development.
- Drive security integration into all stages of the product lifecycle, from concept and design to postmarket.
- Work closely with system architects, software leads, and hardware engineers to embed secure design patterns in both embedded and cloud-connected environments.
- Lead or contribute to threat modeling sessions, conduct security risk assessments, and identify mitigation strategies in accordance with IEC 81001-5-1, ISO 14971, and FDA premarket cybersecurity guidance.
- Collaborate on the design and implementation of secure architectures, focusing on secure boot, secure communications, data protection, access control, secure software updates, and hardware-software integration.
- Support and interpret results from vulnerability scans, penetration tests, and static/dynamic code analysis.
- Coordinate with internal teams and third-party vendors to ensure timely and appropriate risk mitigation.
- Promote a culture of security awareness within R&D and provide support to more junior engineers.
- Ensure alignment with applicable standards (e.g., NIST, IEC 60601-4-5, IEC 81001-5-1) and support security documentation efforts for global regulatory submissions.
- Review and assess the cybersecurity posture of third-party suppliers and open-source software components used within product designs.
- Support technical investigation and resolution of postmarket security incidents or field issues.
- Maintain comprehensive security documentation, including threat model diagrams, risk assessments, shared service inventories, design patterns, security guidelines, and product security plans/reports.
Requirements
- Bachelor's degree and 4 years of relevant experience, or a Master’s degree with 2 years of relevant experience
- Bachelor’s degree in a relevant engineering field of study (e.g., Computer Engineering, Software Engineering, or related discipline), completed and verified prior to start
- Minimum 4 years of relevant experience, or 2 years with an advanced degree
- Minimum 1 year of experience integrating security into embedded systems or connected medical devices in a regulated product development environment
- Working knowledge of secure development lifecycle (SDLC), secure boot, cryptography, secure firmware update, secure communication, and hardware/software interface security
- Master’s degree in a relevant engineering or cybersecurity field
- Industry-recognized certifications (e.g., CISSP, CSSLP, CISM, CEH)
- Experience supporting or mentoring junior security engineers
- Demonstrated ability to implement secure architecture in embedded and connected device ecosystems
- Familiarity with FDA and MDR cybersecurity submission requirements
- Knowledge of secure coding practices and common vulnerabilities (e.g., OWASP, CWE, CVSS)
- Experience participating in cross-functional design reviews or formal design assurance processes
- Working knowledge of secure boot chains, cryptographic controls, and device authentication protocols
Benefits
- Health, Dental and vision insurance
- Health Savings Account
- Healthcare Flexible Spending Account
- Life insurance
- Long-term disability leave
- Dependent daycare spending account
- Tuition assistance/reimbursement
- Simple Steps (global well-being program)
- Incentive plans
- 401(k) plan plus employer contribution and match
- Short-term disability
- Paid time off
- Paid holidays
- Employee Stock Purchase Plan
- Employee Assistance Program
- Non-qualified Retirement Plan Supplement (subject to IRS earning minimums)
- Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums)
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
cybersecuritysecure development lifecycle (SDLC)secure bootcryptographysecure firmware updatesecure communicationhardware/software interface securitythreat modelingrisk assessmentsvulnerability scans
Soft skills
mentoringcollaborationcommunicationleadershipproblem-solvingsecurity awareness promotion
Certifications
CISSPCSSLPCISMCEH
