Cybersecurity Architect
Carrier
CloudCyber SecuritySDLC
Senior Product Security Engineer
Medtronic
full-time
Posted on:
Origin: • 🇺🇸 United States • Colorado
Visit company websiteSalary
💰 $125,600 - $188,400 per year
Job Level
Senior
Tech Stack
CloudCyber SecuritySDLC
About the role
- Ensure the security of Medtronic Surgical Operating Unit medical device solutions and integrate advanced cybersecurity measures throughout the product lifecycle
- Serve as a technical subject matter expert and mentor, collaborating across teams and reporting to the Director of Product Security
- Drive security integration into all stages of the product lifecycle, from concept and design to postmarket; embed secure design patterns in embedded and cloud-connected environments
- Lead or contribute to threat modeling sessions and conduct security risk assessments in accordance with IEC 81001-5-1, ISO 14971, and FDA premarket cybersecurity guidance
- Collaborate on the design and implementation of secure architectures focusing on secure boot, secure communications, data protection, access control, secure software updates, and hardware-software integration
- Support and interpret results from vulnerability scans, penetration tests, and static/dynamic code analysis; coordinate with internal teams and third-party vendors for risk mitigation
- Promote a culture of security awareness within R&D, mentor junior engineers, and lead through documentation, review participation, and knowledge sharing
- Ensure alignment with applicable standards (e.g., NIST, IEC 60601-4-5, IEC 81001-5-1) and support security documentation efforts for global regulatory submissions
- Review and assess the cybersecurity posture of third-party suppliers and open-source software components used within product designs
- Support technical investigation and resolution of postmarket security incidents, lead root cause investigations, containment strategies, and risk assessments
- Maintain comprehensive security documentation including threat model diagrams, risk assessments, shared service inventories, design patterns, security guidelines, and product security plans/reports
Requirements
- Bachelor's degree and 4 years of relevant experience, or a Master’s degree with 2 years of relevant experience
- Minimum 4 years of relevant experience, or 2 years with an advanced degree
- Minimum 1 year of experience integrating security into embedded systems or connected medical devices in a regulated product development environment
- Working knowledge of secure development lifecycle (SDLC), secure boot, cryptography, secure firmware update, secure communication, and hardware/software interface security
- Demonstrated ability to implement secure architecture in embedded and connected device ecosystems
- Experience working with engineering teams to integrate cybersecurity into real-time systems, embedded firmware, connected devices, or other product-level security contexts
- Experience supporting or mentoring junior security engineers
- Familiarity with FDA and MDR cybersecurity submission requirements
- Knowledge of secure coding practices and common vulnerabilities (e.g., OWASP, CWE, CVSS)
- Experience participating in cross-functional design reviews or formal design assurance processes
- Working knowledge of secure boot chains, cryptographic controls, and device authentication protocols
- Industry-recognized certifications (e.g., CISSP, CSSLP, CISM, CEH) (nice to have)
- Master’s degree in a relevant engineering or cybersecurity field (nice to have)
- Ability to support technical investigation and resolution of postmarket security incidents or field issues
Similar jobs on JobTailor
Senior Cyber Security Engineer – Application Development
Switzerland Global Enterprise
CloudCyber SecurityLinuxPythonRTOSSDLC
Director of Information Security
iHerb, LLC
CloudCyber SecuritySDLC
Senior Internal IT Auditor - Hybrid - Chicago, IL
CDW
CloudSDLC
Information Security Analyst
ActiveState
CloudCyber SecurityOpen SourcePythonSDLC