Act as point person for the AC&M organization on product security, taking accountability for the organization’s security posture
Answer questions related to product security during internal and external audits
Maintain the product security Confluence site and organize documentation related to product security
Establish and lead implementation of roadmap of goals for product security team and organization
Organize day-to-day activities of the product security team members and lead standups
Provide mentorship and guidance to junior and senior product security engineers
Support definition of roles and responsibilities for product security
Provide guidance to R&D project teams on security controls and assist with security-focused design and code reviews
Collaborate with the Medtronic Product Security Office and other R&D organizations to ensure alignment
Collaborate with project teams to create, review, and maintain threat models
Assist project teams with creating security architecture diagrams
Assist project teams with performing and documenting security risk assessments
Evaluate project deliverables for compliance with security-related standards and guidance
Assist with creation of MDS2 forms and answering product security questions from customers
Assist project teams with executing and reviewing results from SAST and DAST tools
Capture metrics to measure the organization’s security posture
Respond to product security incidents and work with customers on security-related issues
Provide security training and documentation to the R&D organization as needed
Assist project teams with building and reviewing SBOMs
Assist project teams with analyzing vulnerabilities identified by penetration testing and SBOM analysis

Requirements

Bachelor’s Degree
7+ years of cybersecurity experience with a bachelor's degree
5+ years of cybersecurity experience with a master's degree
Ability to work in a team-oriented environment
Experience working in an agile environment
Knowledge of cybersecurity standards, including IEC 81001-5-1
Knowledge of FDA pre and post-market cybersecurity guidance
Ability to navigate and align with Regulatory, Quality, and other cross functions.
Superb written and oral communication skills
Experience working in medical device space
Experience communicating with external stakeholders, such as auditors and customers
Experience with vulnerability monitoring software, such as Dependency-Track
Experience with threat modeling tools, such as Microsoft Threat Modeling Tool
Experience with penetration testing, SAST, and DAST tools
A valid cybersecurity certification, such as CISSP, CSSLP, CISM, CySA+ or Security+

Benefits

Health, Dental and vision insurance
Health Savings Account
Healthcare Flexible Spending Account
Life insurance
Long-term disability leave
Dependent daycare spending account
Tuition assistance/reimbursement
Simple Steps (global well-being program)
Incentive plans
401(k) plan plus employer contribution and match
Short-term disability
Paid time off
Paid holidays
Employee Stock Purchase Plan
Employee Assistance Program
Non-qualified Retirement Plan Supplement (subject to IRS earning minimums)
Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums)

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

cybersecuritythreat modelingpenetration testingSASTDASTsecurity risk assessmentssecurity architecturevulnerability analysissecurity controlssecurity posture metrics

Soft Skills

mentorshipteam collaborationcommunicationorganizational skillsleadershipguidanceproblem-solvingdocumentationtrainingaccountability

Certifications

CISSPCSSLPCISMCySA+Security+