Sr Principal Product Security Engineer

A Day in the Life

The Sr Principal Product Security Engineer is a key member of the Medtronic Surgical Operating Unit (OU) team. Reporting to the Director of Product Security, the role drives the integration of advanced cybersecurity measures, identifies and mitigates potential vulnerabilities, and supports initiatives that improve cyber‑resiliency throughout the product lifecycle. As a technical subject‑matter expert and mentor, you collaborate across engineering, quality, and program teams to embed security into real‑time systems, embedded firmware, and connected medical devices.

Key Responsibilities

• Product Security Strategy & Continuous Learning – Stay current with cybersecurity trends for medical devices and contribute to OU and enterprise security strategy aligned with best practices and regulatory requirements.
• Product Security – Lead the integration of security throughout the product development lifecycle for medical devices, OT, IC systems, IoT, and enterprise solutions.
• Risk Assessment – Perform threat modeling, risk evaluations, and vulnerability assessments to uncover and mitigate security threats.
• Security Architecture – Design and deploy secure medical device solutions, addressing secure boot, communications, data protection, updates, integration, and access controls.
• Security Standards & Testing – Enforce policies and standards; oversee penetration testing, vulnerability scanning, and code reviews.
• Security Awareness – Promote and deliver training to foster a security‑conscious culture.
• Compliance – Ensure adherence to standards such as NIST, IEC 60601‑4‑5, IEC 81001‑5‑1, and other regulatory requirements.
• Vendor Assessment – Evaluate third‑party vendors for security practices and compliance with Medtronic’s requirements.
• Incident Management – Lead and support incident response, ensuring swift resolution, mitigation, and stakeholder communication.
• Documentation – Maintain detailed records of security best practices, configurations, designs, inventory, incident plans, and reports.

Must Have: Minimum Requirements

• Bachelor’s degree or higher (verified prior to start).
• Minimum 10 years of relevant experience or an advanced degree with at least 8 years of relevant experience.
• Minimum 5 years of embedded device product security experience in a regulated industry.

Nice to Have

• Master’s degree in engineering or cybersecurity.
• Adaptability to evolving cybersecurity landscapes and a proactive approach.
• Track record of mentoring and leading junior security engineers.
• Knowledge of evolving medical device regulations.
• Industry certifications such as CISSP, CSSLP, or CISM.
• Proficiency in secure coding standards.

Physical Job Requirements

The role requires regular independent mobility, interaction with a computer, and communication with peers. Reasonable accommodations may be made for individuals with disabilities. For office roles, typical duties include computer use and collaboration.

Benefits & Compensation

Competitive salary range for U.S. locations (excluding Puerto Rico) is $187,200.00 – $280,800.00 (USD). Benefits include health, dental, vision insurance, HSA, FSA, life insurance, disability leave, tuition assistance, 401(k) with employer match, paid time off, holidays, and employee stock purchase plans. Additional incentives, bonus plans, and long‑term partial equity are available for eligible positions.

About Medtronic

Medtronic leads global healthcare technology, transforming lives through medical devices, robotics, and digital solutions. Our mission is to alleviate pain, restore health, and extend life. We cultivate a diverse, inclusive culture that empowers innovation.

Equal Employment Opportunity

Medtronic is an equal opportunity employer. We provide reasonable accommodations for qualified individuals with disabilities and consider all qualified applicants irrespective of age, color, national origin, citizenship, disability, race, religion, gender, sexual orientation, veteran status, or any other protected characteristic. Employees may email RS.HRCompliance@medtronic.com to request removal of personal information from our systems.

Application Process

If you wish to pursue this opportunity, submit your application by the closing date of 6 Dec 2025. For updates on your application, log in through the candidate portal. For assistance, email AskHR@medtronic.com.