We value what makes you unique. Be a part of a company that thinks differently to solve problems, make progress, and deliver meaningful innovations.
The Cardiac and Vascular Group brings all of our cardiac and vascular businesses together into one cross-functional, collaborative operating unit to employ the full breadth of our talent, technologies, products, services, and solutions to address the needs of customers and patients across the globe. Cardiac Rhythm Management offers devices and therapies to treat abnormal heart rhythms, as well as cardiac monitoring solutions.
Be on the frontlines of the emerging area of medical device cybersecurity as an integral member and technical leader within a team responsible for creating, deploying, and monitoring cybersecurity and information security solutions for Medtronic s medical devices and supporting IT infrastructure. Interact with external and internal cybersecurity researchers to identify and remediate vulnerabilities within Medtronic products and systems. Work directly with R&D teams to ensure all relevant security risks are identified and evaluated, and appropriate and well-balanced solutions are implemented. Develop project security management deliverables for regulatory bodies to comply with standards / guidance documents, and successfully communicate cybersecurity technology to customers, regulatory bodies, and other stakeholders.
The Product Security Engineer will be responsible for leading and performing product and device-oriented cybersecurity-related activities ranging from incident response to vulnerability assessments and mitigation implementation. The individual will develop and perform product-level intrusion detection activities and lead product risk assessments in conjunction with product R&D teams and develop and recommend specific security controls for product/system-wide security needs. They will participate in the creation and testing of product security-related requirements and processes, manage security-related deliverables for regulatory bodies, ensuring compliance with key standards/guidance documents, evaluate and test security risks on programs across the entire development lifecycle, including market-released products, and support emerging cybersecurity certification initiatives.
A Day in the LifeLead and perform product and device-oriented cybersecurity-related activities ranging from incident response to vulnerability assessments and mitigation implementation.
Develop and perform product-level intrusion detection activities.
Lead product risk assessments in conjunction with product R&D teams and develop and recommend specific security controls for product/system wide security needs.
Participate in the creation and testing of product security-related requirements and processes.
Manage security-related deliverables for regulatory bodies, ensuring compliance with key standards/guidance documents.
Evaluate and test security risks on programs across the entire development lifecycle, including market-released products.
Support emerging cybersecurity certification initiatives.
Maintain and update security documentation.
Create and maintain threat models using STRIDE.
Conduct hardware security testing, penetration testing, security risk assessment, and threat intelligence activities.
Analyze security posture and conduct vulnerability assessments.
Conduct penetration testing, fuzz testing, and static code analysis for security vulnerabilities.
Have software product development experience and programming skills in one or more of the following: C, C++, Python, Java, .NET, Go, Ruby, and/or Scala.
Understand national and international laws, regulations, and policies related to regulated medical device cybersecurity, as well as information security practices, risk management processes, cybersecurity principles, and incident response methodologies.
Must Have: Minimum Requirementso Experience in leading application architecture reviews and threat assessments
o Cloud systems architecture and security
o Enterprise and local network infrastructure security
o Experience in code reviews and/or penetration testing
o Large-scale application architecture and security
o Mobile device application architecture and security
o Risk assessments and cybersecurity regulatory requirements
o Experience in static and dynamic code analysis tools and methodologies
Keyskills: firewall networking risk management ids security risk system design customer relations
Nexwave ( IT)Â was established by group of IT professionals with years of experience in industry. At Nexwave, we provide Talent Management Solutions to IT, ITES, BPO, KPO, Banking and Financial Sectors. We truly understand client requirements, provide customized solutions, always maintain high ...