Product Security Engineer II @ Nexwave Talent

Job Description

Careers that Change Lives

We value what makes you unique. Be a part of a company that thinks differently to solve problems, make progress, and deliver meaningful innovations.

The Cardiac and Vascular Group brings all of our cardiac and vascular businesses together into one cross-functional, collaborative operating unit to employ the full breadth of our talent, technologies, products, services, and solutions to address the needs of customers and patients across the globe. Cardiac Rhythm Management offers devices and therapies to treat abnormal heart rhythms, as well as cardiac monitoring solutions.

Be on the frontlines of the emerging area of medical device cybersecurity as an integral member and technical leader within a team responsible for creating, deploying, and monitoring cybersecurity and information security solutions for Medtronic s medical devices and supporting IT infrastructure. Interact with external and internal cybersecurity researchers to identify and remediate vulnerabilities within Medtronic products and systems. Work directly with R&D teams to ensure all relevant security risks are identified and evaluated, and appropriate and well-balanced solutions are implemented. Develop project security management deliverables for regulatory bodies to comply with standards / guidance documents, and successfully communicate cybersecurity technology to customers, regulatory bodies, and other stakeholders.

The Product Security Engineer will be responsible for leading and performing product and device-oriented cybersecurity-related activities ranging from incident response to vulnerability assessments and mitigation implementation. The individual will develop and perform product-level intrusion detection activities and lead product risk assessments in conjunction with product R&D teams and develop and recommend specific security controls for product/system-wide security needs. They will participate in the creation and testing of product security-related requirements and processes, manage security-related deliverables for regulatory bodies, ensuring compliance with key standards/guidance documents, evaluate and test security risks on programs across the entire development lifecycle, including market-released products, and support emerging cybersecurity certification initiatives.

A Day in the Life

Lead and perform product and device-oriented cybersecurity-related activities ranging from incident response to vulnerability assessments and mitigation implementation.

Develop and perform product-level intrusion detection activities.

Lead product risk assessments in conjunction with product R&D teams and develop and recommend specific security controls for product/system wide security needs.

Participate in the creation and testing of product security-related requirements and processes.

Manage security-related deliverables for regulatory bodies, ensuring compliance with key standards/guidance documents.

Evaluate and test security risks on programs across the entire development lifecycle, including market-released products.

Support emerging cybersecurity certification initiatives.

Maintain and update security documentation.

Create and maintain threat models using STRIDE.

Conduct hardware security testing, penetration testing, security risk assessment, and threat intelligence activities.

Analyze security posture and conduct vulnerability assessments.

Conduct penetration testing, fuzz testing, and static code analysis for security vulnerabilities.

Have software product development experience and programming skills in one or more of the following: C, C++, Python, Java, .NET, Go, Ruby, and/or Scala.

Understand national and international laws, regulations, and policies related to regulated medical device cybersecurity, as well as information security practices, risk management processes, cybersecurity principles, and incident response methodologies.

Must Have: Minimum Requirements

• An undergraduate (bachelor's) or graduate degree in computer science, computer engineering, electrical engineering, or similar discipline.
• Experience in product / hardware security testing, penetration testing, security risk assessment, and threat intelligence activities.
• CISSP or similar certification, or sufficient demonstrated experience.
• Formal education in cybersecurity and information assurance.
• Minimum of 10 years of experience with 4 years of technical, cybersecurity-related experience.
• Experience in embedded devices vulnerability assessment, especially medical devices, and Threat Modelling and risk scoring.
• Understanding of national and international laws, regulations, and policies related to regulated medical device cybersecurity.
• Demonstrated understanding of information security practices, risk management processes, cybersecurity principles, and incident response methodologies.
• Experience in analyzing security posture and conducting vulnerability assessments.
• Experience in penetration testing, fuzz testing, and static code analysis for security vulnerabilities.
• Software product development experience and programming skills in one or more of the following: C, C++, Python, Java, .NET, Go, Ruby, and/or Scala.
• Ability to create and maintain threat models using STRIDE.

Nice to Have

• Experience as an analyst, engineer, developer, or architect with core cybersecurity responsibility and knowledge in two or more of the following areas:

o Experience in leading application architecture reviews and threat assessments

o Cloud systems architecture and security

o Enterprise and local network infrastructure security

o Experience in code reviews and/or penetration testing

o Large-scale application architecture and security

o Mobile device application architecture and security

o Risk assessments and cybersecurity regulatory requirements

o Experience in static and dynamic code analysis tools and methodologies

• Medical devices and systems security experience
• Security incident management experience
• Log event management and searching experience (Splunk, Sentinel, or similar)
• In-depth OS systems-level experience within one or more of the following: Linux, Windows, Android, iOS
• Demonstrated understanding of networking (ports/protocols), firewalls, load balancers and IPS
• Expertise in Agile and can work with at least one of the common frameworks
• Experience in Healthcare industry or other heavily regulated industry.
• Understanding of national and international laws, regulations, and policies related to regulated medical device cybersecurity
• Experience with container technologies such as Docker, Kubernetes, Mesos, or Open Container Initiative (OCI)
• Demonstrated ability to develop and grow productive, trusting, and open relationships with a wide variety of constituencies.
• Demonstrated leadership and team work skills
• Demonstrated ability to communicate complexity in a clear manner
• Demonstrated experience interfacing with customers and other external stakeholders regarding cybersecurity system design and behavior
• Demonstrated strong analytical, problem solving skills

About Medtronic
Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology, therapies and services can do to help alleviate pain, restore health and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be.
We want to accelerate and advance our ability to create meaningful innovations - but we will only succeed with the right people on our team. Let s work together to address universal healthcare needs and improve patients lives. Help us shape the future.
Physical Job Requirements

Employement Category:

Employement Type: Full time
Industry: Medical / Healthcare
Role Category: Security ServicesProduction
Functional Area: Not Applicable
Role/Responsibilies: Product Security Engineer II

Contact Details:

Company: Medtronic
Location(s): Hyderabad

+ View Contact

×

Login

Candidates can login here to view contacts and apply.

Sign In Sign Up

Email:

Password:

Password too short

To create your profile, apply for a job or make a registration

Sign In Close

Your name (*)

Email (*)

Mobile (*)

Preferred City (* max. 2 w/comma)

Designation / Expected Role

Current / Recent Company (*)

Experience (*)

0 - 1 Yrs 1 - 2 Yrs 2 - 3 Yrs 3 - 4 Yrs 4 - 5 Yrs 5 - 6 Yrs 6 - 7 Yrs 7 - 8 Yrs 8 - 9 Yrs 9 - 10 Yrs 10 - 11 Yrs 11 - 12 Yrs 12 - 13 Yrs 13 - 14 Yrs 14 - 15 Yrs 15 - 16 Yrs 16 - 17 Yrs 17 - 18 Yrs 18 - 19 Yrs 19 - 20 Yrs 20 - 21 Yrs 21 - 22 Yrs 22 - 23 Yrs 23 - 24 Yrs 24 - 25 Yrs 25 - 26 Yrs 26 - 27 Yrs 27 - 28 Yrs 28 - 29 Yrs 29 - 30 Yrs 30+ Yrs

Expected Salary (*)

Rs 0 - 50K PM Rs 50K - 1 LPA Rs 1.0 - 1.5 LPA Rs 1.5 - 2.0 LPA Rs 2.0 - 2.5 LPA Rs 2.5 - 3.0 LPA Rs 3.0 - 3.5 LPA Rs 3.5 - 4.0 LPA Rs 4.0 - 4.5 LPA Rs 4.5 - 5.0 LPA Rs 5 - 6 LPA Rs 6 - 7 LPA Rs 7 - 8 LPA Rs 8 - 9 LPA Rs 9 - 10 LPA Rs 10 - 12 LPA Rs 12 - 14 LPA Rs 14 - 16 LPA Rs 16 - 18 LPA Rs 18 - 20 LPA Rs 20 - 22 LPA Rs 22 - 24 LPA Rs 24 - 26 LPA Rs 26 - 28 LPA Rs 28 - 30 LPA Rs 30 - 32 LPA Rs 32 - 34 LPA Rs 34 - 36 LPA Rs 36 - 38 LPA Rs 38 - 40 LPA Rs 40 - 42 LPA Rs 42 - 44 LPA Rs 44 - 46 LPA Rs 46 - 48 LPA Rs 48 - 50 LPA Rs 50 - 75 LPA Rs 75 Lakh - 1C PA Rs 1 Crore+ PA

Desired Industry (*):

Accounting / Finance Advertising / MR / PR / Events Agriculture / Dairy Animation / Multimedia Architecture / Interior Design Astrology Automobile / Auto Ancillaries / Auto Components Aviation / Airline / Aerospace / Aeronautical Banking / Financial Services / Broking BPO / Call Center / ITeS Brewery / Distillery Broadcasting Cement / Building Material Chemical / Petro / Plastic / Rubber / Glass Consumer Electronics / Appliances / Durables Courier / Transportation / Freight Defence / Government Education / Teaching / Training Electricals / Switchgears Engineering / Construction / Cement / Metals Environment / Waste Management Export / Import / Trading Facility Management Fertilizers / Pesticides FMCG / Foods / Beverage Food Processing Furnishings / Ceramics / Sanitaryware / Electricals Gems / Jewellery Gifts / Toys / Stationary Government / Departmental Heat Ventilation / Air Conditioning Hotel / Restaurant Industrial Design Industrial Products / Heavy Machinery Insurance Internet / E-Commerce IT - Hardware / Networking IT - Software / Services KPO / Research / Analytics Leather / Leather Products Legal / Courts Logistics / Courier / Transportation Management Consulting / Strategy Manufacturing / Production Matrimony / Matchmaking Media / Entertainment Medical / Healthcare / Hospital Merchant Navy Metal / Iron / Steel MFI - Micro Finance Military / Police / Arms Ammunition Mining / Quarrying NBFC-Non Banking Financial Services NGO / Social Work Office Equipment / Automation Not Mentioned Paint / Art / Sculpture / Craft Paper / Wood Personal Care / Beauty Pharma / Biotech / Clinical Research Politics Power / Energy / Oil / Gas / Petroleum Printing / Publishing / Packaging Quality Certification Real Estate / Property Recruitment Services / RPO Religion / Spirituality Retail Security / Detective Services Semiconductors / Electronics Shipping / Marine Telecom / ISP Textile / Garments / Fashion Travel / Tourism / Hotels / Airlines / Railways Unskilled Labor / Domestic Help Veterinary Science / Pet Care Sports / Fitness / Beauty

Functional area / Department (*):

Accounts / Finance / Tax / CS / Audit Agent / Agency Analytics & Business Intelligence Architecture / Interior Design Banking / Insurance Beauty / Fitness / Spa Services Content / Journalism Corporate Planning / Consulting CSR & Sustainability Engineering Design / R&D Export / Import / Merchandising Fashion / Garments / Merchandising Guards / Security Services Hotels / Restaurants HR / Administration / IR IT- Hardware / Telecom / Technical Staff / Support IT Software - Application Programming / Maintenance IT Software - Client Server IT Software - DBA / Datawarehousing IT Software - E-Commerce / Internet Technologies IT Software - Embedded /EDA /VLSI /ASIC /Chip Des. IT Software - ERP / CRM IT Software - Mainframe IT Software - Middleware IT Software - Mobile IT Software - Network Administration / Security IT Software - Other IT Software - QA & Testing IT Software - System Programming IT Software - Systems / EDP / MIS IT Software - Telecom Software ITES / BPO / KPO / Customer Service / Operations Legal Marketing / Advertising / MR / PR Pharma / Biotech / Healthcare / Medical / R&D Packaging Production / Maintenance / Quality Purchase / Logistics / Supply Chain Sales / BD Secretary / Front Office / Data Entry Self Employed / Consultants Shipping Site Engineering / Project Management Teaching / Education Top Management Ticketing / Travel / Airlines TV / Films / Production Web / Graphic Design / Visualiser Other Areas

Enter Skills (key skills, subjects, technologies & roles to use in search)

Write briefly about yourself, your experience and education (*)

Attach Resume  Max 2.38 MB (RTF, PDF, DOC, DOCX formats only parsed)

Please, check the file size and type.

Add social media [ + ]

Create password

I agree with website service terms and conditions

Sign Up Close

Candidates are expected to provide most recent and accurate profile information, inappropriate content is strictly prohibited!

Keyskills:   firewall networking risk management ids security risk system design customer relations