Job Description

Careers that Change Lives

The Vulnerability Management team, is responsible for monitoring, assessing impact, and coordinating Medtronic's response to security vulnerabilities that could impact our medical device products. This team owns the Coordinated Vulnerability Disclosure Program.

The Senior Product Security Vulnerability Engineer contributes to the vulnerability intelligence program and assists with the coordinated disclosure work at Medtronic. This role will collaborate with a diverse set of stakeholders to intake and assess vulnerabilities, determine their relevance to MDT products, and disposition the communication of these vulnerabilities, to key stakeholders. Familiarity of embedded systems, security environments, authoritative sources of vulnerability data, security scanning tools, and common attack vectors is important. Reporting to Enterprise Quality, members of this team will consult with product development and support organizations, communications, regulatory and quality functions.

A Day in the Life

• Work with other senior team members to support the established Coordinated Vulnerability Disclosure Program, found at www.medtronic.com/security
• Help with the CVE Numbering Authority Program
• Assess and understand security risk across medical devices
• Route vulnerabilities to key development staff for awareness and evaluation
• Assist product teams with hands-on product security vulnerability assessments of existing products
• Coordinate with various functions (R&D, Quality, Regulatory, Legal, Communications, etc.) to understand vulnerability risks in products
• Comply with all MDT Global Complaint Handling activities to ensure that complete records are kept of all product security vulnerability signals
• Contribute to company standards and policies related to product security vulnerability identification, tracking, and communication.
• Help educate and inform parties throughout the organization on the importance of vulnerability disclosure
• Track key metrics on vulnerability identification, communication, and mitigation
• Escalate product security issues as appropriate
• Show creativity and innovation in all aspects of your responsibilities
• Support ad hoc Product Security Office campaigns and initiatives

Responsibilities may include the following and other duties may be assigned.

• Experience with vulnerability or incident management activities
• Security Certifications (i.e. CISSP, CEH, CISA, CISM, Security+, GSEC, OSCP, etc.)
• Performs security assessments of company products that may include vulnerability and risk assessments, threat analysis, and security code reviews to identify potential design and implementation vulnerabilities.

• Provides product security engineering recommendations and resolves integration and testing issues.
• Builds a standardized set of security product requirements and produces metrics to report performance against those requirements.
• Reviews and defines security diagnostics and tools to facilitate the analysis and reporting of security events.
• Detects and mitigates security risks, responds to product security incidents, and works with customers regarding product security related issues.
• Leads or participates in security architecture and design review meetings

Must Have: Minimum Requirements

Bachelors degree in Engineering, Science or technical field with 12 -15 years of experience in engineering and/or product security

Nice to Have

• Participation in incident management and systems troubleshooting
• Occasional after-hours availability to accommodate different regional and global partners
• Familiarity of embedded environments, vulnerability scanning tools, and common attack routes
• Strong technical and troubleshooting skills
• Capability to research and evaluate emerging technologies
• Innovative thinker with the ability to think outside of the current norms and processes
• Knowledge of the medical device industry
• Demonstrated ability to be flexible
• Excellent written and verbal communication skills
• Experience working in a highly regulated industry

About Medtronic

Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology, therapies and services can do to help alleviate pain, restore health and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be.

We want to accelerate and advance our ability to create meaningful innovations - but we will only succeed with the right people on our team. Let's work together to address universal healthcare needs and improve patients' lives. Help us shape the future.

Physical Job Requirements

The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. For Office Roles: While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to interact with a computer, and communicate with peers and co-workers.

Additional Information

• Posting Date: Oct 27, 2022
• Travel: Yes,