Product Security Engineer Ii - Application Security, Sast, Dast

Job Description

Travel

Yes, < 25 % of the TimeCareers that Change Lives

Summary of Position:

The Product Security Engineer position will provide Product Security support and leadership within the ENT OU products and solutions. Specifically, the candidate will support and drive the integration of Information Security in the ENT programs, to ensure that patient safety and information security are never compromised. The candidate will work cross-functionally with the R&D teams to ensure that:
• ENT solutions are architected and designed for the highest level of security,
• Relevant security risks are identified and evaluated
• Engineering decisions are made to support security.
• Solutions released comply to the latest regulatory or standard requirements

The candidate will execute the development and testing of security requirements, security processes & procedures and project / Product Security artifacts as part of the Product Security Engineering team. The candidate will be responsible to develop, maintain and review project security management deliverables for regulatory bodies to comply with standards/guidance documents, and communicate with regulatory bodies as required by the program.

The candidate will be part of a cross-functional team of security experts within the Medtronic organization to create, improve and implement security design/ testing best practices and will be the interface with the Medtronic security council.

This position has the responsibility and authority to apply extensive technical expertise towards software solutions of complex technical problems and provides solutions that require the regular use of ingenuity and creativity. Work is performed without appreciable direction and with considerable latitude in determining technical objectives of the assignment.

Position Responsibilities:

The Product Security Engineer is responsible for providing leadership in the development of secured products used in the medical field. Specific tasks include:

• Execute Product Security-related activities throughout the lifecycle of ENT solutions. This includes but not limited to:
o security requirements definition, flow down and verification, security design architecture at system and implementation through products,
o risk management activities to identify areas where a development project must implement specific security controls and recommendations for system-wide security enhancements, risk assessment and mitigation plans for market –released products.
• Assist in the development of security-related abuse cases to identify security risks.
• Identify options for mitigating security-related risks, and assist the Systems Engineering team in evaluating these options.
• Support security activities in communications with regulatory bodies.
• Contribute to Medtronic’s understanding of current industry best practices and how they can be applied to ENT Products.
• Applies advanced technical principles, theories and concepts. Support across the ENT organization the development of processes, best practices leading to improve ENT OU’s position as it relates to Information and Product security.
• Works under consultative direction toward long range goals and objectives.
• Develops advanced technical ideas and guides their development into final product.
• Lead / Coordinate / Execute/ Assist activities to sustain/ develop organic or inorganic security testing capabilities in alignment with Medtronic testing strategies.
• Maintains a high level of technical knowledge on security.
• Automating the running of the vulnerability scans, the report creation,
• Creating, managing/maintaining a database of vulnerabilities by product line mapping to CVE
• Performs duties in compliance with environmental, health and safety related site rules, policies or governmental regulations.
• Champion consistent implementation of the Quality System across projects

Must Have Skills and Experience: • Application software development experience • Software test experience • Strong expertise in scripting languages such as Python or Unix Shell, JSON • Strong expertise in using Excel and generating reports. Education Required: • B.E./B. Tech in Computer Science or similar Engineering discipline. Years of Experience: • 8+ years of software development experience with B.E./B.Tech. • 4+ years of software development experience with M.E./M.Tech. Preferred Skills and Qualifications: • Knowledge of programming preferably in C++ • Experience with Product Security / information security • Experience with Risk Management and Systems Engineering processes. • Experience analyzing and documenting requirements • Experience in developing threat model for products • Strong understanding of product and system security aspects • Hands on experience on pentest and using security assessment tools at code, system and network-level • Knowledge on secure authentication, authentication and encryption mechanisms to implement in design and code • Knowledge of assessment and vulnerability ranking tools such as NIST and CVSS Knowledge of cybersecurity and data privacy is preferred, but not mandatory • Well-versed in at least one of the programming languages like Java, PHP, Python, Ruby, and Perl • Possess knowledge of AWS, Docker, Kubernetes, and how to implement developer tools such as GitHub and Dependency management • Strong oral and written communication skills. • Ability to work in a team environment. PHYSICAL JOB REQUIREMENTS: Physical capabilities to perform the job • The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. • While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to use a computer, and communicate with peers and co-workers. WORK ENVIRONMENT: The work environment characteristics described here are representative of those an employee encounters while performing the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. The above description is intended to describe the general content, identify the essential functions of, and requirements for the performance of this job. It is not to be construed as an exhaustive statement of duties, responsibilities or requirements
About Medtronic
Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology, therapies and services can do to help alleviate pain, restore health and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be.
We want to accelerate and advance our ability to create meaningful innovations - but we will only succeed with the right people on our team. Let’s work together to address universal healthcare needs and improve patients’ lives. Help us shape the future.
Physical Job Requirements
The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. For Office Roles: While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to interact with a computer, and communicate with peers and co-workers. Contact your manager or local HR to understand the Work Conditions and Physical requirements that may be specific to each role. (ADA-United States of America). #MEICNSJOBS