Sr. Product Security Engineer – Neuroscience. Across our global Neuroscience organization, we advance care for some of medicine's most complex neurological and spinal conditions. By combining innovative technology, data-driven insights, and deep clinical expertise, we partner with physicians and health systems to improve how patients are treated and supported throughout their care journey. Our Neuromodulation operating unit delivers advanced therapies for chronic pain, movement disorders, and nervous system conditions, offering spinal cord stimulation, deep brain stimulation, and targeted drug delivery. Through proven technology, clinical evidence, and continuous innovation, we provide personalized solutions that restore function and enhance quality of life. Check us out on LinkedIn: Medtronic Brain Modulation and Pain Interventions. Our Pelvic Health Operating Unit advances care for patients living with bladder and bowel control conditions through targeted, minimally invasive neuromodulation therapies, including sacral and tibial solutions. Designed to modulate nerve pathways and restore communication between the brain and pelvic floor, these programmable therapies deliver personalized treatment supported by strong clinical evidence and long-term outcomes, helping improve confidence, independence, and quality of life. Check us out on LinkedIn: Medtronic Pelvic Health. Onsite. At Medtronic, we bring bold ideas forward with speed and decisiveness to put patients first in everything we do. We’re working onsite 4 days a week at our Minnesota Rice Creek East facility, to drive performance, foster an environment of belonging, and collaborate to inspire as we engineer the extraordinary. At Medtronic, we're driven by our Mission to alleviate pain, restore health, and extend life for millions of people around the world through innovative biomedical devices and solutions. Our people are the foundation of that mission, and together with the Medtronic mindset, we pursue continuous innovation to breach new frontiers of biomedical research. As global connectivity increases, the complexity and security challenges associated with protecting devices, infrastructure, patients, and sensitive data also grow. The Sr. Product Security Engineer is responsible for designing advanced cybersecurity architectures and effective procedural frameworks to support cyber resilience throughout the product life cycle. The primary responsibilities include overseeing all phases of the cyber security life cycle of medical devices. These include proactive initiatives to identify, model, and evaluate cyber security threats, define security measures to mitigate those threats, develop robust implementation strategies, and rigorous verification and validation mechanisms. Proactively engage with cross-functional development teams and prepare reports meeting quality and regulatory requirements. Key Responsibilities:In general, the Sr. Product Security Engineer is responsible for, but not limited to, the following tasks:Product Security – Implement security requirements across the medical device development lifecycle by collaborating with teams to uphold best practices from design to deployment. Risk Assessment – Conduct threat modeling and vulnerability assessments to identify and mitigate security risks throughout the product lifecycle. Security Architecture – Support the design and deployment of secure medical devices by implementing features like secure boot, communications, data protection, updates, integration, and access controls. Web and Cloud Security – Implement and mature the digital health platform architecture to meet customer expectations and enable development of digital solutions across Neuromodulation and Pain & Hypertension, including PH My Future, Insights Dashboard, Remote Monitoring, Remote Programming, and the DBS Brain. Sense Portal. Define and execute surveillance strategy across web applications and cloud native platforms. Security Standards & Compliance – Implement and maintain security policies for medical devices following industry standards like NIST, ISO 27001, and IEC 81001-5-1. Regularly assess compliance and work with development teams to improve security practices. Stay updated on cybersecurity trends in medical devices and health software. Work with others to improve security strategies and apply best practices. The successful candidate will have:Previous experience as a cyber security engineer for cloud security products in a regulated industry. Experience in cybersecurity, threat modeling, security incident management, and contributing to proactive security strategies. Hands-on experience in cyber security architecture, cloud security, and cryptography. Experience working in agile software development teams. Minimum Requirements:Bachelor's degree in Computer Science or a related field with 4 years of experience in cyber security, embedded systems security, IoT security, IT security, or a related role. Advanced degree in Computer Science or a related field with significant academic work in cyber security and 3 years of experience in a related role. Preferred — Experience with medical devices or regulated industries. Technical Skills:Strong understanding of cyber security concepts and frameworks (e.g. NIST, OWASP)Familiarity with security standards such as ISO 27001, ISO 14971, or HITRUST - Working knowledge of secure software development lifecycle (SDLC) principles and Dev. Sec. Ops. Strong understanding of advanced cryptography, Hardware Security Module concepts, and secure key generation and management. Soft Skills:Proactive communication skills to identify, present, and persuade leadership on cyber security risks. Strong problem-solving and analytical skills. Ability to collaborate effectively in cross-functional teams. Certifications (Preferred):Comp. TIA Security , CISSP, CISM, or similar security certifications. For Baccalaureate degrees earned outside of the United States, a degree that satisfies the requirements of 8 C. F. R. § 214.2(h)(4)(iii)(A) is required. Physical Job Requirements. The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position.