Medtronic
Location
Secunderabad | India
Job description
The Product Security Engineer position will provide Product Security support and leadership within the ENT OU products and solutions. Specifically, the candidate will support and drive the integration of Information Security in the ENT programs, to ensure that patient safety and information security are never compromised. The candidate will work cross-functionally with the RD teams to ensure that:
ENT solutions are architected and designed for the highest level of security,
Relevant security risks are identified and evaluated
Engineering decisions are made to support security.
Solutions released comply to the latest regulatory or standard requirements
The candidate will execute the development and testing of security requirements, security processes procedures and project / product security artifacts as part of the Product Security Engineering team. The candidate will be responsible to develop, maintain and review project security management deliverables for regulatory bodies to comply with standards/guidance documents, and communicate with regulatory bodies as required by the program.
The candidate will be part of a cross-functional team of security experts within the Medtronic organization to create, improve and implement security design/ testing best practices and will be the interface with the Medtronic security council.
This position has the responsibility and authority to apply extensive technical expertise towards software solutions of complex technical problems and provides solutions that require the regular use of ingenuity and creativity. Work is performed without appreciable direction and with considerable latitude in determining technical objectives of the assignment.
Position Responsibilities:
The Product Security Engineer is responsible for providing leadership in the development of secured products used in the medical field. Specific tasks include:
Execute product security-related activities throughout the lifecycle of ENT solutions. This includes but not limited to:
o security requirements definition, flow down and verification, security design architecture at system and implementation through products,
o risk management activities to identify areas where a development project must implement specific security controls and recommendations for system-wide security enhancements, risk assessment and mitigation plans for market -released products.
Assist in the development of security-related abuse cases to identify security risks.
Identify options for mitigating security-related risks, and assist the Systems Engineering team in evaluating these options.
Support security activities in communications with regulatory bodies.
Contribute to Medtronic s understanding of current industry best practices and how they can be applied to ENT Products.
Applies advanced technical principles, theories and concepts. Support across the ENT organization the development of processes, best practices leading to improve ENT OU s position as it relates to Information and Product security.
Works under consultative direction toward long range goals and objectives.
Develops advanced technical ideas and guides their development into final product.
Lead / Coordinate / Execute/ Assist activities to sustain/ develop organic or inorganic security testing capabilities in alignment with Medtronic testing strategies.
Maintains a high level of technical knowledge on security.
Automating the running of the vulnerability scans, the report creation,
Creating, managing/maintaining a database of vulnerabilities by product line mapping to CVE
Performs duties in compliance with environmental, health and safety related site rules, policies or governmental regulations.
Champion consistent implementation of the Quality System across projects.
Must Have Skills and Experience:
Application software development experience
Software test experience
Strong expertise in scripting languages such as Python or Unix Shell, JSON
Strong expertise in using Excel and generating reports.
Education Required:
B.E./B. Tech in Computer Science or similar Engineering discipline.
Years of Experience:
8+ years of software development experience with B.E./B.Tech.
4+ years of software development experience with M.E./M.Tech.
Preferred Skills and Qualifications:
Knowledge of programming preferably in C++
Experience with Product Security / information security
Experience with Risk Management and Systems Engineering processes.
Experience analyzing and documenting requirements
Experience in developing threat model for products
Strong understanding of product and system security aspects
Hands on experience on pentest and using security assessment tools at code, system and network-level
Knowledge on secure authentication, authentication and encryption mechanisms to implement in design and code
Knowledge of assessment and vulnerability ranking tools such as NIST and CVSS Knowledge of cybersecurity and data privacy is preferred, but not mandatory
Well-versed in at least one of the programming languages like Java, PHP, Python, Ruby, and Perl
Possess knowledge of AWS, Docker, Kubernetes, and how to implement developer tools such as GitHub and Dependency management
Strong oral and written communication skills.
Ability to work in a team environment.
Job tags
Salary
