Principal Product Security Engineer

Location

Secunderabad | India

Job description

As a Principal Product Security Engineer at Medtronic, you will play a pivotal role in safeguarding our medical devices and healthcare solutions. You will be a key member of the Product Security responsible for ensuring the security and privacy of our products. Your expertise will guide us in delivering safe and secure healthcare solutions that meet the highest standards.

Job Responsibilities:

• Lead Security Initiatives: Take the helm in driving security initiatives for our connected enterprise products, embedded systems, and applications
• Compliance: Ensure that our products adhere to relevant security standards and regulations in our industry
• Stay up to date with evolving compliance requirements and work towards compliance
• Responsible for deriving security SOPs, Templates, and work instructions
• Respond to customer queries on product security, analyze and make recommendations
• Proactively follow security framework phases Identify, Protect, Detect, Respond, and recover activities
• Risk Assessment: Collaborate with cross-functional teams to prioritize security testing efforts based on the potential risks associated with vulnerabilities and their impact on our products and customers
• Guidelines Compliance: Collaborate with product teams to ensure adherence to harmonized penetration testing guidelines for all products
• KPI Reporting: Generate and report Key Performance Indicators (KPIs) related to penetration testing results at enterprise, Operating Unit (OU), and product levels
• Secure Development Lifecycle: Promote a culture of security within the organization by integrating security into the product development lifecycle
• Conduct code reviews and work closely with developers to ensure secure coding practices
• Secure Configuration: Oversee the configuration of our products, ensuring that default settings are changed, unnecessary services are disabled, and security patches and updates are applied promptly
• Penetration Testing: Execute penetration testing using manual techniques and security tools such as Burp Suite and Metasploit
• Lab Collaboration: Work closely with lab support and tools support teams to optimize security practices
• Tool Management: Install and configure penetration testing tools when required to enhance security
• Reporting and Knowledge Sharing: Proactively create, share, and review reports as part of penetration testing activities
• Identify and propose new penetration testing methodologies
• Security Testing: Utilize tools like Achilles and other security assessment methodologies to identify vulnerabilities in our products
• Conduct penetration testing and vulnerability scanning to assess software, hardware, and network interfaces
• Access Control: Implement and manage access control mechanisms to restrict unauthorized access to sensitive resources and functions within our products
• Data Encryption: Ensure that data is encrypted both in transit and at rest to protect it from unauthorized access or interception
• Authentication and Authorization: Implement and maintain strong authentication and authorization mechanisms, including multi-factor authentication (MFA) where necessary
• Logging and Monitoring: Establish robust logging and monitoring systems to detect and respond to security incidents in real-time
• Implement intrusion detection systems and analyze logs for anomalies
• Incident Response: Develop and maintain an incident response plan, including procedures for responding to security breaches or the discovery of vulnerabilities
• User Education: Provide training and guidance to users and customers on secure product usage, password management, and the reporting of security issues
• Third-party Assessment: Conduct security assessments of third-party components or services used in our products to ensure they meet our security standards
• Continuous Improvement: Stay updated on emerging security threats and vulnerabilities
• Regularly update and patch our products to address new security challenges
• External Audits: Collaborate with external security experts for independent security assessments and audits of our products

Desired Technical Skills/Experience:

Security Technologies: Sound knowledge of security technologies and techniques including Cryptography, Algorithms, PKI (Public Key Infrastructure), OAuth, 2-factor authentication, and embedded authentication.
Hands on experience in security risk management, aligned with overall product risk management process.
Knowledge on Standards and processes ISO 14791, ANSI/AAMI, TIR 57, IEC 62304 and ISO/IEC 80001-0, FDA, EU MDR and other regulatory guidelines
Experience in writing the SOP,
Review security implementation plan, security summary and Security risk summary.
Strong System Engineering knowledge and Threat Modeling
Security vulnerability assessment, CVSS scoring pre and post market releases.
Security by Design: Familiarity with security by design principles and architecture-level security concepts.
Penetration Testing: Hands-on experience with penetration testing methodologies, tools, security analysis, audits, and reviews.
Information System Security: Knowledge of information system architecture and security controls, including firewall and border router configurations, wireless architectures, and specialized appliances.
Security Threats: Understanding of current and emerging security threats and techniques for exploiting vulnerabilities, as well as exposure to international privacy requirements and cross-industry trends.
Agile Methodologies: Experience with SAFe/Agile methodologies for software development.
Desired Industry Exposure: Exposure to the healthcare IT or medical device industry is a plus.
Cloud Security (Optional): Strong understanding of AWS and Azure environments and their security considerations.

Teamwork: Demonstrated skill working as part of a team, collaborating, and supporting peers in a fast-paced environment.
Motivation: Self-motivated with the drive to solve challenging problems and motivate others to higher levels of performance and engagement.
Continuous Learning: A strong desire and aptitude for continuous learning and staying updated on new and emerging technologies.

Teamwork: Demonstrated skill working as part of a team, collaborating, and supporting peers in a fast-paced environment.
Motivation: Self-motivated with the drive to solve challenging problems and motivate others to higher levels of performance and engagement.
Continuous Learning: A strong desire and aptitude for continuous learning and staying updated on new and emerging technologies.

Nice to Have

Experience with vulnerability or incident management activities
Security Certifications (ie CISSP, CEH, CISA, CISM, Security+, GSEC, OSCP, etc)
Participation in incident management and systems troubleshooting.
Familiarity of embedded environments, vulnerability scanning tools, and common attack routes
Capability to research and evaluate emerging technologies
Knowledge of the medical device industry
Security certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) is a plus.

Leadership Abilities:

Strategic Planning: Demonstrated ability to strategize and execute security programs.
Global Product Releases: Proven experience with global product releases throughout the product introduction cycle.
Communication: Clear communicator with strong written and oral communication skills.
Problem Solving: A self-starter and problem solver with results-oriented and multitasking capabilities.
Mentoring: Ability to mentor and coach future Product Security technical leaders and professionals.

Qualifications and skills

Education: Bachelors degree in Computer Science or a related field, or equivalent demonstrated experience and knowledge.
Total 15 Years of experience and a minimum of 10 years of technical experience working with cybersecurity architecture, product security engineering or a related role.
Proficiency in security testing tools.
Strong knowledge of security best practices, standards, and regulations in Medical Devices
Hands-on experience with secure coding practices and code reviews.
Familiarity with encryption, authentication, access control, and incident response.
Excellent communication skills and the ability to collaborate with cross-functional teams

Job tags

Salary