Principal Product Security Engineer

We anticipate the application window for this opening will close on - 13 Mar 2026.

At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world.

The Principal Product Security Engineer acts as the product security lead for the AC&M R&D organization to ensure compliance with pre and post-market cybersecurity expectations, help deliver secure, robust products to the marketplace and keep them secure through their entire lifecycle. They are responsible for leading cybersecurity activities on projects and ensuring that R&D teams have the cybersecurity-focused tools and knowledge needed to do their jobs effectively.

• Must be willing to work locally from our office in Lafayette, Colorado (On-Site 4 days/week)
• Act as point person for the AC&M organization on product security, taking accountability for the organization’s security posture
• Answer questions related to product security during internal and external audits
• Maintain the product security Confluence site and organize documentation related to product security
• Establish and lead implementation of roadmap of goals for product security team and organization
• Organize day-to-day activities of the product security team members and lead standups
• Provide mentorship and guidance to junior and senior product security engineers
• Support definition of roles and responsibilities for product security
• Provide guidance to R&D project teams on security controls and assist with security-focused design and code reviews
• Collaborate with the Medtronic Product Security Office and other R&D organizations to ensure alignment
• Collaborate with project teams to create, review, and maintain threat models
• Assist project teams with creating security architecture diagrams
• Assist project teams with performing and documenting security risk assessments
• Evaluate project deliverables for compliance with security-related standards and guidance
• Assist with creation of MDS2 forms and answering product security questions from customers
• Assist project teams with executing and reviewing results from SAST and DAST tools
• Capture metrics to measure the organization’s security posture
• Respond to product security incidents and work with customers on security-related issues
• Provide security training and documentation to the R&D organization as needed
• Assist project teams with building and reviewing SBOMs
• Assist project teams with analyzing vulnerabilities identified by penetration testing and SBOM analysis

MUST HAVE: MINIMUM REQUIREMENTS

• Bachelor’s Degree

• 7+ years of cybersecurity experience with a bachelor's degree
• 5+ years of cybersecurity experience with a master's degree

• Ability to work in a team-oriented environment
• Experience working in an agile environment
• Knowledge of cybersecurity standards, including IEC 81001-5-1
• Knowledge of FDA pre and post-market cybersecurity guidance
• Ability to navigate and align with Regulatory, Quality, and other cross functions.
• Superb written and oral communication skills
• Experience working in medical device space
• Experience communicating with external stakeholders, such as auditors and customers
• Experience with vulnerability monitoring software, such as Dependency-Track
• Experience with threat modeling tools, such as Microsoft Threat Modeling Tool
• Experience with penetration testing, SAST, and DAST tools

• A valid cybersecurity certification, such as CISSP, CSSLP, CISM, CySA+ or Security+

The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position.

The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully…