Medtronic is looking for a Principal Software Systems Engineer to lead the creation, assessment, and delivery of secure, scalable, and innovative applications that empower patients and healthcare providers to connect and deliver care anytime, anywhere. This role focuses on ensuring the security and compliance of enterprise-grade health applications, diagnostics, therapy analytics, and real-time alerting systems within the Diabetes business division.
Requirements
- Perform security static code analysis (SCA / SAST) using Fortify tool on source code.
- Execute scans for SOUP analysis of the different CareLink products, using tool such as BlackDuck.
- Reviewing and updating Threat Models and Cybersecurity Risk Assessment (CRA) reports as needed.
- Update security (CRM) reports for the different CareLink products for each CareLink release.
- Conduct ad-hoc testing to validate pen test findings and mitigations. Need to proficient in using tool such as BurpSuite, Postman, etc.
- Provide environment readiness, API endpoints documentation, application data flow, intended functionalities, type of roles, and input parameters.
- Experience with APIs and data platforms, familiarity with JSON and YAML data formats
Responsibilities
- Lead the creation, assessment, and delivery of secure CareLink applications, ensuring compliance with rigorous medical device software standards while operating at the “speed of consumers.”
- Review release changes, conduct thorough security assessments, perform source code and open-source security scans, coordinate penetration testing, and maintain critical security documentation such as Threat Models, Cybersecurity Risk Assessments, and FedRAMP compliance artifacts.
- Collaborate across development, product security, and external testing teams to identify and mitigate vulnerabilities using tools such as Fortify, BlackDuck, BurpSuite, and Postman.
- Review the scope of changes (ESFs, Jira tickets, Dev discussions) for CareLink releases.
- Complete security assessments of the changes for CareLink releases.
- Perform security static code analysis (SCA / SAST) using Fortify tool on source code.
- Execute scans for SOUP analysis of the different CareLink products, using tool such as BlackDuck.
Other
- Bachelor's degree with a minimum of 7 years of related experience or an Advanced degree with a minimum of 5 years of related experience
- Strong organization acumen with the ability to communicate effectively to non-technical audiences
- Deep expertise in software test methodologies, quality standards/metrics
- Experience in a regulated environment
- The offered rate complies with federal and local regulations and may vary based on factors such as experience, certification/education, market conditions, and location.
