We anticipate the application window for this opening will close on - 4 Jul 2026

 

At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world.

A Day in the Life

The Sr DevSecOps Engineer defines, implements, and governs secure embedded software platform practices for regulated medical device programs. This role provides technical leadership across CI/CD automation, embedded Linux security, software supply chain controls, vulnerability management, cybersecurity risk analysis, and release evidence generation to support safe, secure, and compliant medical device development.

         

         

The Sr DevSecOps Engineer will join the Embedded OS Platforms Team to lead secure embedded platform enablement for new and existing medical device development programs. The Embedded OS Platforms Team delivers the core software infrastructure and foundational system components that enable operation of the application software. This role is responsible for advancing reusable DevSecOps frameworks, secure software supply chain practices, embedded Linux security capabilities, and cybersecurity lifecycle processes across multiple products.

The successful candidate will serve as a technical lead who partners with software, systems, product security, quality, regulatory, and program teams to deliver secure, maintainable, and compliant platform solutions.

Key Responsibilities

• Define and own the DevSecOps architecture and roadmap for embedded capital equipment platforms, including CI/CD pipelines, build infrastructure, security automation, release evidence, and long-term maintainability.
• Develop and maintain secure embedded platform software, build infrastructure, and reusable automation capabilities.
• Create and support Yocto-based embedded Linux distributions, BSP software, device drivers, hypervisors, and platform-level OS components.
• Establish secure software supply chain practices, including SBOM generation, SOUP/OTS component tracking, license awareness, vulnerability monitoring, end-of-support tracking, and remediation workflows.
• Develop reusable CI/CD templates and pipeline controls for static analysis, software composition analysis, unit test automation, artifact signing, provenance tracking, cybersecurity evidence capture, and release readiness.
• Lead threat modeling and cybersecurity risk analysis for embedded platform components, including asset identification, attack surface analysis, exploitability assessment, security controls, and traceability to risk mitigations.
• Drive CVE intake, enrichment, asset mapping, triage, risk scoring, remediation planning, validation, and reporting in partnership with Product Security, SWQA, Systems, and program teams.
• Design and implement secure boot, firmware signing, cryptographic configuration, key/certificate lifecycle support, authenticated update mechanisms, and secure device communication patterns.
• Define runtime security monitoring requirements and support post-market cybersecurity monitoring and vulnerability response workflows.
• Review reported anomalies, assess cybersecurity impact, and support incident-response activities as needed.
• Support regulatory submissions and audits by ensuring cybersecurity, software lifecycle, and DevSecOps evidence is complete, traceable, reproducible, and aligned with internal quality system expectations.
• Define platform-level OS and BSP maintenance strategies, including Linux kernel support, Yocto release planning, driver update strategy, patchability, and security update governance across the product lifecycle.
• Collaborate with external vendors and internal partners to evaluate security tooling, embedded Linux support models, vulnerability intelligence, penetration testing outputs, and long-term maintenance approaches.
• Provide technical leadership and mentoring to software engineers, DevOps engineers, and platform teams on secure coding, build automation, vulnerability handling, and regulated software development practices.
• Partner with product teams to define platform capabilities that are reusable, secure, testable, and scalable across multiple capital equipment programs.

Technologies & Tools

• AMD Zynq and Zynq UltraScale+ SoCs, NVIDIA ORIN, SafeRTOS, FreeRTOS
• Yocto-based embedded Linux package development
• Embedded hypervisors, Linux device drivers, BSPs, and boot flows
• Custom build systems and CI/CD pipelines
• Docker, Snyk, SonarQube, and software composition analysis tools
• Static analysis, software composition analysis, artifact signing, and vulnerability management tools
• Python, Bash, and Go
• Atlassian tools including Bitbucket, Jira, Bamboo, and Confluence
• GitHub and GitLab
• Networking security, secure boot, firmware signing, and secure update technologies

Minimum Qualifications:

• Bachelor's degree and minimum of 4 years of relevant experience OR Master's degree with a minimum of 2 years relevant experience OR PhD with 0 years relevant experience.

Preferred Qualifications

• Strong experience in embedded Linux platform development for regulated, safety-critical, or high-reliability products.
• Hands-on experience with AMD/Xilinx SoC-based embedded systems, including AMD Zynq 7000 series, Zynq UltraScale+, Kria SOM, and the NVIDIA ORIN platform. Experience with real-time operating systems such as SafeRTOS and QNX Neutrino.
• Experience with Yocto, BSPs, OS layers, kernel configuration, boot flows, device drivers, and embedded platform security.
• Experience developing or governing DevSecOps practices in regulated medical device, safety-critical, aerospace, automotive, or industrial control environments.
• Strong understanding of FDA cybersecurity expectations, IEC 62304, ISO 14971, ISO 13485, SOUP/OTS software management, SBOM practices, and software lifecycle evidence generation.
• Experience implementing security automation in CI/CD pipelines, including SAST, SCA, container scanning, artifact signing, build reproducibility, traceability, and vulnerability reporting.
• Strong experience with threat modeling, vulnerability assessment, cybersecurity risk analysis, and secure-by-design architecture reviews.
• Experience with CVE triage methods that include exploitability, asset exposure, configuration applicability, runtime reachability, known exploited vulnerabilities, and remediation validation.
• Ability to collaborate across hardware, software, systems, product security, quality, regulatory, program management, and product management stakeholders.
• Demonstrated ability to influence cross-functional engineering and leadership decisions without direct authority.
• Experience defining reusable platform practices across multiple products, programs, hardware variants, or software release branches.
• Strong debugging, problem-solving, and root-cause analysis skills.
• Strong technical communication skills with the ability to translate cybersecurity and DevSecOps risks into actionable engineering and leadership decisions.

TECHNICAL SPECIALIST CAREER STREAM: An individual contributor with responsibility in technical functions to advance existing technology or introduce new technology and therapies. Formulates, delivers, and manages projects assigned, and works with stakeholders to achieve desired results. May act as a mentor to colleagues or direct the work of other professionals. The majority of time is spent delivering R&D, systems, or initiatives related to new technologies or therapies from design to implementation while adhering to policies and using specialized knowledge and skills.

Autonomy: Recognized technical leader who works independently under limited supervision to determine and develop approaches to complex solutions. Provides technical direction, coaching, and review for lower-level specialists and may manage complex projects or processes.

Organizational Impact: Responsible for major workstreams, platform capabilities, or processes within the job area. Contributes to completion of work group and cross-functional objectives by building relationships, aligning stakeholders, and driving consensus on technical direction.

Innovation and Complexity: Addresses difficult and complex problems that require understanding of multiple technical domains, product programs, cybersecurity considerations, and regulated software development expectations. Improves processes, systems, tools, and products to enhance performance, maintainability, security, and compliance.

Communication and Influence: Communicates with senior internal and external stakeholders, customers, and vendors. Exchanges information, statuses, ideas, and technical recommendations to influence decision-making and achieve project and organizational objectives.

Leadership and Talent Management: Provides guidance, coaching, and training to employees within the job area. May lead technical workstreams, delegate technical tasks, and review work products to ensure quality, consistency, and alignment with platform objectives.

Required Knowledge and Experience: Requires a Baccalaureate degree and a minimum of 7 years of relevant experience, or an advanced degree with a minimum of 5 years of relevant experience.

For Baccalaureate degrees earned outside of the United States, a degree that satisfies the requirements of 8 C.F.R. § 214.2(h)(4)(iii)(A) is required.

Physical Job Requirements

The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position. 

The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. For Office Roles: While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to interact with a computer, and communicate with peers and co-workers. Contact your manager or local HR to understand the Work Conditions and Physical requirements that may be specific to each role.

U.S. Work Authorization & Sponsorship

At Medtronic, we are committed to fostering an environment where employees can thrive and make a meaningful impact. In alignment with our enterprise-wide workforce planning approach, U.S. work authorization sponsorship (H-1B, TN, J, etc.) is offered exclusively for Principal-level roles and above, where specialized expertise aligns with long-term business needs. Roles below the Principal level require candidates to possess unrestricted U.S. work authorization at the time of hire and for the duration of employment.

Join us in our mission to alleviate pain, restore health, and extend life—where your unique background and perspective are valued.

Benefits & Compensation
 

Medtronic offers a competitive Salary and flexible Benefits Package
A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create.  We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage.
 

Salary ranges for U.S (excl. PR) locations (USD):$124,800.00 - $187,200.00

 

This position is eligible for a short-term incentive called the Medtronic Incentive Plan (MIP).

The following benefits and additional compensation are available to those regular employees who work 20+ hours per week: Health, Dental and vision insurance, Health Savings Account, Healthcare Flexible Spending Account, Life insurance, Long-term disability leave, Dependent daycare spending account, Tuition assistance/reimbursement, and Simple Steps (global well-being program).

 

The following benefits and additional compensation are available to all regular employees: Incentive plans, 401(k) plan plus employer contribution and match, Short-term disability, Paid time off, Paid holidays, Employee Stock Purchase Plan, Employee Assistance Program, Non-qualified Retirement Plan Supplement (subject to IRS earning minimums), and Capital Accumulation Plan (available to Vice Presidents and above, or subject to IRS earning minimums).

 

Regular employees are those who are not temporary, such as interns.  Temporary employees are eligible for paid sick time, as required under applicable state law, and the Employee Stock Purchase Plan. Please note some of the above benefits may not apply to workers in Puerto Rico.

 

Further details are available at the link below:

Medtronic benefits and compensation plans

About Medtronic

We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions.
Our Mission — to alleviate pain, restore health, and extend life — unites a global team of 95,000+ passionate people. 
We are engineers at heart— putting ambitious ideas to work to generate real solutions for real people. From the R&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary.

Learn more about our business, mission, and our commitment to diversity here.

It is the policy of Medtronic to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state or local law. In addition, Medtronic will provide reasonable accommodations for qualified individuals with disabilities.