We anticipate the application window for this opening will close on - 30 Apr 2026

At MiniMed, you can begin a lifelong career of exploration and innovation, while helping make a difference in the lives of people living with diabetes around the globe. You'll lead with purpose, breaking down barriers to innovation for a more connected, compassionate world.

About the Role

The Cloud Product Cybersecurity Engineer is responsible for integrating cybersecurity into the design, development, manufacturing, and lifecycle management of Minimed’s therapy management systems and connected healthcare technologies.

This role partners with R&D, software engineering, regulatory affairs, quality assurance, and enterprise security teams to ensure products are designed and maintained with strong security controls and comply with applicable FDA cybersecurity guidance, ISO 27001, NIST, and other cybersecurity frameworks.
The engineer will support secure product architecture, threat modeling, vulnerability management, and secure software development practices while ensuring medical device cybersecurity risks are effectively identified, assessed, and mitigated.

Responsibilities may include the following and other duties may be assigned.

Secure Product Development

• Embed cybersecurity requirements into the medical device product lifecycle (SDLC).

• Define and implement secure design principles for cloud-based software as a medical device and non-medical cloud products.

• Conduct secure architecture reviews for new products and product updates.

• Partner with engineering teams to integrate security into DevOps / DevSecOps pipelines.

• Configure and maintain Cloud Monitoring and CNAPP platforms on cloud products.

• Define and enforce secure baseline standards for Amazon Machine Images (AMIs)

• Ensure all AMIs include hardened OS configurations, EDR agents, logging, and telemetry configurations aligned with SOC monitoring requirements

• Establish secure container base image standards (minimal OS, distroless, hardened images)

• Enforce runtime security controls across Kubernetes/ECS environments

Threat Modeling & Risk Management

• Conduct threat modeling exercises for medical device architectures.

• Perform cybersecurity risk assessments aligned with recognized risk management processes.

• Identify attack surfaces including:

• Mobile or cloud applications

• Network integrations

• Develop mitigation strategies and security control recommendations.

Vulnerability Management

• Coordinate product vulnerability scanning and penetration testing.

• Manage vulnerabilities in accordance with coordinated vulnerability disclosure (CVD) processes.

• Assess vulnerability impact on deployed medical devices.

• Work with engineering teams to develop secure patches and remediation plans.

• Support vulnerability intelligence monitoring (e.g., CVE, NVD, ICS-CERT advisories).

Security Testing & Validation

• Conduct static and dynamic code analysis

• Support penetration testing and red-team activities

• Validate device security controls including:

• authentication mechanisms

• encryption implementations

• network protections

• Container build time and runtime scans

• Ensure security controls are validated during verification and validation (V&V) processes.

Security Monitoring & Incident Response

• Support product security monitoring capabilities for connected devices.

• Assist in investigating potential product cybersecurity incidents.

• Participate in post-market surveillance and vulnerability response processes.

• Collaborate with enterprise SOC teams when product threats intersect with corporate infrastructure.

Cross-Functional Collaboration

Work closely with:

• Product Engineering

• Privacy and Compliance Teams

• Security Operations

• Cloud and Infrastructure Security teams

The role ensures enterprise security capabilities are leveraged to protect products, while maintaining separation between enterprise IT security and product security requirements.

Required Knowledge and Experience:

Requires a Bachelors degree and minimum of 7 years of relevant experience, or advanced degree with a minimum of 5 years relevant experience.

Preferred Experience:

• Degree in Computer Science, Cybersecurity, Electrical Engineering, Software Engineering, or related field

• 7+ years in cybersecurity engineering, application security, or embedded security

• Experience working with embedded systems or IoT devices

• Experience with secure software development lifecycle (SSDLC)

• Secure coding practices (C/C++, Python, Java, or similar)

• Network security protocols (TLS, VPN, secure communication)

• Cryptographic implementations

• Threat modeling methodologies

• Security testing tools (SAST, DAST, fuzzing)

• Vulnerability management and remediation

• Experience with SBOM generation tools

• Familiarity with healthcare interoperability standards (HL7, FHIR, DICOM)

• CISSP, CSSLP, GIAC GICSP, CEH, and/or Certified Medical Device Cybersecurity Professional

The base salary range is applicable across the United States, excluding Puerto Rico and specific locations in California. The offered rate complies with federal and local regulations and may vary based on factors such as experience, certification/education, market conditions, and location. Compensation and benefits information pertains solely to candidates hired within the United States (local market compensation and benefits will apply for others).

Physical Job Requirements

The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position.

The physical demands described within the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential functions. For Office Roles: While performing the duties of this job, the employee is regularly required to be independently mobile. The employee is also required to interact with a computer and communicate with peers and co-workers. Contact your manager or local HR to understand the Work Conditions and Physical requirements that may be specific to each role.

Benefits & Compensation

MiniMed offers a competitive salary and flexible benefits package

At MiniMed, we put people first. A commitment to our employees lives at the core of our values: We recognize their contributions. They share in the success they help create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every stage of your career and life.

Salary ranges for U.S (excl. PR) locations (USD):$150,400.00 - $225,600.00

This position is eligible for a short-term incentive called the Short Term Incentive (STI).

At MiniMed, we are committed to supporting the well-being and financial security of our employees. Regular employees working 20 or more hours per week are eligible for a robust benefits package, including health, dental, and vision insurance, as well as access to a Health Savings Account, Healthcare Flexible Spending Account, life insurance, long-term disability leave, and a dependent daycare spending account. In addition, all regular employees enjoy incentive plans, a 401(k) plan with company match, short-term disability coverage, paid time off and holidays, participation in our Employee Stock Purchase Plan, and access to our Employee Assistance Program. Eligible employees may also benefit from our Non-qualified Retirement Plan Supplement and Capital Accumulation Plan, subject to IRS minimum earnings requirements. Please note that “regular employees” refers to those who are not temporary staff, such as interns, and some benefits may not apply to employees in Puerto Rico.

MiniMed Benefits Overview

About MiniMed

MiniMed is a full-stack insulin delivery company dedicated to supporting people living with diabetes through every step of their journey — when and how they need it. For more than 40 years, we’ve been committed to redefining what’s possible: intelligent dosing systems designed for real life, predictive insights that stay a step ahead, and always on support when it’s needed most. At the heart of everything we do is a simple Mission: to make every day a better day for people with diabetes.

It is the policy of MiniMed to provide equal employment opportunity (EEO) to all persons regardless of age, color, national origin, citizenship status, physical or mental disability, race, religion, creed, gender, sex, sexual orientation, gender identity and/or expression, genetic information, marital status, familial status, membership or activity in a local human rights commission, status with regard to public assistance, veteran status, or any other characteristic protected by federal, state, or local law. In addition, MiniMed will provide reasonable accommodations for qualified individuals with disabilities.

If you are applying to perform work for MiniMed in any position which will involve performing at least two (2) hours of work on average each week within the unincorporated areas of Los Angeles County, you can find here a list of all material job duties of the specific job position which MiniMed reasonably believes that criminal history may have a direct, adverse and negative relationship potentially resulting in the withdrawal of a conditional offer of employment. MiniMed will consider for employment qualified job applicants with arrest or conviction records in accordance with the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act.