At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world.

A Day in the Life

As a Senior Attack Surface Reduction Specialist, you will play a critical role in developing and executing strategies to minimize the potential points of attack across the organization's technology infrastructure. You will lead efforts to identify vulnerabilities, reduce exposure, and enhance the security posture of both on-premises and cloud environments. This senior-level position demands a deep understanding of cybersecurity, extensive experience with threat management, and a strong focus on proactive defense strategies.

• Lead the design, implementation, and continuous improvement of attack surface reduction strategies across the organization’s IT assets.
• Develop and enforce security policies, processes, and standards to mitigate risk across the attack surface.
• Collaborate with senior leadership and cross-functional teams to integrate attack surface reduction principles into the overall security strategy.

Responsibilities may include the following and other duties may be assigned.

• Direct the creation of policies, standards, and procedures for network and information security, ensuring compliance with industry best practices.
• Oversee the implementation of security controls and technologies (e.g., firewalls, intrusion detection systems, endpoint protection, DLP, etc.) to enhance the organization’s overall cyber defense posture.
• Lead a team of cybersecurity professionals to implement defensive measures, conduct incident response, and mitigate potential risks.
• lead efforts to identify and assess vulnerabilities in network, infrastructure, and applications using a variety of vulnerability scanning tools.
• Perform risk-based prioritization of vulnerabilities based on business impact, exploitability, and criticality.
• Collaborate with internal teams (IT, DevOps, Security, etc.) to ensure timely and effective remediation of identified vulnerabilities.
• Track remediation efforts, ensuring that vulnerabilities are patched or mitigated according to defined timelines.
• Develop risk mitigation plans for unpatchable vulnerabilities and coordinate with stakeholders on alternative risk controls.
• Prepare and deliver detailed vulnerability reports to senior management, business stakeholders, and compliance auditors.
• Provide recommendations for mitigating high-risk vulnerabilities and improving overall security posture.
• Regularly update leadership on the status of the vulnerability management program, key risks, and progress on remediation efforts.
• Continuously evaluate and improve vulnerability management processes, tools, and methodologies to enhance efficiency and effectiveness
• Advocate for and implement automation of vulnerability scanning, reporting, and remediation workflows to reduce manual effort and increase operational scalability.
• Ensure vulnerability management activities align with internal security policies, industry standards, and regulatory requirements (e.g., GDPR, HIPAA, NIST, CIS).
• Participate in audits and assessments related to vulnerability management and report findings to appropriate stakeholders.
• Maintain records and documentation of vulnerability management activities for compliance purposes.
• Partner with other security teams (e.g., Incident Response, Threat Intelligence, Risk Management) to enhance vulnerability management processes.
• Engage with external vendors, service providers, and threat intelligence organizations to stay ahead of emerging vulnerabilities and threats.
• Manage and refine vulnerability scanning and assessment processes to ensure comprehensive coverage.

As a Senior Attack Surface Reduction Specialist, you will play a critical role in developing and executing strategies to minimize the potential points of attack across the organization's technology infrastructure. You will lead efforts to identify vulnerabilities, reduce exposure, and enhance the security posture of both on-premises and cloud environments. This senior-level position demands a deep understanding of cybersecurity, extensive experience with threat management, and a strong focus on proactive defense strategies.

• Lead the design, implementation, and continuous improvement of attack surface reduction strategies across the organization’s IT assets.
• Develop and enforce security policies, processes, and standards to mitigate risk across the attack surface.
• Collaborate with senior leadership and cross-functional teams to integrate attack surface reduction principles into the overall security strategy.

Minimum Qualifications

• 7+ years of experience
• Experience in risk management, risk assessments, and risk prioritization
• Strong understanding of Cyber Security NIST frameworks
• Strong communication skills to upper management and leadership
• Strong ability to collaborate with other IT organizations and business partners
• Experience managing a third-party vendor contracts
• Expert in agile work processes

Preferred Qualifications

• Strongly Preferred:
  • Specialized training on managing and communicating top secret/confidential information
  • Certifications in information security, CISSP
• High degree of ‘learning agility’ with the ability to readily consume and apply new information and concepts with developed analytical problem-solving skills.
• Strong business acumen, decision making, and influence skills across all levels of an organization.
• Experience in business capability and process modeling
• Excellent leadership and teamwork skills
• Strong results orientation (driving to deadlines, financial targets, project goals, etc.)
• Demonstrated ability to work in a global, virtual organization.
• Excellent presentation skills, including the ability to translate technical information into business terms (e.g., ability to explain complex technical solutions and architecture strategies to non-technical resources)
• Knowledge in user experience modeling, information design, and concept generation.
• Technology depth and credibility with technical staff.
• Work experience in the Medical Device Industry, or other regulated industry.
• Ability to mentor and develop business, architecture, and technical resources.

Physical Job Requirements

The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position.

Benefits & Compensation

Medtronic offers a competitive Salary and flexible Benefits Package
A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage.

About Medtronic

We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions.
Our Mission — to alleviate pain, restore health, and extend life — unites a global team of 95,000+ passionate people.
We are engineers at heart— putting ambitious ideas to work to generate real solutions for real people. From the R&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary.

Learn more about our business, mission, and our commitment to diversity here