Sr DevSecOps Engineer

We anticipate the application window for this opening will close on - 4 Jul 2026 At Medtronic you can begin a life-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world.A Day in the LifeThe Sr DevSecOps Engineer defines, implements, and governs secure embedded software platform practices for regulated medical device programs. This role provides technical leadership across CI/CD automation, embedded Linux security, software supply chain controls, vulnerability management, cybersecurity risk analysis, and release evidence generation to support safe, secure, and compliant medical device development.                  The Sr DevSecOps Engineer will join the Embedded OS Platforms Team to lead secure embedded platform enablement for new and existing medical device development programs. The Embedded OS Platforms Team delivers the core software infrastructure and foundational system components that enable operation of the application software. This role is responsible for advancing reusable DevSecOps frameworks, secure software supply chain practices, embedded Linux security capabilities, and cybersecurity lifecycle processes across multiple products.The successful candidate will serve as a technical lead who partners with software, systems, product security, quality, regulatory, and program teams to deliver secure, maintainable, and compliant platform solutions.Key ResponsibilitiesDefine and own the DevSecOps architecture and roadmap for embedded capital equipment platforms, including CI/CD pipelines, build infrastructure, security automation, release evidence, and long-term maintainability.Develop and maintain secure embedded platform software, build infrastructure, and reusable automation capabilities.Create and support Yocto-based embedded Linux distributions, BSP software, device drivers, hypervisors, and platform-level OS components.Establish secure software supply chain practices, including SBOM generation, SOUP/OTS component tracking, license awareness, vulnerability monitoring, end-of-support tracking, and remediation workflows.Develop reusable CI/CD templates and pipeline controls for static analysis, software composition analysis, unit test automation, artifact signing, provenance tracking, cybersecurity evidence capture, and release readiness.Lead threat modeling and cybersecurity risk analysis for embedded platform components, including asset identification, attack surface analysis, exploitability assessment, security controls, and traceability to risk mitigations.Drive CVE intake, enrichment, asset mapping, triage, risk scoring, remediation planning, validation, and reporting in partnership with Product Security, SWQA, Systems, and program teams.Design and implement secure boot, firmware signing, cryptographic configuration, key/certificate lifecycle support, authenticated update mechanisms, and secure device communication patterns.Define runtime security monitoring requirements and support post-market cybersecurity monitoring and vulnerability response workflows.Review reported anomalies, assess cybersecurity impact, and support incident-response activities as needed.Support regulatory submissions and audits by ensuring cybersecurity, software lifecycle, and DevSecOps evidence is complete, traceable, reproducible, and aligned with internal quality system expectations.Define platform-level OS and BSP maintenance strategies, including Linux kernel support, Yocto release planning, driver update strategy, patchability, and security update governance across the product lifecycle.Collaborate with external vendors and internal partners to evaluate security tooling, embedded Linux support models, vulnerability intelligence, penetration testing outputs, and long-term maintenance approaches.Provide technical leadership and mentoring to software engineers, DevOps engineers, and platform teams on secure coding, build automation, vulnerability handling, and regulated software development practices.Partner with product teams to define platform capabilities that are reusable, secure, testable, and scalable across multiple capital equipment programs.Technologies & ToolsAMD Zynq and Zynq UltraScale+ SoCs, NVIDIA ORIN, SafeRTOS, FreeRTOSYocto-based embedded Linux package developmentEmbedded hypervisors, Linux device drivers, BSPs, and boot flowsCustom build systems and CI/CD pipelinesDocker, Snyk, SonarQube, and software composition analysis toolsStatic analysis, software composition analysis, artifact signing, and vulnerability management toolsPython, Bash, and GoAtlassian tools including Bitbucket, Jira, Bamboo, and ConfluenceGitHub and GitLabNetworking security, secure boot, firmware signing, and secure update technologiesMinimum Qualifications: Bachelor's degree and minimum of 4 years of relevant experience OR Master's degree with a minimum of 2 years relevant experience OR PhD with 0 years relevant experience.Preferred QualificationsStrong experience in embedded Linux platform development for regulated, safety-critical, or high-reliability products.Hands-on experience with AMD/Xilinx SoC-based embedded systems, including AMD Zynq 7000 series, Zynq UltraScale+, Kria SOM, and the NVIDIA ORIN platform. Experience with real-time operating systems such as SafeRTOS and QNX Neutrino.Experience with Yocto, BSPs, OS layers, kernel configuration, boot flows, device drivers, and embedded platform security.Experience developing or governing DevSecOps practices in regulated medical device, safety-critical, aerospace, automotive, or industrial control environments.Strong understanding of FDA cybersecurity expectations, IEC 62304, ISO 14971, ISO 13485, SOUP/OTS software management, SBOM practices, and software lifecycle evidence generation.Experience implementing security automation in CI/CD pipelines, including SAST, SCA, container scanning, artifact signin