Principle Cybersecurity Specialist

Original Post

At Medtronic you can begin a life\-long career of exploration and innovation, while helping champion healthcare access and equity for all. You’ll lead with purpose, breaking down barriers to innovation in a more connected, compassionate world. **A Day in the Life** ===================== The Principal Application Security Specialist is a technical leader responsible for securing the software development lifecycle (SDLC) with a strong emphasis on GitLab\-based development environments and CI/CD pipelines. This role partners engineering, DevOps, cloud, and security teams to design, implement, and mature secure\-by\-design practices across build, test, and deployment workflows. This role will leverage GitLab’s native security capabilities within the development pipeline to identify security requirements. The GitLab Application Security Engineer will enable efficient and secure software delivery across business and Global IT, directly supporting ongoing initiatives in AI and automation **Responsibilities may include the following and other duties may be assigned.** * Embed and refine security controls in GitLab CI/CD pipelines. * Automate testing (SAST/DAST/SCA, container scans, secrets detection) in pipelines. * Set and enforce secure pipeline standards, guardrails, and policies. * Architect and secure GitLab (runners, projects, configs, permissions). * Ensure secure use of GitLab runners, including isolation, ephemeral runners, and hardened execution environments. * Build and maintain security automation integrated into pipelines. * Develop reusable pipeline templates and security modules. * Implement policy\-as\-code and automated compliance validation. * Analyze pipeline and application security findings and drive remediation with engineering teams. * Prioritize vulnerabilities based on risk, exploitability, and business impact. * Track and report security posture of applications and pipelines. * Serve as the primary security advisor to DevOps and platform engineering teams. * Work with cloud and infrastructure teams to secure containerized and Kubernetes\-based deployments. * Investigate pipeline or code repository compromise scenarios. * Develop detection mechanisms for suspicious CI/CD activity. * Support response to software supply chain incidents. **Required Knowledge and Expertise:** * 12\+ years of experience in application security, DevSecOps, or cloud security. * Deep expertise with GitLab (administration, CI/CD pipelines, runners, security features). * Strong experience securing CI/CD platforms and software supply chains. * Experience integrating tools such as: + SAST, DAST, SCA, Container security management, secrets management * Experience with NIST, OWASP, Secure SDLC **Nice To Have:** * Strongly Preferred: + Proficiency with: IAAC, Containers, Kubernetes, Cloud Platforms (AWS, Azure, GCP) + Experience with DevSecOps practices and tools in a cloud\-native environment (AWS, Azure, GCP). + Experience working in Agile or DevOps environments. Strong scripting or programming skills (Python, Go, Bash, or similar). CISSP, CSSLP, CKS (Kubernetes Security Specialist) + **Physical Job Requirements** The above statements are intended to describe the general nature and level of work being performed by employees assigned to this position, but they are not an exhaustive list of all the required responsibilities and skills of this position. **Benefits \& Compensation** ============================ **Medtronic offers a competitive Salary and flexible Benefits Package** A commitment to our employees lives at the core of our values. We recognize their contributions. They share in the success they help to create. We offer a wide range of benefits, resources, and competitive compensation plans designed to support you at every career and life stage. This position is eligible for a short\-term incentive called the Medtronic Incentive Plan (MIP). **About Medtronic** =================== We lead global healthcare technology and boldly attack the most challenging health problems facing humanity by searching out and finding solutions. Our Mission — to alleviate pain, restore health, and extend life — unites a global team of 95,000\+ passionate people. We are engineers at heart— putting ambitious ideas to work to generate real solutions for real people. From the R\&D lab, to the factory floor, to the conference room, every one of us experiments, creates, builds, improves and solves. We have the talent, diverse perspectives, and guts to engineer the extraordinary. Learn more about our business, mission, and our commitment to diversity here