Job Description Summary

The Product Cyber Security Engineer is a hands‑on, execution‑focused role responsible for strengthening and scaling Product Security capabilities across software‑enabled and connected products. This role partners closely with R&D, Software Engineering, DevOps, Quality, Systems Engineering, and Regulatory teams to ensure cybersecurity risks are proactively identified, documented, mitigated, and tracked throughout the product lifecycle.
The engineer owns and delivers core Product Security artifacts required by Product Security procedures, including threat models, cybersecurity risk assessments, vulnerability management evidence, SBOMs, and patch verification documentation. The role plays a critical part in sustaining regulatory compliance, enabling secure product releases, and maintaining customer trust by integrating cybersecurity into design controls, risk management, and release readiness processes.
This position is ideal for a security engineer who thrives in regulated, documentation‑heavy environments, brings strong execution discipline, and is motivated to standardize, streamline, and scale repeatable Product Security activities across multiple products while maintaining high quality and audit readiness.

Job Description

We are the makers of possible 

BD is one of the largest global medical technology companies in the world. Advancing the world of health™ is our Purpose, and it’s no small feat. It takes the imagination and passion of all of us—from design and engineering to the manufacturing and marketing of our billions of MedTech products per year—to look at the impossible and find transformative solutions that turn dreams into possibilities. 

We believe that the human element, across our global teams, is what allows us to continually evolve. Join us and discover an environment in which you’ll be supported to learn, grow and become your best self. Become a maker of possible with us. 

We are seeking a Product Cyber Security Engineer to strengthen and scale our Product Security capabilities across software enabled and connected products. This role will directly supplement and partner with existing Product Security ‑engineers, and will assume ownership of core cybersecurity deliverables required by our Product Security procedures.

The successful candidate will work closely with R&D, Software Engineering, DevOps, DevSecOps, Systems Engineering, Quality, and Regulatory teams to ensure that cybersecurity risks are identified, documented, mitigated, and tracked throughout the product lifecycle. This role is hands-on, execution‑ focused‑, and critical to sustaining regulatory compliance, product readiness, and customer trust.

Key Responsibilities

Product Cybersecurity Planning & Execution

• Partner with product teams to define, execute, and maintain Product Security activities and deliverables for new development, major releases, and sustaining changes, in alignment with Product Security procedures.

• Contribute to and maintain Product Security Management Plans and associated Product Security Management Files, ensuring all required cybersecurity activities are planned, traceable, and audit ready‑.

• Support integration of Product Security activities into design control, risk management, and release readiness processes.

Threat Modeling & Risk Assessment

• Lead or support creation and maintenance of product threat models, including identification of assets, data flows, trust boundaries, threats, and mitigations.

• Perform or support cybersecurity risk assessments, including requirements gap analysis, CVSS-based‑ vulnerability scoring, and residual risk evaluation.

• Document unresolved or accepted cybersecurity risks in Product Cybersecurity Risk Summary Reports for release decisions.

Vulnerability Management & Security Testing

• Coordinate and support security testing activities, including:

  • Static code analysis

  • Open source and third‑-‑party dependency analysis

  • Vulnerability scanning and third-party‑ security assessments

• Review vulnerability findings, work with engineering teams on remediation strategies, and ensure results are properly documented and tracked.

• Support incident and vulnerability management workflows, including evidence generation for audits and regulatory reviews.

Patch Management & Verification

• Support development and maintenance of product specific‑ patch management approaches, aligned with Product Security guidance.

• Author or review Security Patch Verification Protocols and Security Patch Verification Reports to document testing and verification of security updates.

Software Bill of Materials (SBOM)

• Co-own creation, validation, and lifecycle maintenance of Software Bills of Materials (SBOMs) for software‑ enabled‑ products.

• Ensure SBOMs support vulnerability monitoring, regulatory expectations, and internal Product Security processes.

Metrics, Tracking & Operationalization

• Support tracking and reporting of product security metrics, including vulnerability status, remediation progress, and release readiness.

• Contribute to operational dashboards, work item tracking, and reporting mechanisms used by Product Security leadership.

• Help standardize and scale Product Security execution across multiple products and teams.

Cross-Functional‑ Collaboration & Guidance

• Act as a Product Security subject matter‑ expert for R&D, DevOps, Quality, Regulatory, and other partners.

• Provide guidance on secure design practices, vulnerability remediation, and compliance expectations.

• Support internal reviews, audits, and regulatory interactions related to product cybersecurity.

Required Qualifications

• Bachelor’s degree in Computer Science, Software Engineering, Cybersecurity, or related technical field, or equivalent practical experience.

• 3+ years of experience in software engineering, product security, cybersecurity engineering, or a closely related role.

• Hands-‑on experience with product or application security, including vulnerability assessment, threat modeling, and secure development practices.

• Demonstrated ability to execute efficiently in complex, documentation-‑heavy environments.

• Bias toward working smarter, leveraging existing tools, automation, and modern engineering practices to reduce manual effort and cycle time.

• Comfortable identifying opportunities to streamline, standardize, and scale repeatable security activities without sacrificing quality or compliance.

• Working knowledge of software vulnerability management, including CVSS scoring, remediation workflows, and risk acceptance.

• Experience producing or supporting formal security deliverables (e.g., threat models, risk assessments, vulnerability reports, SBOMs).

• Strong written communication skills, with experience creating clear, structured technical documentation suitable for audits and regulatory review.

Preferred Qualifications

• Experience working in a regulated environment (medical devices, life sciences, healthcare software, or similar).

• Familiarity with secure development lifecycle (SDL) concepts and integration of security into design controls.

• Experience with opensource dependency analysis, static code analysis tools, or third‑-‑party security assessments.

• Exposure to Product Security Management frameworks, risk management files, or cybersecurity SOPs.

• Understanding of regulatory expectations for product cybersecurity (e.g., FDA, EU MDR/IVDR, or similar).

• Experience supporting security metrics, dashboards, or operational reporting.

At BD, we prioritize on-site collaboration because we believe it fosters creativity, innovation, and effective problem-solving, which are essential in the fast-paced healthcare industry. For most roles, we require a minimum of 4 days of in-office presence per week to maintain our culture of excellence and ensure smooth operations, while also recognizing the importance of flexibility and work-life balance. Remote or field-based positions will have different workplace arrangements which will be indicated in the job posting.

For certain roles at BD, employment is contingent upon the Company’s receipt of sufficient proof that you are fully vaccinated against COVID-19. In some locations, testing for COVID-19 may be available and/or required. Consistent with BD’s Workplace Accommodations Policy, requests for accommodation will be considered pursuant to applicable law.

Why Join Us?

A career at BD means being part of a team that values your opinions and contributions and that encourages you to bring your authentic self to work. It’s also a place where we help each other be great, we do what’s right, we hold each other accountable, and learn and improve every day.  

To find purpose in the possibilities, we need people who can see the bigger picture, who understand the human story that underpins everything we do. We welcome people with the imagination and drive to help us reinvent the future of health. At BD, you’ll discover a culture in which you can learn, grow, and thrive. And find satisfaction in doing your part to make the world a better place.  

To learn more about BD visit https://bd.com/careers

Becton, Dickinson, and Company is an Equal Opportunity Employer. We evaluate applicants without regard to race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status, and other legally-protected characteristics.

Required Skills

Optional Skills

.

Primary Work Location

USA OR Ashland - FlowJo

Additional Locations

Work Shift

At BD, we are strongly committed to investing in our associates—their well-being and development, and in providing rewards and recognition opportunities that promote a performance-based culture. We demonstrate this commitment by offering a valuable, competitive package of compensation and benefits programs which you can learn more about on our Careers Site under Our Commitment to You.

Salary or hourly rate ranges have been implemented to reward associates fairly and competitively, as well as to support recognition of associates’ progress, ranging from entry level to experts in their field, and talent mobility. There are many factors, such as location, that contribute to the range displayed. The salary or hourly rate offered to a successful candidate is based on experience, education, skills, and any step rate pay system of the actual work location, as applicable to the role or position. Salary or hourly pay ranges may vary for Field-based and Remote roles.

Salary Range Information

$92,700.00 - $152,900.00 USD Annual