Job ID R-398007 Date posted 05/05/2021 Apply

Engineer 3, Product Security

Job Description Summary

Job Description

Be part of something bigger!

BD is one of the largest global medical technology companies in the world and is advancing the world of health by improving medical discovery, diagnostics and the delivery of care. We have over 65,000 employees and a presence in virtually every country around the world to address some of the most challenging global health issues.

BD MMS Dispensing is currently seeking a Product Security Engineer to supplement our product security team.  At BD MMS, you will have the opportunity to improve the security of medical devices and systems that are used to help people live healthy lives. 

As a member of the team, this person will be responsible for working with software development teams and other stakeholders to assess potential security vulnerabilities using recognized security standards and provide recommendations on resolving them. The qualified candidate must also have knowledge of Microsoft operating systems (endpoints and serves) as well as techniques and standards for security hardening (NIST SP 800-53, ISO/IEC 27001, OWASP, etc.). Potential candidates must be able to apply technical expertise and diagnostic skill to the evaluation of security vulnerabilities in combination with experience in security risk management to develop maintainable technical solutions. A successful candidate will thrive on working with other software engineers in a dynamic and collaborative development environment where meeting project goals and delivering quality is key. Software coding is not required as part of the position’s responsibilities.

Responsibilities:

  • Deliver Product Security Management Framework (PSMF) product security deliverables in support of new product development and sustaining product development programs.
  • Assist in creating security documentation including Incident and Vulnerability Management Plans and Product Security White Papers.
  • Lead product security risk assessments, threat modeling, security architecture assessment, and provide vulnerability remediation guidance to product development software engineers.
  • Evaluate and provide guidance on implementing software and OS security solutions in accordance with industry accepted standards for medical devices including: encryption, recovery, authentication, audit logging, hardening measures, patch management, vulnerability monitoring, and antivirus/anti-malware.
  • Apply and guide development teams on secure software engineering procedures and training for vulnerability scanning and static code analysis tools.
  • Assist teams in planning, test environment setup, and scoping for product penetration testing, and work with BD penetration test team to follow-up with product teams on outcomes of penetration testing and associated remediations of findings.
  • Support development teams in integrating tools for automated testing of software vulnerabilities and verification of OS security patches.
  • Participate on product security incident response teams as appropriate, including troubleshooting and leading/participating in security investigations
  • Participate in technical design reviews and code inspections (as needed) and provide clear, actionable feedback for project team members, including demonstrating proper coding practices.
  • Work with the project teams to develop vital requirements, specifications and testing scope for OS configuration and patch verification for products.
  • Ensure quality in security test deliverables, including design, data summary and interpretation, report and document preparation and review for adherence to applicable regulations.

Qualifications:

Required

  • Minimum of a Bachelor’s Degree in Electrical Engineering, Computer Science or related technical or engineering field.
  • 3+ years of experience in software development in Agile / Scrum development lifecycle.
  • 5+ years of experience in product development within a quality management system.
  • Experience with configuration and use of static code analysis and vulnerability scanning tools.
  • Knowledge of Windows networking fundamentals and experience with TCP/IP and sockets.
  • Knowledge of cloud-based security solutions (e.g. Azure, AWS)
  • Proven positive work ethic with a strong dedication to achieving project goals.
  • Excellent written and oral communication skills are crucial.

Preferred

  • Knowledge of information security standards for product development.
  • 2 years of experience in medical devices / regulated environment.
  • Product Security related certification(s)
  • Experience with a formal DevSecOps environment

Click on Apply if this sounds like you!

Why join us?

A career at BD means being part of a team that values your opinions and contributions and that empowers you to bring your authentic self to work. Here our associates can fulfill their life’s purpose through the work that they do every day.

You will learn and work alongside inspirational leaders and colleagues who are equally passionate and committed to fostering an inclusive, growth-centered, and rewarding culture. Our Total Rewards program — which includes competitive pay, benefits, continuous learning, recognition, career growth, and life balance components — is designed to support the varying needs of our diverse and global associates.

To learn more about BD visit https://jobs.bd.com/

Becton, Dickinson and Company is an Equal Opportunity/Affirmative Action Employer. We do not unlawfully discriminate on the basis of race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status, or any other protected status.

Primary Work Location

USA CA - San Diego TC Bldg C&D

Additional Locations

Work Shift

Apply

Working in

San Diego TC Bldg C&D

Take a look at the map to see what's nearby.

Working in

San Diego TC Bldg C&D

Take a look at the map to see what's nearby.

Recommend
to a friend

Approve
of CEO

"Purpose driven company where associates work every day to make healthcare better. A lot of great initiatives going on to make BD the best MedTech company in the world."
Anonymous, Franklin Lakes, NJ

Don’t miss out

Receive customized job alerts based on your function and/or location search criteria.

Interested inSelect a job category from the list of options. Search for a location and select one from the list of suggestions. Finally, click “Add” to create your job alert.

Join our talent pool

Upload your resume to help our recruiters match you to the right job. They'll be in touch if they find a good fit.

BD Fraud Notice

Please be aware of potentially fraudulent job postings on other websites or suspicious recruiting email or text messages that attempt to collect your confidential information. If you are concerned that an offer of employment with BD, CareFusion or C.R. Bard might be a scam, please verify by searching for the posting on the careers page or contact us at ASC.Americas@bd.com. For more information click here.