Engineer 3, Product Security
Job Description Summary
Be part of something bigger!
BD is one of the largest global medical technology companies in the world and is advancing the world of health by improving medical discovery, diagnostics and the delivery of care. We have over 65,000 employees and a presence in virtually every country around the world to address some of the most challenging global health issues.
BD MMS Dispensing is currently seeking a Product Security Engineer to supplement our product security team. At BD MMS, you will have the opportunity to improve the security of medical devices and systems that are used to help people live healthy lives.
As a member of the team, this person will be responsible for working with software development teams and other stakeholders to assess potential security vulnerabilities using recognized security standards and provide recommendations on resolving them. The qualified candidate must also have knowledge of Microsoft operating systems (endpoints and serves) as well as techniques and standards for security hardening (NIST SP 800-53, ISO/IEC 27001, OWASP, etc.). Potential candidates must be able to apply technical expertise and diagnostic skill to the evaluation of security vulnerabilities in combination with experience in security risk management to develop maintainable technical solutions. A successful candidate will thrive on working with other software engineers in a dynamic and collaborative development environment where meeting project goals and delivering quality is key. Software coding is not required as part of the position’s responsibilities.
- Deliver Product Security Management Framework (PSMF) product security deliverables in support of new product development and sustaining product development programs.
- Assist in creating security documentation including Incident and Vulnerability Management Plans and Product Security White Papers.
- Lead product security risk assessments, threat modeling, security architecture assessment, and provide vulnerability remediation guidance to product development software engineers.
- Evaluate and provide guidance on implementing software and OS security solutions in accordance with industry accepted standards for medical devices including: encryption, recovery, authentication, audit logging, hardening measures, patch management, vulnerability monitoring, and antivirus/anti-malware.
- Apply and guide development teams on secure software engineering procedures and training for vulnerability scanning and static code analysis tools.
- Assist teams in planning, test environment setup, and scoping for product penetration testing, and work with BD penetration test team to follow-up with product teams on outcomes of penetration testing and associated remediations of findings.
- Support development teams in integrating tools for automated testing of software vulnerabilities and verification of OS security patches.
- Participate on product security incident response teams as appropriate, including troubleshooting and leading/participating in security investigations
- Participate in technical design reviews and code inspections (as needed) and provide clear, actionable feedback for project team members, including demonstrating proper coding practices.
- Work with the project teams to develop vital requirements, specifications and testing scope for OS configuration and patch verification for products.
- Ensure quality in security test deliverables, including design, data summary and interpretation, report and document preparation and review for adherence to applicable regulations.
- Minimum of a Bachelor’s Degree in Electrical Engineering, Computer Science or related technical or engineering field.
- 3+ years of experience in software development in Agile / Scrum development lifecycle.
- 5+ years of experience in product development within a quality management system.
- Experience with configuration and use of static code analysis and vulnerability scanning tools.
- Knowledge of Windows networking fundamentals and experience with TCP/IP and sockets.
- Knowledge of cloud-based security solutions (e.g. Azure, AWS)
- Proven positive work ethic with a strong dedication to achieving project goals.
- Excellent written and oral communication skills are crucial.
- Knowledge of information security standards for product development.
- 2 years of experience in medical devices / regulated environment.
- Product Security related certification(s)
- Experience with a formal DevSecOps environment
Click on Apply if this sounds like you!
Why join us?
A career at BD means being part of a team that values your opinions and contributions and that empowers you to bring your authentic self to work. Here our associates can fulfill their life’s purpose through the work that they do every day.
You will learn and work alongside inspirational leaders and colleagues who are equally passionate and committed to fostering an inclusive, growth-centered, and rewarding culture. Our Total Rewards program — which includes competitive pay, benefits, continuous learning, recognition, career growth, and life balance components — is designed to support the varying needs of our diverse and global associates.
To learn more about BD visit https://jobs.bd.com/
Becton, Dickinson and Company is an Equal Opportunity/Affirmative Action Employer. We do not unlawfully discriminate on the basis of race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status, or any other protected status.
Primary Work LocationUSA CA - San Diego TC Bldg C&D
Recommendto a friend
"Purpose driven company where associates work every day to make healthcare better. A lot of great initiatives going on to make BD the best MedTech company in the world."
Anonymous, Franklin Lakes, NJ