Job Description Summary Security is the key component across all products we develop, and we must continually ensure the security mindset culture and philosophy is integrated into all security practices within our development processes.
Ensuring security and privacy for our customers, clients and their patients is a key mantra in all our work.
We achieve this by making everyone accountable for security and strive to continually enhance and improve our Security mindset culture.
We require and encourage collaboration and Candor between teams and management and you should be a positive, forward-looking individual.
This role provides the scope to lead and enhance security for our next generation of products, while ensuring the current products are kept secure, to deal with the constant changes in the threat landscape.
Job Description We are the makers of possible BD is one of the largest global medical technology companies in the world.
Advancing the world of health is our Purpose, and it's no small feat.
It takes the imagination and passion of all of us-from design and engineering to the manufacturing and marketing of our billions of MedTech products per year-to look at the impossible and find transformative solutions that turn dreams into possibilities.
Why join us? A career at BD means learning and working alongside inspirational leaders and colleagues who are equally passionate and committed to fostering an inclusive, growth-centered, and rewarding culture.
You will have the opportunity to help shape the trajectory of BD while leaving a legacy at the same time.
To find purpose in the possibilities, we need people who can see the bigger picture, who understand the human story that underpins everything we do.
We welcome people with the imagination and drive to help us reinvent the future of health. At BD, you'll discover a culture in which you can learn, grow and thrive. And find satisfaction in doing your part to make the world a better place.
Become a maker of possible with us About the role:
As the Product Security Engineer you will be responsible for the implementation of security requirements and secure coding standards, e.g., NIST SP 800-53, OWASP, and MS Secure Coding Standards.
Evaluate product designs and provide solutions to remediate security vulnerabilities through product security risk assessments, vulnerability scans, and static and dynamic code analysis tools.
In addition to defining security requirement for new product development, the role requires you to support teams in the remediating vulnerabilities with existing products.
Day to day primary responsibilities include leadership in enhancing demonstrating and creating alignment with the extended team within BD, suppliers/partners and with the larger BD organization of resources and experts.
You will participate in a full medical software development life cycle and adhere to a well-defined quality management system and Product Security Development Framework.
Main responsibilities will include:
Support teams in reducing product risk, by finding practical solutions on how to increase security in new and existing products Work in a team supporting R&D in implementing secure software solutions by ensuring architecture is in accordance with industry accepted standards for medical device security including encryption, disaster recovery, authentication, audit logging, hardening measures, patch management, and vulnerability monitoring.
Assist in product security risk assessments and provide vulnerability remediation guidance to product development software engineers both on and off-site.
Develop and ensure software engineering procedures are aligned with product security requirements Supporting the Product Security Documentation process including:
Providing standardized Product Security documentation Organize and support the document review and approval process Ensure that deliverables are delivered punctually and to the required level of quality Interface and oversee product security aspects of technical departments such as Systems Hardware, Quality, and technical services Collaborate with other BD resources to ensure effective design and implementation goals.
Assure adherence to BD development policies and software quality procedures About you:
BS degree in Computer Science, Computer Engineering, Electrical Engineering, other related engineering field or equivalent work experience required Minimum of 3 years of experience in areas such as IT-Security, secure software development and designs, and risk management Working experience with various encryption algorithms and PKI solutions Understanding of security issues and solutions for embedded devices Good understanding of networking and related security aspects and common attacks Demonstrated understanding of developing in a regulated environment and adhering to a quality management system Excellent written and verbal communication and interpersonal skills are essential Demonstrated positive work ethic with a strong commitment to achieving project goals Good understanding of Microsoft Office products and tools In addition to the above skills, the following skillset would be advantageous but not essential: Experience with Dynamic and static code analysis tools Knowledge of Completing a track Trace and plan using a Security Requirements Traceability Matrix (SRTM) or similar tool with the goal of tracking Security Requirements Source of Requirement Requirement Objective Verification Method Understanding of vulnerability scans and static code analysis results Understanding proper secure coding practices to drive standards within the software engineering organization Experience working in a regulated (FDA, MDR) environment with medical instrumentation Basic understanding of network security fundamentals (IP protocol, firewalls etc.) Recognized Security certifications are a plus (CISSP, CASP+, CSSLP etc.) Click on apply if this sounds like you Becton, Dickinson and Company is an Equal Opportunity/Affirmative Action Employer.
We do not unlawfully discriminate on the basis of race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status, or any other protected status.