Product Security Engineer
Job in
Irvine, Orange County, California, 92713, USA
Listed on 2026-06-20
Listing for:
Becton Dickinson & Company
Full Time
position Listed on 2026-06-20
Job specializations:
-
IT/Tech
Cybersecurity, Systems Engineer, Data Security, Information Security
Job Description & How to Apply Below
Product Security Engineer
The Product Security Engineer is responsible for supporting the security of a BD product or subset of features across the development lifecycle. This individual contributes to the delivery of secure products consistent with global regulatory requirements by executing product security program activities under the guidance of senior team members.
The Product Security Office (PSO) ensures product security risks for BD’s software-based products and solutions are managed well over the lifecycle as they make a difference for our patients and customers. In the PSO, we offer flexibility so you can successfully balance your work and personal responsibilities.
Responsibilities- Security Requirements & Implementation:
Support project teams in defining and implementing security requirements and technologies for a product or set of features in accordance with industry standards for medical devices, including encryption, authentication, audit logging, hardening measures, SBOM creation and composition, patch management, vulnerability monitoring, and antivirantimalware as applicable. - Cryptography & PKI:
Support the selection and implementation of appropriate cryptographic algorithms, key management practices, and certificate lifecycle management (issuance, renewal, revocation) for devices and cloud-connected components. - Secure Communications:
Evaluate and support secure communication implementations across device interfaces and network protocols relevant to the product, including validation of TLS/mTLS configurations and medical or proprietary protocols as applicable. - Cloud & API Security:
Assist in identifying and addressing security risks in cloud-connected device backends and associated APIs, including authentication, authorization, and protection of data in transit and at rest. - Design Reviews:
Participate in technical design reviews and code inspections, providing feedback to project team members and following proper coding practices. - Security Assessments:
Support execution of product security risk assessments, hazard analysis, and vulnerability remediation activities in coordination with product development software engineers. - Process & Documentation:
Assist product development teams in complying with product security framework activities and contributing to security documentation, including Incident and Vulnerability Management Plans and Product Security White Papers. - Incident Response:
Participate in product security incident response activities as appropriate. - Training & Procedures:
Where applicable, support the deployment of software engineering procedures and training related to vulnerability scanning and static code analysis tools. - Automated Testing:
Where applicable, assist R&D teams in implementing systems for automated testing of software vulnerabilities and verification of OS security patches. - Quality Assurance:
Where applicable, contribute to quality in R&D security test deliverables, including design, data summary, report preparation, and review for adherence to applicable regulations. - May perform other duties as required.
- Undergraduate degree in cybersecurity, computer science, computer engineering, software engineering, or related technical field.
- Minimum of 3 years in product security, product development, software development, or quality assurance.
- Foundational knowledge of information security standards for product development.
- Experience with configuration and use of static code analysis and vulnerability scanning tools.
- Foundational understanding of applied cryptography and PKI concepts (cipher selection, key management, certificate lifecycle).
- Master’s degree (cybersecurity, computer science, software engineering) with minimum of 2 years of industry experience
- Familiarity with product cybersecurity requirements in the context of 510(k) and/or PMA-regulated products.
- Developing experience assessing security risks using industry standard methods (penetration test results, threat modeling, security testing) and applying compensating security controls.
- Foundational competence in threat modeling software systems or software-enabled products using industry standard methods (STRIDE, PASTA, NIST, OWASP).
- Understanding of applied cryptography fundamentals: algorithm and mode selection, key length, hashing, and secure key storage practices.
- Familiarity with PKI concepts including CA hierarchies, certificate lifecycle management, and revocation mechanisms (CRL/OCSP).
- Familiarity with securing network communications, including TLS/mTLS configuration and validation, and medical or device-specific protocols (e.g., HL7, FHIR, Bluetooth LE) as applicable.
- Foundational awareness of cloud and API security principles, including authentication/authorization patterns and protection of PHI/PII in cloud-connected product architectures.
- Exposure to cybersecurity tooling such as Black Duck, Coverity, Veracode, Nessus, Snyk, or Metasploit.
- Experience working within a structured…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×