The Becton Dickinson [BU] business unit is seeking a Product Security Engineer to be part of a team responsible for implementing a product security framework supporting existing and future medical devices and software.
The right candidate is a positive, forward-looking person who must be self-directed requiring minimal daily direction, collaborates often and effectively with project team members, presents a positive and professional demeanor with customers, and excels at solving difficult problems.
The candidate will need to possess skills specifically related to implementation of security requirements e.g., NIST SP 800-53, ISO/IEC 27001, OWASP, SEI CERT Standards.
The candidate shall be able to evaluate product designs and provide solutions to remediate security vulnerabilities through product securityrisk assessments, vulnerability scans and analysis.
In addition to security solutions for new product development, the role requires remediating vulnerabilities with existing products, detailed attention to implementation and product risk while following a detailed quality management system.
- The Product Security Engineer will participate in a full medical system development life cycle and adhere to a quality management system.
- Must be able to identify cybersecuritythreats and perform analysis based on threat vectors and identified vulnerabilities and build solutions to reduce the risk level.
- Must possess the skills to perform research independently, identify pertinent information for evaluation, and develop potential solutions and alternate courses of alternatives.
- Understanding of engineering principles for IT system development in a world wide deployment model.
- Familiar with automated vulnerability scanning assessment tools and their operation to produce security artifacts.
- Must possess the skills to automate solutions using various scripting tools used in remote deployments.
- Analyze system securityarchitectures and make recommendations for security design and requirements that are compliant with applicable Security Technical Implementation Guides (STIGs) and other Federal and state standards.
- Knowledge of Active Directory, virtual environment and cloud computing
- Familiarity with the Software Development Life Cycle (SDLC) and injection of security principles/processes within various development environments to achieve software assurance
- Must have strong organizational skills and attention to detail, and possess exceptional ability to communicate effectively with peers, supervisors, managers, and customers within a team-oriented, collaborative environment.
- Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities.
- BS degree in Computer Science, Computer Engineering, Cyber Security, Information Technology, or other related engineering field is required
- Minimum of 5 years of experience in cybersecurity, systems & architecture concepts and designs
Required Knowledge, Skills and Attributes:
- Experience in system architecture understanding risk, mitigation and remediation
- Knowledge of Windows Operating Systems and their environment
- Knowledge of Active Directory framework
- Understanding of virtualization and cloud technologies
- Demonstrated understanding of developing in a regulated environment and adhering to a quality management system
- Excellent written and verbal communication and interpersonal skills are essential
- Demonstrated positive work ethic with a strong commitment to achieving project goals
- Experience working in a regulated (FDA) R&D environment with medical devices is a plus
Job ID R-23165