Job DescriptionSummary:The Product Security Engineer is responsible for supporting the security of a BD product or subset of features within the product across the development lifecycle. This individual contributes to the delivery of secure products consistent with global regulatory requirements by executing product security program activities under the guidance of senior team members.
This role works in partnership with R&D and other stakeholders to support compliance with security technical requirements and reduce security risks within the product or feature set. This includes hands-on execution of product security activities such as threat modeling, vulnerability scanning and remediation, and security risk assessments. The successful candidate will apply developing technical expertise to evaluate security vulnerabilities and contribute to maintainable technical solutions. Collaboration with software engineers and R&D team members in a dynamic and agile development environment is essential. Having demonstrated positive work ethic and commitment to achieving project goals with strong collaboration and communication skills - both written and verbal - is key for success in this role.
Responsibilities:- Security Requirements & Implementation: Support project teams in defining and implementing security requirements and technologies for a product or set of features in accordance with industry standards for medical devices, including encryption, authentication, audit logging, hardening measures, SBOM creation and composition, patch management, vulnerability monitoring, and antivirus/antimalware as applicable.
- Cryptography & PKI: Support the selection and implementation of appropriate cryptographic algorithms, key management practices, and certificate lifecycle management (issuance, renewal, revocation) for devices and cloud-connected components.
- Secure Communications: Evaluate and support secure communication implementations across device interfaces and network protocols relevant to the product, including validation of TLS/mTLS configurations and medical or proprietary protocols as applicable.
- Cloud & API Security: Assist in identifying and addressing security risks in cloud-connected device backends and associated APIs, including authentication, authorization, and protection of data in transit and at rest.
- Design Reviews: Participate in technical design reviews and code inspections, providing feedback to project team members and following proper coding practices.
- Security Assessments: Support execution of product security risk assessments, hazard analysis, and vulnerability remediation activities in coordination with product development software engineers.
- Process & Documentation: Assist product development teams in complying with product security framework activities and contributing to security documentation, including Incident and Vulnerability Management Plans and Product Security White Papers.
- Incident Response: Participate in product security incident response activities as appropriate.
- Training & Procedures: Where applicable, support the deployment of software engineering procedures and training related to vulnerability scanning and static code analysis tools.
- Automated Testing: Where applicable, assist R&D teams in implementing systems for automated testing of software vulnerabilities and verification of OS security patches.
- Quality Assurance: Where applicable, contribute to quality in R&D security test deliverables, including design, data summary, report preparation, and review for adherence to applicable regulations.
- May perform other duties as required.
Minimum Required:- Undergraduate degree in cybersecurity, computer science, computer engineering, software engineering, or related technical field.
- Minimum of 3+ years in product security, product development, software development, or quality assurance.
- Foundational knowledge of information security standards for product development.
- Experience with configuration and use of static code analysis and vulnerability scanning tools.
- Foundational understanding of applied cryptography and PKI concepts (cipher selection, key management, certificate lifecycle).
Preferred Knowledge, Skills:- Master's degree (cybersecurity, computer science, software engineering) with minimum of 2 years of industry experience
- Familiarity with product cybersecurity requirements in the context of 510(k) and/or PMA-regulated products.
- Developing experience assessing security risks using industry standard methods (penetration test results, threat modeling, security testing) and applying compensating security controls.
- Foundational competence in threat modeling software systems or software-enabled products using industry standard methods (STRIDE, PASTA, NIST, OWASP).
- Understanding of applied cryptography fundamentals: algorithm and mode selection, key length, hashing, and secure key storage practices.
- Familiarity with PKI concepts including CA hierarchies, certificate lifecycle management, and revocation mechanisms (CRL/OCSP).
- Familiarity with securing network communications, including TLS/mTLS configuration and validation, and medical or device-specific protocols (e.g., HL7, FHIR, Bluetooth LE) as applicable.
- Foundational awareness of cloud and API security principles, including authentication/authorization patterns and protection of PHI/PII in cloud-connected product architectures.
- Exposure to cybersecurity tooling such as Black Duck, Coverity, Veracode, Nessus, Snyk, or Metasploit.
- Experience working within a structured software development lifecycle process; agile methodology.
- Experience with connected products, software development, lifecycles, network technologies, or regulated environments.
- Certifications such as CCNA, CISSP, CISM, GIAC, CCSP, CEH
At BD, we prioritize on-site collaboration because we believe it fosters creativity, innovation, and effective problem-solving, which are essential in the fast-paced healthcare industry. For most roles, we require a minimum of 4 days of in-office presence per week to maintain our culture of excellence and ensure smooth operations, while also recognizing the importance of flexibility and work-life balance. Remote or field-based positions will have different workplace arrangements which will be indicated in the job posting.
Primary Work LocationUSA CA - Irvine Laguna Canyon
Additional LocationsWork ShiftAt BD, we reward, support and develop our associates through our comprehensive Total Rewards program. We are committed to attracting and retaining high quality talent by providing reward and recognition opportunities that promote a performance-based culture, as well as a competitive package of compensation and benefits programs. You can learn more on our career site under "Our Commitment to You."
Our salary or hourly rate ranges reward associates fairly and competitively. We regularly review these ranges and factors, such as location, contribute to the range displayed.
Our pay is based on the role and the necessary skills and education to perform it successfully. The salary or hourly rate offered is determined by the role's specific requirements, including any applicable step rate pay system at the work location. Salary or hourly pay ranges are influenced by labor laws and Collective Bargaining Agreement (CBA) requirements applicable to the work location which may also affect the workplace arrangement of the role.
Salary Range Information$105,500.00 - $168,800.00 USD Annual
