Staff Product Security Engineer - Penetration Tester

Becton Dickinson and   •  

San Diego, CA

Less than 5 years

Posted 258 days ago

This job is no longer available.

Job ID R-304686 

Job Description Summary

Job Description

The Product Security Penetration Tester will be responsible for ensuring the adoption of the corporate product security framework within Medication Management Systems (MMS) in order to improve the security of products and solutions sold to customers by design, in use and through partnership. This individual will work with MMS cross functional teams to design and execute formal penetration testing of products that may range from embedded devices to cloud-based solutions during deployment or implementation at customer sites. The role may also include overarching product security activities within the business portfolio of products; such as product securityrisk assessments, awareness/training, incident response, strategic initiatives, and external engagements.

The product security penetration tester will collaborate and leverage available corporate resources by utilizing expertise in product security testing, architecture, incident response, and program management. This person will also work with cross functional teams to improve awareness and enrich the knowledge and understating of product security within the business unit.

Responsibilities:

  • Ensure MMS adoption of product security framework activities
  • Track and report adherence to product security requirements throughout portfolio
  • Coordinate with Product SecurityEngineering Team  to design and execute formal penetration testing of MMS products and solutions including remediation planning and solution identification
  • Collaborate with MMS Product Security Officer, Global Customer Support, and Sales teams to facilitate collaborative security activities with BD customers and external partners
  • Contribute to development of BD’s penetration testing environment and perform continuous security testing and research that can be used for external engagement
  • Educate MMS R&D on techniques used for security testing which include physical and administrative security assessments
  • Deploy, maintain and troubleshoot security testing tools for security testing
  • May perform other duties as required

Education/Experience:

  • A bachelor’s degree or certification in related field is required
  • A minimum of 2 to 5 years of experience in product security, with a focus in penetration testing
  • Experience in formal penetration testing, ethical hacking of embedded systems, web applications and complex networked systems
  • Experience in reverse engineering, forensic analysis, exploit development, toolkit and exploit management, project management, risk and threat modeling, OS theory, network and application fuzzing, reconnaissance, packet and binary composition analysis, software programming
  • Ideal candidate will have Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP) or Healthcare Certified Information Systems Security Professional (HCISSP) certification
  • Working knowledge of Windows Internals, Windows Application Programming Interfaces (API), MSFT Windows Registry, and related security models