Job ID

R-546847

Category

Engineering

Location

Irvine, California

We are the people who give possibilities purpose

BD is one of the largest global medical technology companies in the world. Advancing the world of health™ is our Purpose, and it’s no small feat. It takes the imagination and passion of all of us—from design and engineering to the manufacturing and marketing of our billions of MedTech products per year—to look at the impossible and find transformative solutions that turn dreams into possibilities.

Job Description

Summary:

The Product Security Engineer is responsible for supporting the security of a BD product or subset of features within the product across the development lifecycle. This individual contributes to the delivery of secure products consistent with global regulatory requirements by executing product security program activities under the guidance of senior team members.

This role works in partnership with R&D and other stakeholders to support compliance with security technical requirements and reduce security risks within the product or feature set. This includes hands-on execution of product security activities such as threat modeling, vulnerability scanning and remediation, and security risk assessments. The successful candidate will apply developing technical expertise to evaluate security vulnerabilities and contribute to maintainable technical solutions. Collaboration with software engineers and R&D team members in a dynamic and agile development environment is essential. Having demonstrated positive work ethic and commitment to achieving project goals with strong collaboration and communication skills - both written and verbal - is key for success in this role.

The Product Security Office (PSO) ensures product security risks for BD’s software-based products and solutions are managed well over the lifecycle as they make a difference for our patients and customers. In the PSO, we offer flexibility so you can successfully balance your work and personal responsibilities. We care about our associates and ensure we have servant leaders to help you grow your career, provide feedback and recognition, and empower you to show up every day as your authentic self. We are passionate about improving patient outcomes and enabling our R&D teams to create and maintain innovative solutions in a secure manner. Armed with a growth mindset and a desire to want to do more, learn more, impact more, you are in a great position to join us and help BD advance the world of health in ways you may never have imagined in your career.

Responsibilities:

• Security Requirements & Implementation: Support project teams in defining and implementing security requirements and technologies for a product or set of features in accordance with industry standards for medical devices, including encryption, authentication, audit logging, hardening measures, SBOM creation and composition, patch management, vulnerability monitoring, and antivirus/antimalware as applicable.

• Cryptography & PKI: Support the selection and implementation of appropriate cryptographic algorithms, key management practices, and certificate lifecycle management (issuance, renewal, revocation) for devices and cloud-connected components.

• Secure Communications: Evaluate and support secure communication implementations across device interfaces and network protocols relevant to the product, including validation of TLS/mTLS configurations and medical or proprietary protocols as applicable.

• Cloud & API Security: Assist in identifying and addressing security risks in cloud-connected device backends and associated APIs, including authentication, authorization, and protection of data in transit and at rest.

• Design Reviews: Participate in technical design reviews and code inspections, providing feedback to project team members and following proper coding practices.

• Security Assessments: Support execution of product security risk assessments, hazard analysis, and vulnerability remediation activities in coordination with product development software engineers.

• Process & Documentation: Assist product development teams in complying with product security framework activities and contributing to security documentation, including Incident and Vulnerability Management Plans and Product Security White Papers.

• Incident Response: Participate in product security incident response activities as appropriate.

• Training & Procedures: Where applicable, support the deployment of software engineering procedures and training related to vulnerability scanning and static code analysis tools.

• Automated Testing: Where applicable, assist R&D teams in implementing systems for automated testing of software vulnerabilities and verification of OS security patches.

• Quality Assurance: Where applicable, contribute to quality in R&D security test deliverables, including design, data summary, report preparation, and review for adherence to applicable regulations.

• May perform other duties as required.

Minimum Required:

• Undergraduate degree in cybersecurity, computer science, computer engineering, software engineering, or related technical field.
• Minimum of 3+ years in product security, product development, software development, or quality assurance.
• Foundational knowledge of information security standards for product development.
• Experience with configuration and use of static code analysis and vulnerability scanning tools.
• Foundational understanding of applied cryptography and PKI concepts (cipher selection, key management, certificate lifecycle).

Preferred Knowledge, Skills:

• Master’s degree (cybersecurity, computer science, software engineering) with minimum of 2 years of industry experience
• Familiarity with product cybersecurity requirements in the context of 510(k) and/or PMA-regulated products.
• Developing experience assessing security risks using industry standard methods (penetration test results, threat modeling, security testing) and applying compensating security controls.
• Foundational competence in threat modeling software systems or software-enabled products using industry standard methods (STRIDE, PASTA, NIST, OWASP).
• Understanding of applied cryptography fundamentals: algorithm and mode selection, key length, hashing, and secure key storage practices.
• Familiarity with PKI concepts including CA hierarchies, certificate lifecycle management, and revocation mechanisms (CRL/OCSP).
• Familiarity with securing network communications, including TLS/mTLS configuration and validation, and medical or device-specific protocols (e.g., HL7, FHIR, Bluetooth LE) as applicable.
• Foundational awareness of cloud and API security principles, including authentication/authorization patterns and protection of PHI/PII in cloud-connected product architectures.
• Exposure to cybersecurity tooling such as Black Duck, Coverity, Veracode, Nessus, Snyk, or Metasploit.
• Experience working within a structured software development lifecycle process; agile methodology.
• Experience with connected products, software development, lifecycles, network technologies, or regulated environments.
• Certifications such as CCNA, CISSP, CISM, GIAC, CCSP, CEH

At BD, we prioritize on-site collaboration because we believe it fosters creativity, innovation, and effective problem-solving, which are essential in the fast-paced healthcare industry. For most roles, we require a minimum of 4 days of in-office presence per week to maintain our culture of excellence and ensure smooth operations, while also recognizing the importance of flexibility and work-life balance. Remote or field-based positions will have different workplace arrangements which will be indicated in the job posting.

For certain roles at BD, employment is contingent upon the Company’s receipt of sufficient proof that you are fully vaccinated against COVID-19. In some locations, testing for COVID-19 may be available and/or required. Consistent with BD’s Workplace Accommodations Policy, requests for accommodation will be considered pursuant to applicable law.

Why Join Us?

To find purpose in the possibilities, we need people who can see the bigger picture, who understand the human story that underpins everything we do. We welcome people with the imagination and drive to help us reinvent the future of healthcare. At BD, you’ll discover a culture in which you can learn, grow and thrive.

We believe that when people connect in person, we learn faster, collaborate more deeply, and build a stronger culture. Join us and enjoy a culture where face-to-face collaboration supports your learning, your progress, and your success.

Primary Work Location

USA CA - Irvine Laguna Canyon

Work Shift

At BD, we reward, support and develop our associates through our comprehensive Total Rewards program. We are committed to attracting and retaining high quality talent by providing reward and recognition opportunities that promote a performance-based culture, as well as a competitive package of compensation and benefits programs. You can learn more on our career site under "Our Commitment to You."

Our salary or hourly rate ranges reward associates fairly and competitively. We regularly review these ranges and factors, such as location, contribute to the range displayed.

Our pay is based on the role and the necessary skills and education to perform it successfully. The salary or hourly rate offered is determined by the role's specific requirements, including any applicable step rate pay system at the work location. Salary or hourly pay ranges are influenced by labor laws and Collective Bargaining Agreement (CBA) requirements applicable to the work location which may also affect the workplace arrangement of the role.

Salary Range Information

$105,500.00 - $168,800.00 USD Annual

Becton, Dickinson, and Company is an Equal Opportunity Employer. We evaluate applicants without regard to race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status, and other legally protected characteristics.