BD (Becton, Dickinson and Company) Product Security Engineer in Andover, Massachusetts
Job Description SummaryThe Becton Dickinson Diabetes Care business unit is seeking a Software Engineer to be part of a team responsible for implementing a product security framework supporting existing and future medical instrumentation and software. The right candidate is a positive, forward-looking person who must be self-directed requiring minimal daily direction, collaborates often and effectively with project team members, presents a positive and professional demeanor with customers, and excels at solving difficult problems.
The candidate will need to possess software development skills. The candidate shall be able to lead, evaluate product designs and provide solutions to remediate security vulnerabilities through product security risk assessments, vulnerability scans, and static code analysis. In addition to security solutions for new product development, the role requires remediating vulnerabilities with existing products which requires detailed attention to implementation and product risk.
The Product Security Software Engineer will participate in a full medical software development life cycle and adhere to a quality management system.
Lead product security risk assessments, hazard analysis, threat modeling, and provide vulnerability remediation guidance and mentoring to product development software engineers.
Implement software security solutions and support architecture, design, and implementation of products in accordance with industry accepted standards for medical device security including: encryption, recovery, authentication, audit logging, hardening measures, patch management, vulnerability monitoring, and antivirus/antimalware.
Develop and administer software engineering procedures and training, including but not limited to vulnerability scans and static code analysis.
Responsible for developing Product Security Management Plans, Incident and Vulnerabilities plan, Product Security White Papers, and other related artifacts.
Participate and contribute on product security incident response, and other related activities.
Interface with other technical departments such as Penetration Testing Team, Systems and Hardware Engineering
Interface with Quality and Technical Service
Demonstrate proper secure coding practices driving standards within the software engineering organization
Collaborate with other BD resources to ensure effective design and implementation goals.
Lead technical design reviews and code inspections. Provide clear, actionable feedback for project team members
Assure adherence to BDDS development policies and software quality procedures
Software Design and Development.
BS degree in Computer Science, Computer Engineering, or other related engineering field is required
0-5 years of experience in software development, systems & architecture concepts and designs
0-3 years of work experience in product development
0-3 years of work experience with Real-Time Embedded Systems, Mobile (iOS, Android), Azure and / or AWS.
0-3 years work experience with C, C#/.NET development
Working experience using secure coding practices
Experience in product security is a plus
Proven organizational and project management skills with software development projects
Experience with full SDLC applications with C#.net and healthcare/hospital software applications
Must have combined experience with new product development, remediation, applications software development and cybersecurity design projects; not just scripting
Required Knowledge, Skills and Attributes:
Understanding of developing in a regulated environment and adhering to a quality management system
Excellent written and verbal communication and interpersonal skills are essential
Demonstrated positive work ethic with a strong commitment to achieving project goals
Knowledgeable with Security requirements and secure coding standards, e.g., NIST SP 800-53, ISO/IEC 27001, OWASP, SEI CERT, and MS Secure Coding Standards.
Knowledge of various networking and connectivity protocols, encryption, Mobile (iOS, Android), IoT, Mobile, Cloud technologies.
Knowledge of networking fundamentals
Experience with BLE (Bluetooth Low Energy)
Candidate for or certification in InfoSec Security are a plus, e.g., CISSP, HCISPP.
Work experience in network security strongly desired
Related cybersecurity tools experience: HPE Security Fortify On Demand, Checkmarx, Nessus, and Metasploit
Primary Work LocationUSA MA - Andover
Becton, Dickinson and Company is an Equal Opportunity/Affirmative Action Employer. We do not unlawfully discriminate on the basis of race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status