BD (Becton, Dickinson and Company) BD Product Security Engineer – Penetration Tester in Boston, Massachusetts
Job Description SummaryBD is looking for a Product Security Penetration Tester/Engineer to join our team. This candidate will be responsible for ensuring the adoption of the corporate product security framework within our Digital Health (DH) business unit in order to improve the security of products and solutions sold to customers by design, in use and through partnership. This individual will work with a cross functional team to improve the design and development of our medical devices including but not limited to embedded devices, software and cloud infrastructure.
The role will include overarching product security activities within the business portfolio of products; such as product security risk assessments, remdation planning, awareness/training, incident response, strategic initiatives, 3rd party vendor and external engagements. In addition this individual will design and execute formal penetration testing of existing and future products in collaboration with our corporate product security engineering team.
Perform design and implementation security reviews for all DH products and ensure adoption of product security framework and policies
Track and report adherence to product security requirements throughout software development lifecycle, pre and post commercialization
Propose and evaluate innovative new security features that could benefit our products
Develop technical solutions to address security weaknesses and collaborate with relevant stakeholders to effectively implement them in our products
Coordinate with Product Security Engineering Team to design and execute formal penetration testing of DH products and solutions including remediation planning and solution identification
Educate R&D on techniques used for security testing which include physical and administrative security assessments
Deploy, maintain and troubleshoot security testing tools as required
Assist with security incident response as needed
May perform other duties as identified
Expertise in conducting application security assessments covering threat modeling, design reviews, project management and in-depth implementation audits.
A minimum of 2 to 5 years of industry experience in security and development
Solid foundation in formal penetration testing, ethical hacking of embedded systems, web applications and complex networked system
Demonstrated proficiency in software development in C, C++ or C#
Demonstrate knowledge of product security requirements and secure coding standards, e.g., NIST SP 800-53, ISO/IEC 27001, OWASP, SEI CERT, and MS Secure Coding Standards
Ideal candidate will have BS or MS in Computer Science, Information Security or equivalent experience, Offensive Security Certified Expert (OSCE) or at least Offensive Security Certified Professional (OSCP), or Healthcare Certified Information Systems Security Professional (HCISSP) certification
Primary Work LocationUSA-MA-Boston (Digital Health)
Becton, Dickinson and Company is an Equal Opportunity/Affirmative Action Employer. We do not unlawfully discriminate on the basis of race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status