Staff Product Security Engineer/Cybersecurity

• Lead and cultivate a top-performing Product Security team that backs various products within the business unit.
• Boost team efficiency to minimize security risk and strengthen product resilience within the portfolio, while ensuring alignment with BD’s cybersecurity strategy and regulatory standards.
• Nurture a culture of answerability, ingenuity, and continual advancement to drive tangible outcomes.
• Foster risk reduction and elevate security measures within the product portfolio by incorporating secure-by-design principles, threat modeling, and proactive vulnerability management.
• Collaborate with R&D, Quality, Regulatory, and IT teams across functions to embed security throughout the product lifecycle—from inception to post-market.
• Translate cybersecurity strategy into practical plans, aligning team efforts with BD’s enterprise security objectives, regulatory demands, and customer expectations.
• Track and report security status, using measurements and benchmarks to showcase progress, identify weaknesses, and inform decision-making.
• Instruct engineering teams on comprehending security requirements and identifying practical solutions for incorporating them into new and existing products.
• Deploy software security solutions and plan/develop products following recognized industry norms for medical device security, encompassing encryption, disaster recovery, authentication, audit logging, hardening measures, patch management, and vulnerability monitoring.
• Conduct product security risk evaluations, hazard assessments, and offer guidance on vulnerability remediation to software engineers in product development, both on-site and off-site.
• Assist in the Product Security Documentation process, including: Offering standardised Product Security documentation, Employing document management systems (SAP, DocuSign, SharePoint), Coordinate and assist in the document review and approval process and Ensure that all tasks are completed promptly and meet the necessary quality standards
• Facilitate technical design appraisals and code examinations. Supply clear, actionable recommendations to project team members.
• Support product development teams in the creation of Incident and Vulnerability Management Plans and Product Security White Papers.
• Contribute to teams handling product security incidents.
• Collaborate with other technical departments like the Penetration Testing Team, Systems, Hardware Engineering, Quality, and technical services.
• Ensure compliance with BD development policies and software quality procedures.

• BS degree in Computer Science, Computer Engineering, Electrical Engineering, or other related engineering fields or equivalent work experience required
• Minimum of 5 years of experience in IT-Security architecture, secure software development, systems & architecture concepts, and designs.

• Experience leading and managing a team.
• Working experience with various encryption algorithms and PKI solutions.
• Understanding of security issues and solutions for embedded devices.
• Experience with Dynamic and static code analysis tools.
• Proficient knowledge of networking and associated security elements and prevalent threats.
• Demonstrated understanding of developing in a regulated environment and adhering to a quality management system.
• Excellent written and verbal communication and interpersonal skills are essential.
• Demonstrated positive work ethic with a strong commitment to achieving project goals.
• Proficient knowledge of Microsoft Office applications and tools.

Cybersecurity Governance Lead (E2026044)