BD (Becton, Dickinson and Company) BD Product Security Engineer – Penetration Tester in Boston, Massachusetts

Job Description SummaryBD is looking for a Product Security Penetration Tester/Engineer to join our team. This candidate will be responsible for ensuring the adoption of the corporate product security framework within our Digital Health (DH) business unit in order to improve the security of products and solutions sold to customers by design, in use and through partnership. This individual will work with a cross functional team to improve the design and development of our medical devices including but not limited to embedded devices, software and cloud infrastructure.

The role will include overarching product security activities within the business portfolio of products; such as product security risk assessments, remdation planning, awareness/training, incident response, strategic initiatives, 3rd party vendor and external engagements. In addition this individual will design and execute formal penetration testing of existing and future products in collaboration with our corporate product security engineering team.

Job Description

Responsibilities:

  • Perform design and implementation security reviews for all DH products and ensure adoption of product security framework and policies

  • Track and report adherence to product security requirements throughout software development lifecycle, pre and post commercialization

  • Propose and evaluate innovative new security features that could benefit our products

  • Develop technical solutions to address security weaknesses and collaborate with relevant stakeholders to effectively implement them in our products

  • Coordinate with Product Security Engineering Team to design and execute formal penetration testing of DH products and solutions including remediation planning and solution identification

  • Educate R&D on techniques used for security testing which include physical and administrative security assessments

  • Deploy, maintain and troubleshoot security testing tools as required

  • Assist with security incident response as needed

  • May perform other duties as identified

Education/Experience:

  • Expertise in conducting application security assessments covering threat modeling, design reviews, project management and in-depth implementation audits.

  • A minimum of 2 to 5 years of industry experience in security and development

  • Solid foundation in formal penetration testing, ethical hacking of embedded systems, web applications and complex networked system

  • Demonstrated proficiency in software development in C, C++ or C#

  • Demonstrate knowledge of product security requirements and secure coding standards, e.g., NIST SP 800-53, ISO/IEC 27001, OWASP, SEI CERT, and MS Secure Coding Standards

  • Ideal candidate will have BS or MS in Computer Science, Information Security or equivalent experience, Offensive Security Certified Expert (OSCE) or at least Offensive Security Certified Professional (OSCP), or Healthcare Certified Information Systems Security Professional (HCISSP) certification

Primary Work LocationUSA-MA-Boston (Digital Health)

Additional Locations

Work Shift

Becton, Dickinson and Company is an Equal Opportunity/Affirmative Action Employer. We do not unlawfully discriminate on the basis of race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status