BD (Becton, Dickinson and Company) Staff Product Security Engineer – Penetration Tester in Sparks, Maryland

Job Description Summary

Job Description

The Product Security Penetration Tester position will be a member of the Corporate Product Security Office at BD, working within the Red Team that carries out ethical hacking, penetration testing on BD products and solutions.


  • Architect and execute formal penetration testing of BD products and solutions that range from embedded devices to cloud-based solutions in collaboration with product development teams to find vulnerabilities, determine root cause and educate on security testing techniques with standardized reporting

  • Perform covert Red Team activities to test organizational readiness for product security incidents and events

  • Collaborate with Blue Team members to identify remediation steps and further improve future defensive measures for BD products and solutions

  • Build an ethical hacking environment and perform continuous security testing and research that can be used for external engagement

  • Educate product development teams on techniques used for security testing

  • Deploy, maintain, and troubleshoot security testing tools for security testing


  • A bachelor’s degree or certification in related field is required

  • A minimum of 2 to 5 years of experience in product security, with a focus in penetration testing

  • Experience in formal penetration testing, ethical hacking of embedded systems, web applications and complex networked systems

  • Demonstrated experience in software development in C, C++ or C#

  • Demonstrate knowledge of product security requirements and secure coding standards, e.g., NIST SP 800-53, ISO/IEC 27001, OWASP, SEI CERT, and MS Secure Coding Standards

  • Experience in reverse engineering, forensic analysis, exploit development, toolkit and exploit management, project management, risk and threat modeling, OS theory, network and application fuzzing, reconnaissance, packet and binary composition analysis, software programming

  • Ideal candidate will have Offensive Security Certified Professional (OSCP), Certified Information Systems Security Professional (CISSP) or Healthcare Certified Information Systems Security Professional (HCISSP) certification

  • Working knowledge of Windows Internals, Windows Application Programming Interfaces (API), MSFT Windows Registry, and related security models

Min Qualifications

  • BS degree in a technical discipline, Computer Science or equivalent.

  • Formal penetration testing

  • Strong technical background


Primary Work LocationUSA MD - Baltimore

Additional LocationsUSA NJ - Franklin Lakes

Work Shift

Becton, Dickinson and Company is an Equal Opportunity/Affirmative Action Employer. We do not unlawfully discriminate on the basis of race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status