Job Description
Security is the key component across all products we develop, and we must continually ensure the
security mindset culture and philosophy is integrated into all security practices within our development
processes. Ensuring security and privacy for our customers, clients and their patients is a key mantra in
all our work. We achieve this by making everyone accountable for security and strive to continually
enhance and improve our Security mindset culture. We require and encourage collaboration and
candour between teams and management, and the right candidate should be a positive, forward-
looking individual. They must be self-directed requiring minimal daily direction, collaborates often and
effectively with project team members, presents a positive and professional demeanour with
customers, and excels at solving difficult problems.
The Product Security Engineer defines and embeds secure-by-design practices across the SDLC, including
security requirements, risk assessments, SBOM and OSS supply chain governance, vulnerability
management, and security architecture reviews. The role partners closely with R&D, Quality, and global
security teams, providing technical leadership in secure coding, threat modeling, and remediation
strategies, while supporting compliance within a regulated QMS environment.
This role provides the scope to lead and enhance security for our next generation of products, while
ensuring the current products are kept secure, to deal with the constant changes in the threat
landscape. Day to day primary responsibilities include leadership in enhancing security tools and
processes, relationship management, providing guidance to the team to deliver quality and secure
application and our clients. Relationship building, influencing change, and creating synergies are key.
These requirements can be achieved by leveraging and creating alignment with the extended team
within BD, suppliers/partners and with the larger BD organization of resources and experts.
The candidate will need to possess software development skills specifically related to implementation of
security requirements and secure coding standards, e.g., NIST SP 800-53, OWASP, and MS Secure Coding
Standards. The candidate shall be able to evaluate product designs and provide solutions to remediate
security vulnerabilities through product security risk assessments, vulnerability scans, and static and
dynamic code analysis tools. In addition to defining security requirement for new product development,
the role requires supporting teams in the remediating vulnerabilities with existing products.
The Product Security Engineer will participate in a full medical software development life cycle and
adhere to a well-defined quality management system and Product Security Development Framework.
Candidates will gain exposure to modern challenges including connected devices, cloud-integrated
systems, and automated security tooling, with clear progression toward senior technical leadership. We
offer a collaborative, well-resourced environment, access to global expertise, and strong investment in
training, certification, and career development.
Responsibilities:
Educate engineering teams to understand security requirements and find practical solutions
on how to implement into new and existing products
Implement software security solutions and architect/design products in accordance with
industry accepted standards for medical device security including encryption, disaster
recovery, authentication, audit logging, hardening measures, patch management, and
vulnerability monitoring.
Lead product security risk assessments, hazard analysis, and provide vulnerability
remediation guidance and mentoring to product development software engineers both on
and off-site.
Support in the development of Product Security Documentation including:
Providing standardized Product Security documentation
Using document management platforms (SAP, DocuSign, SharePoint)
Organize and support the document review and approval process
Ensure that deliverables are delivered punctually and to the required level of
quality
Lead technical design reviews and code inspections. Provide clear, actionable feedback for
project team members
Assist product development teams in creating Incident and Vulnerability Management Plans
and Product Security White Papers
Participate on product security incident response teams.
Interface with other technical departments such as Penetration Testing Team, Systems,
Hardware Engineering, Quality, and technical services
Assure adherence to BD development policies and software quality procedures
Qualifications:
BS degree in Computer Science, Computer Engineering, Electrical Engineering, other related
engineering field or equivalent work experience required
Minimum of 3 years of experience in IT-Security architecture, secure software development,
systems & architecture concepts, and designs
Required Knowledge, Skills, and Attributes:
Working experience with various encryption algorithms and PKI solutions
Understanding of security issues and solutions for embedded devices
Experience with Dynamic and static code analysis tools
Solid understanding of networking and related security aspects and common attacks
Demonstrated understanding of developing in a regulated environment and adhering to a
quality management system
Excellent written and verbal communication and interpersonal skills are essential
Demonstrated positive work ethic with a strong commitment to achieving project goals
Solid understanding of Microsoft Office products and tools
Nice-to-Haves:
Experience with embedded devices and IOT especially in the IT-Security domain
Experience with Security tools and distributions (BurpSuite, Nessus, NMAP, …)
Understanding of Wi-Fi security
Knowledge of Completing a track Trace and plan using a Security Requirements Traceability
Matrix (SRTM) or similar tool with the goal of tracking
Security Requirements
Source of Requirement
Requirement Objective
Verification Method
Experience working in a regulated (FDA, MDR) environment with medical instrumentation is
a plus
Work experience in network security along networking fundamentals (IP protocol, firewalls
etc.) strongly desired
Recognized Security certifications (CISSP, CEH, CSSLP etc.)