BD (Becton, Dickinson and Company) Principal Security Engineer in San Diego, California
Job Description SummaryProduct Security Engineer
The Becton Dickinson [BU] business unit is seeking a Product Security Engineer to be part of a team responsible for implementing a product security framework supporting existing and future medical instrumentation and software. The right candidate is a positive, forward-looking person who must be self-directed requiring minimal daily direction, collaborates often and effectively with project team members, presents a positive and professional demeanor with customers, and excels at solving difficult problems.
The candidate will need to possess skills specifically related to implementation of security requirements and e.g., NIST SP 800-53, ISO/IEC 27001, OWASP, SEI CERT Standards. The candidate shall be able to evaluate product designs and provide solutions to remediate security vulnerabilities through product security risk assessments, vulnerability scans, and analysis. In addition to security solutions for new product development, the role requires remediating vulnerabilities with existing products which requires detailed attention to implementation and product risk.
The Product Security Engineer will participate in a full medical system development life cycle and adhere to a quality management system.
•Must to identify cybersecurity threats and perform analysis based on threat vectors and identified vulnerabilities and build solutions to reduce the risk level.
Must possess the skills to perform research independently, identify pertinent information for evaluation, and develop potential solutions and alternate courses of alternatives
Understanding of engineering principles for IT system development
Require broad knowledge of IT security principals that supports DevOps
Familiar with automated vulnerability scanning assessment tools and their operation to produce security artifacts
Must possess the skills to automate solutions using various scripting tools
Analyze system security architectures and make recommendations for security design and requirements that are compliant with applicable Security Technical Implementation Guides (STIGs) and other Federal and state standards.
Must have strong organizational skills and attention to detail, and possess exceptional ability to communicate effectively with peers, supervisors, managers, and customers within a team-oriented, collaborative environment.
Must be able to multi-task, work independently and as part of a team, share workloads, and deal with sudden shifts in project priorities.
Familiarity with the Software Development Life Cycle (SDLC) and injection of security principles/processes within various development environments to achieve software assurance
Knowledge of Active Directory, virtual environment and cloud computing
BS degree in Computer Science, Computer Engineering, Cyber Security, Information Technology, or other related engineering field is required
Minimum of 5 years of experience in cyber security, systems & architecture concepts and designs
Required Knowledge, Skills and Attributes:
Experience in system architecture understanding risk, mitigation and remediation
Knowledge of Windows Operating Systems and their environment
Knowledge of Active Directory framework
Highly desired understanding of virtualization and cloud technologies
Demonstrated understanding of developing in a regulated environment and adhering to a quality management system
Excellent written and verbal communication and interpersonal skills are essential
Demonstrated positive work ethic with a strong commitment to achieving project goals
Experience working in a regulated (FDA) environment with medical instrumentation is a plus
Certification in InfoSec Security are a plus, e.g., CISSP, CSSLP