The Product Security Engineer will be a member of BD Product Security within the Medication Management Solutions (MMS) business, collaborating with the Corporate Product Security to execute on penetration testing, ethical hacking, security assessment of MMS products and solutions as part of and after deployment in customer environments as a service offering to customers. This position will report to the MMS Product Security Officer (PSO).
- Coordinate with Corporate Product Security’s Red Team to design and execute formal penetration testing of MMS products and solutions that range from embedded devices to cloud-based solutions during deployment or implementation at customer sites
- Collaborate with MMS PSO, Global Customer Support, and Sales teams to facilitate collaborative security activities with BD customers and external partners
- Collaborate with product development teams to find vulnerabilities, determine root cause and educate on security testing techniques with standardized reporting
- Perform internal and external covert Red Team activities to test organizational readiness for product security incidents and events
- Coordinate with Corporate Product Security’s Blue Team to identify remediation steps and further improve future defensive measures for BD products
- Contribute to development of BD’s penetration testing environment and perform continuous security testing and research that can be used for external engagement
- Educate MMS R&D on techniques used for security testing which include physical and administrative security assessments
- Deploy, maintain, and troubleshoot security testing tools for security testing
- The product security incident responder will work with product teams and functional groups on determining objectives, scope, analysis, actions, and timeline for responding to security incidents with BD products at customer sites and with security researchers.
- The product security incident responder will facilitate remotely or emergency on-site technical analysis in addition to focusing the product team on short-term and long-term response and remediation.
Education and Experience
- BS degree in a technical discipline, Computer Science or equivalent.
- 2+ years of related experience
- Experience in formal penetration testing, red team, ethical hacking of embedded systems, web applications and complex networked systems
- Experience in reverse engineering, forensic analysis, exploit development, toolkit and exploit management, project management, risk and threat modeling, OS theory, network and application fuzzing, reconnaissance, packet and binary composition analysis, software programming
- Excellent working knowledge of Windows Internals, Windows Application Programming Interfaces (API), MSFT Windows Registry, and related security models.
- Excellent working knowledge of database architectures (e.g.,Postgres, MSDBA, MS SQL Server, etc.)
- Knowledge of healthcare industry, medical devices, IoT, and embedded systems strongly desired
- Certification: CPTC, CPTE, GPEN, CEPT
- Excellent oral and written communications, interpersonal, and problem solving skills
- Proficiency with MS office tools (Word, Excel, Outlook)