Principal SDET, Cybersecurity Test Engineer

Terumo BCT, Inc.•Denver, CO

4d•$144,000 - $180,000•Hybrid

About The Position

The Principal SDET – Cybersecurity Test Engineer is a senior technical leader in our medical device organization committed to improving patient outcomes through innovative, life-saving technology. This role is responsible for developing and driving the cybersecurity testing strategy across the Software Quality Engineering organization while enabling the broader organization to consistently implement and execute a unified cybersecurity testing approach. By establishing scalable practices and strong technical leadership, the Principal SDET ensures long-term organizational capability and maturity in cybersecurity testing. A core focus of this role is embedding cybersecurity as a continuous, front-loaded component of the software development lifecycle to enable early identification and prevention of vulnerabilities and potential security risks, while maintaining compliance with medical device regulatory requirements. The Principal SDET is responsible for evaluating, documenting, managing, and developing cybersecurity tests for TBCT software systems within the R&D organization. Effective collaboration is essential to success in this role, requiring strong partnerships with Software Architects, Software Development, Software Test, Systems Engineering, DevOps, Product Security, business leadership, and external consultants. This individual ensures comprehensive coverage of cybersecurity requirements that are translated into actionable, testable, and verifiable outcomes across teams, enabling consistent execution of cybersecurity test strategies.

Requirements

Bachelor’s degree in Computer Science, Engineering or, equivalent of education and experience sufficient to successfully perform the essential functions of the job may be considered.
Minimum 8 years experience in an SDET role; with at least 5 years experience in Cybersecurity Testing.
Strong foundation in computer science fundamentals, including design patterns, data structures, object-oriented programming (OOP), and software design principles.
Proficient in object-oriented and embedded software development using C#, C++, and Python.
Deep expertise in cybersecurity principles, frameworks, and secure software development practices, particularly for medical devices.
Skilled in identifying, assessing, and mitigating security vulnerabilities, including performing structured risk assessments.
Extensive experience designing and implementing automated test frameworks and scripting solutions.
Proficient in applying cybersecurity testing across all levels, including unit, integration, and system testing.
Experience in integrating automated testing and security practices into CI/CD pipelines (DevSecOps).
Hands-on experience with DAST and other security testing tools, methodologies, and techniques.
Holds relevant cybersecurity and product security certifications (e.g., CISSP, CSSLP, OSCP).
Familiar with modern development technologies, including Docker, REST APIs, JSON, and cloud platforms (Azure).
Skilled in source code management, version control, and collaborative development workflows (e.g., Git-based environments).
Proven ability to drive organizational change, align stakeholders, and lead adoption of engineering and security best practices.
Strong technical leadership and cross-functional communication skills, with the ability to influence architecture, development, and quality strategies.
Self-driven, adaptable, and committed to continuous learning, innovation, and process improvement.
An equivalent competency level acquired through a variation of these qualifications may be considered.

Responsibilities

Define a standardized cybersecurity testing strategy for the Software Quality Engineering organization that aligns with product architecture, regulatory requirements, and business goals.
Train and mentor engineers on cybersecurity testing practices, build training materials, and run knowledge transfer sessions so teams can execute independently.
Build cybersecurity test plans that meet medical device regulatory standards.
Run risk and vulnerability assessments on new and existing products and put security testing protocols in place to protect sensitive data.
Oversee the design and execution of automated test scripts and frameworks across all levels of the test pyramid and apply design patterns suited to security testing.
Lead dynamic application security testing (DAST) and advise the group on the feasibility, implementation, and maintenance of cybersecurity test automation.
Work with architecture teams to set cybersecurity testing standards and shape software architecture and development practices so vulnerabilities surface earlier.
Partner with development, cybersecurity, quality assurance, peer engineers, and architects to find vulnerabilities and embed security testing into the product lifecycle.
Coordinate with external partners and consultants on joint security testing.
Contribute to multiple codebases within Scrum teams, resolve environment and test automation issues, and review and approve code and test changes.
Lead discussions about which test level is right for a given piece of functionality, and engage at any test level when the work requires it.
Keep up with new cybersecurity threats, tools, and practices, and revise testing methods when needed.
Provide strategic leadership for the functional group and keep its direction aligned with company policies and business goals.
Work with regulatory and quality assurance peers to improve processes that meet industry standards and company-specific benchmarks.
Support inspection readiness with clear processes, documentation, and traceability.
Supervise Software Quality Engineering and testing activities across teams so best practices stay consistent organization wide.
Keep tests maintainable, reusable, and scalable so they integrate cleanly across projects.