Product Security Architect, Life Sciences

BD (Becton, Dickinson and Company)•Sparks, MD

62d•Remote

About The Position

The Product Security Architect will be technical leader responsible for work across various disciplines to shape the future of how the Life Sciences business unit embeds security by design across our products and operations to strengthen customer trust and accelerate innovation. We are the makers of possible BD is one of the largest global medical technology companies in the world. Advancing the world of health is our Purpose, and it's no small feat. It takes the imagination and passion of all of us-from design and engineering to the manufacturing and marketing of our billions of MedTech products per year-to look at the impossible and find transformative solutions that turn dreams into possibilities. We believe that the human element, across our global teams, is what allows us to continually evolve. Join us and discover an environment in which you'll be supported to learn, grow and become your best self. Become a maker of possible with us.

Requirements

Bachelor's degree in computer science, computer engineering, or applicable technical discipline
Minimum of 6 years in cybersecurity, product security, or security risk management
Experience implementing and demonstrating compliance to security frameworks such as NIST 800-53, IEC 81001-5, HITRUST, HIPAA, GDPR, ISO 27001, SOC 2 Type 2
Experience implementing and optimizing security analysis and testing tools (SCA, SAST, DAST, fuzzing) in a DevSecOps pipeline
Confirmed competence in threat modeling software systems or software enabled products using industry standard methods (STRIDE, PASTA, OWASP)
Experience analyzing security vulnerability scanning results and resolving priority of patching activities
Experience assessing security risks using industry standard methods (penetration test results, threat modeling, security testing) and resolving residual risk after applying compensating security controls

Nice To Haves

Managerial or team leader experience
Experience implementing security design, development, validation, and compliance in a regulated environment
Experience working with teams in a structured software development lifecycle process, preferably an agile methodology
Demonstrated technical acumen and ability to effectively convey technical information to all levels and disciplines within an organization, from engineers to senior leadership to enable fact-based decision-making

Responsibilities

Ensure business unit execution of product security procedures and standards.
Working with R&D teams, create representative system threat models and security risk assessments.
Establish and validate appropriate product security requirements, system hardening standards, and controls for mitigation of security risks.
Oversee integration of security testing tools into product development DevSecOps pipelines.
Ensure all security documentation is delivered per BD Product Security procedures and applicable regulatory requirements.
Lead, motivate, and run a small team of Product Security Managers and Engineers.
Work with teams to ensure projects are meeting objectives and deadlines defined for the Life Sciences product roadmaps.
Lead reoccurring coordination meetings and internal communications.
Provide architecture and design guidance for a secure by design software development lifecycle.
Engage with external BD customers regarding cybersecurity issues, sales proposals, and audits.
Leverage innovative product security processes & technologies in partnership with other cross functional teams to drive continuous improvement.
Although this position can be 100% remote, the role will be most successful in supporting business partners from the Eastern or Central US time zones (i.e., EST or CST).
May perform other duties as required.