Product Security Engineer
JOB SUMMARY
Terumo Blood and Cell Technologies designs, engineers, and builds medical technology that helps save lives. Terumo believes in integrating security into all aspects of our product development lifecycle. The Product Security Engineer partners with the software development team to refine, implement, and support strategies designed to ensure the delivery of secure software and related systems.
ESSENTIAL DUTIES
- Consults on the design and implementation of cybersecurity capabilities for Terumo Blood and Cell Technologies products, the prioritization and application of cybersecurity requirements for those products, and the design and implementation of mitigation of cybersecurity defects and risks.
- Works with the Research & Development product teams to address gaps in the design of common cybersecurity controls, develops and maintains the product security test lab environment, works with product security architects to set baseline cybersecurity requirements, prototypes cybersecurity solutions, and does research and education to keep current on cybersecurity topics.
- Facilitates cybersecurity risk management activities, such as performing technical assessments of cybersecurity risk, and periodic assessment of an accepted or deferred risk.
- Works with the Research & Development product teams and the product security architects to understand the technical implementation of a cybersecurity framework for Terumo Blood and Cell Technologies products.
- Provides operational oversight of product security program requirements.
- In collaboration with product security analysts, maintains product security secure-by-design lifecycle procedures, work instruction, and technical guidance documents.
OTHER DUTIES AND RESPONSIBILITIES
- Supports vendor management as needed.
- Participates in regulatory and safety reviews.
- May perform product penetration testing activities.
- May perform product security incident response activities.
- May perform product security vulnerability management activities.
- May be required to travel to other company locations on occasion.
MINIMUM QUALIFICATION REQUIREMENTS
Education
Bachelor’s degree in Computer Science or, equivalent of education and experience sufficient to successfully perform the essential functions of the job may be considered.
Experience
Minimum 5 years experience
- Experience conducting product and/or cyber security practices in a regulated industry or environment; knowledge of global standards and frameworks (ISO, NIST, FDA, ITIL, EUMDR, etc.) strongly preferred.
- Professional certification in cyber security practices (CISSP, CEH, or similar) preferred.
Skills
- Working knowledge of modern software development practices, including Scrum Agile and shift-left methodologies
- Experience using risk analysis and mitigation methodologies.
- Quality and continuous improvement mindset.
- Demonstrated ability to communicate effectively both verbally and in writing.
-Or-
An equivalent competency level acquired through a variation of these qualifications may be considered.
PHYSICAL REQUIREMENTS
Typical Office Environment requirements include: reading, speaking, hearing, close vision, walking, bending, sitting, and occasional lifting up to 20 pounds.
The physical demands described here are representative of those that must be met by an associate to successfully perform the essential duties of this job. Reasonable accommodations may be made to enable individuals with disabilities to perform the essential duties.
