Product Security Engineer jobs in United States
cer-icon
Apply on Employer Site
company-logo

Terumo Blood and Cell Technologies ยท 20 hours ago

Product Security Engineer

positionLakewood, CO
timeFull-time
remoteOnsite
seniorityMid Level
money$106K/yr - $132K/yr
date3+ years exp

Terumo Blood and Cell Technologies is a company that designs and builds medical technology to help save lives. The Product Security Engineer will integrate cybersecurity throughout the product lifecycle, partnering with various stakeholders to ensure product safety and compliance with security procedures.

Medical Device
check
H1B Sponsor Likelynote

Responsibilities

Define and maintain objective, testable, technology-agnostic product security requirements, ensuring traceability to product security needs, risks, and regulatory expectations
Analyze technical issues, document findings, and collaborate with engineering and product teams to support implementation of risk-based, secure-by-design solutions
Support the development and maintenance of Product Security Plans, Threat Models, Product Security Reports, and related lifecycle deliverables, ensuring they remain accurate and updated throughout the product lifecycle
Assist engineering teams with vulnerability identification and analysis, support post-market risk assessment, and contribute to post-market activities, including vulnerability management, threat intelligence intake, and patch planning
Assess third-party components and suppliers, support SBOM creation and maintenance, monitor component lifecycle risk, and help identify vulnerabilities or end-of-support concerns
Contribute to customer-facing and regulatory documentation, including labeling content and cybersecurity documentation for submissions, and communicate technical findings verbally and in writing
Maintain and support updates to product security procedures, work instructions, and technical guidance documents, contributing to continuous improvement and alignment with evolving standards
Provide technical input and guidance to engineering teams, and collaborate with R&D, Quality, Safety, and Regulatory partners to support a cohesive product security posture
Support development and maintenance of the product security test lab environment
Participate in regulatory, safety, and design reviews
May conduct penetration testing activities under guidance or support third-party penetration testing efforts
May participate in product incident response activities
May support Product Security representation in customer, auditor, or regulatory discussions

Qualification

Product Security LifecycleCybersecurity StandardsRisk ManagementPKICertificate ManagementEmbedded Device SecurityAzure Cloud ServicesSecure Communication ProtocolsDevSecOps PipelinesQuality MindsetContinuous ImprovementVulnerability ManagementTechnical DocumentationCommunication SkillsCollaborationProblem Solving

Required

Bachelor's degree in computer science or equivalent of education and experience sufficient to successfully perform the essential functions of the job
Minimum 3 years of relevant experience
Experience supporting product and/or cybersecurity practices in a regulated industry or environment
Define and maintain objective, testable, technology-agnostic product security requirements, ensuring traceability to product security needs, risks, and regulatory expectations
Analyze technical issues, document findings, and collaborate with engineering and product teams to support implementation of risk-based, secure-by-design solutions
Support the development and maintenance of Product Security Plans, Threat Models, Product Security Reports, and related lifecycle deliverables, ensuring they remain accurate and updated throughout the product lifecycle
Assist engineering teams with vulnerability identification and analysis, support post-market risk assessment, and contribute to post-market activities, including vulnerability management, threat intelligence intake, and patch planning
Assess third-party components and suppliers, support SBOM creation and maintenance, monitor component lifecycle risk, and help identify vulnerabilities or end-of-support concerns
Contribute to customer-facing and regulatory documentation, including labeling content and cybersecurity documentation for submissions, and communicate technical findings verbally and in writing
Maintain and support updates to product security procedures, work instructions, and technical guidance documents, contributing to continuous improvement and alignment with evolving standards
Provide technical input and guidance to engineering teams, and collaborate with R&D, Quality, Safety, and Regulatory partners to support a cohesive product security posture
Support development and maintenance of the product security test lab environment
Participate in regulatory, safety, and design reviews
May conduct penetration testing activities under guidance or support third-party penetration testing efforts
May participate in product incident response activities
May support Product Security representation in customer, auditor, or regulatory discussions

Preferred

Experience with PKI and certificate management for medical devices, including provisioning, rotation, secure storage, and certificate-based authentication
Familiarity with Azure Cloud Services, including identity and access management, secure architecture patterns, and application/service hardening in cloud-hosted environments
Hands-on experience supporting or maintaining a Product Security Lab environment
Practical experience with embedded device security, secure boot, cryptographic services, firmware integrity, or hardware security features
Understanding of medical device cybersecurity standards such as FDA Premarket Guidance, post market expectations, IMDRF, AAMI TIR57/TIR97, ISO/IEC 81001-5-1, and SBOM-related standards (SPDX, CycloneDX)
Familiarity with DevOps or DevSecOps pipelines, including CI/CD security tooling and automation
Experience developing or maintaining secure communication protocols (TLS, mutual authentication, key exchange mechanisms)
Experience using risk analysis and mitigation methodologies
Quality and continuous improvement mindset
Demonstrated ability to communicate effectively both verbally and in writing

Benefits

Multiple group medical, dental and vision plans
Robust wellness program
Life insurance and disability coverages
Variety of voluntary programs such as group accident, hospital indemnity, critical illness, pet insurance
401(k) plan with a matching contribution
Vacation and sick time programs for associates

Company

Terumo Blood and Cell Technologies

twitter
Glassdoor3.4
company-logo
Headquartered in Lakewood, Colorado, Terumo Blood and Cell Technologies is a global leader in blood component, therapeutic apheresis and cellular technologies serving customers in more than 150 countries.
dateFounded in 1964
location
Lakewood, Colorado, US
people-size5001-10000 employees
web-link
http://www.terumobct.com

H1B Sponsorship

Terumo Blood and Cell Technologies has a track record of offering H1B sponsorships. Please note that this does not guarantee sponsorship for this specific role. Below presents additional info for your reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (14)
2024 (7)
2023 (8)
2022 (8)
2021 (8)
2020 (7)

Funding

Current Stage
Late Stage

Leadership Team

leader-logo
Antoinette Gawin
President & Chief Executive Officer at Terumo Blood and Cell Technologies
linkedin
leader-logo
Rusty Spinney
Chief Financial Officer
linkedin

Recent News

The Denver Post
EPA tells Terumo plant in Lakewood to slash emissions of cancer-causing gas by 2026
2024-04-09
biopharma-reporter.com
All news articles for October 2023
2023-12-22
Medical Device Network
FDA clears Terumo BCT's platelet processing device
2023-12-22
Company data provided by crunchbase