Apply on Employer Site

Terumo · 19 hours ago

Product Security Engineer

Lakewood, CO

Full-time

Onsite

Mid Level

$106K/yr - $132K/yr

3+ years exp

Terumo Blood and Cell Technologies is a leader in medical technology that helps save lives. The Product Security Engineer will partner with cross-functional teams to define and implement cybersecurity activities, ensuring product security throughout the product lifecycle.

Health CareManufacturingMedicalMedical DeviceTraining

Responsibilities

Define and maintain objective, testable, technology-agnostic product security requirements, ensuring traceability to product security needs, risks, and regulatory expectations

Analyze technical issues, document findings, and collaborate with engineering and product teams to support implementation of risk-based, secure-by-design solutions

Support the development and maintenance of Product Security Plans, Threat Models, Product Security Reports, and related lifecycle deliverables, ensuring they remain accurate and updated throughout the product lifecycle

Assist engineering teams with vulnerability identification and analysis, support post-market risk assessment, and contribute to post-market activities, including vulnerability management, threat intelligence intake, and patch planning

Assess third-party components and suppliers, support SBOM creation and maintenance, monitor component lifecycle risk, and help identify vulnerabilities or end-of-support concerns

Contribute to customer-facing and regulatory documentation, including labeling content and cybersecurity documentation for submissions, and communicate technical findings verbally and in writing

Maintain and support updates to product security procedures, work instructions, and technical guidance documents, contributing to continuous improvement and alignment with evolving standards

Provide technical input and guidance to engineering teams, and collaborate with R&D, Quality, Safety, and Regulatory partners to support a cohesive product security posture

Support development and maintenance of the product security test lab environment

Participate in regulatory, safety, and design reviews

May conduct penetration testing activities under guidance or support third-party penetration testing efforts

May participate in product incident response activities

May support Product Security representation in customer, auditor, or regulatory discussions

Qualification

Product Security LifecycleCybersecurity StandardsRisk Analysis MethodologiesPKICertificate ManagementEmbedded Device SecurityAzure Cloud ServicesSecure Communication ProtocolsProfessional Cybersecurity CertificationQuality MindsetContinuous ImprovementTechnical DocumentationCommunication Skills

Required

Bachelor's degree in computer science or, equivalent of education and experience sufficient to successfully perform the essential functions of the job

Minimum 3 years of relevant experience

Experience supporting product and/or cybersecurity practices in a regulated industry or environment

Preferred

Experience with PKI and certificate management for medical devices, including provisioning, rotation, secure storage, and certificate-based authentication

Familiarity with Azure Cloud Services, including identity and access management, secure architecture patterns, and application/service hardening in cloud-hosted environments

Hands-on experience supporting or maintaining a Product Security Lab environment

Practical experience with embedded device security, secure boot, cryptographic services, firmware integrity, or hardware security features

Understanding of medical device cybersecurity standards such as FDA Premarket Guidance, post market expectations, IMDRF, AAMI TIR57/TIR97, ISO/IEC 81001-5-1, and SBOM-related standards (SPDX, CycloneDX)

Familiarity with DevOps or DevSecOps pipelines, including CI/CD security tooling and automation

Experience developing or maintaining secure communication protocols (TLS, mutual authentication, key exchange mechanisms)

Experience using risk analysis and mitigation methodologies

Quality and continuous improvement mindset

Demonstrated ability to communicate effectively both verbally and in writing