Terumo Blood and Cell Technologies · 7 hours ago
Product Security Engineer II
Lakewood, CO
Full-time
Onsite
Mid, Senior Level
$136K/yr - $170K/yr
5+ years expTerumo Blood and Cell Technologies is a global leader in medical technology dedicated to saving lives through innovative products. The Product Security Engineer II role involves integrating cybersecurity throughout the product lifecycle, collaborating with cross-functional teams to ensure product safety and security, and driving secure-by-design practices.
Medical Device
Responsibilities
Define, maintain, and evolve objective, testable, technology-agnostic product security requirements, ensuring traceability to product security needs, risks, and regulatory expectations
Analyze complex technical issues, document findings, and partner with engineering and product teams to drive implementation of risk-based, secure-by-design solutions
Lead the development and ongoing maintenance of Product Security Plans, Threat Models, Product Security Reports, and related lifecycle deliverables, ensuring accuracy and alignment throughout the product lifecycle
Guide engineering teams in vulnerability identification and analysis, assess post-market risk, and lead post-market activities, including threat intelligence integration, vulnerability management, coordinated disclosure, patch planning, and product incident response
Lead assessment of third-party components and suppliers, oversee SBOM creation and maintenance, monitor component lifecycle risk, and proactively identify vulnerabilities or end-of-support concerns
Lead contributions to customer-facing and regulatory documentation, including labeling content and cybersecurity documentation for submissions, clearly communicating complex technical findings verbally and in writing
Drive updates and continuous improvement of product security procedures, work instructions, and technical guidance documents, ensuring alignment with evolving regulatory and industry standards
Provide technical leadership and mentorship to engineering teams, and collaborate closely with R&D architects, Quality, Safety, and Regulatory partners to ensure a cohesive and consistent security posture across the product portfolio
Develop, maintain, and enhance the product security test lab environment
Actively participate in and influence regulatory, safety, and design reviews
Conduct penetration testing directly or manage and oversee third-party penetration testing vendors, including scoping, execution, and review of findings
Play a key role in product incident response activities
Represent Product Security in customer, auditor, and regulatory discussions as a subject matter expert
Qualification
Required
Bachelor's degree in computer science or equivalent education and experience sufficient to perform the essential functions of the job
Minimum 5+ years of relevant experience
Demonstrated experience conducting product and/or cybersecurity practices in a regulated industry or environment
Strong working knowledge of global standards and frameworks (ISO 81001-5-1, AAMI TIR57/TIR97, NIST CSF, FDA pre-/post-market guidance)
Professional cybersecurity certification (e.g., CISSP, CEH, or similar) strongly preferred
Define, maintain, and evolve objective, testable, technology-agnostic product security requirements, ensuring traceability to product security needs, risks, and regulatory expectations
Analyze complex technical issues, document findings, and partner with engineering and product teams to drive implementation of risk-based, secure-by-design solutions
Lead the development and ongoing maintenance of Product Security Plans, Threat Models, Product Security Reports, and related lifecycle deliverables, ensuring accuracy and alignment throughout the product lifecycle
Guide engineering teams in vulnerability identification and analysis, assess post-market risk, and lead post-market activities, including threat intelligence integration, vulnerability management, coordinated disclosure, patch planning, and product incident response
Lead assessment of third-party components and suppliers, oversee SBOM creation and maintenance, monitor component lifecycle risk, and proactively identify vulnerabilities or end-of-support concerns
Lead contributions to customer-facing and regulatory documentation, including labeling content and cybersecurity documentation for submissions, clearly communicating complex technical findings verbally and in writing
Drive updates and continuous improvement of product security procedures, work instructions, and technical guidance documents, ensuring alignment with evolving regulatory and industry standards
Provide technical leadership and mentorship to engineering teams, and collaborate closely with R&D architects, Quality, Safety, and Regulatory partners to ensure a cohesive and consistent security posture across the product portfolio
Develop, maintain, and enhance the product security test lab environment
Actively participate in and influence regulatory, safety, and design reviews
Conduct penetration testing directly or manage and oversee third-party penetration testing vendors, including scoping, execution, and review of findings
Play a key role in product incident response activities
Represent Product Security in customer, auditor, and regulatory discussions as a subject matter expert
Preferred
Experience with PKI and certificate management for medical devices, including provisioning, rotation, secure storage, and certificate-based authentication
Familiarity with Azure Cloud Services, including identity and access management, secure architecture patterns, and application/service hardening in cloud-hosted environments
Hands-on experience supporting or maintaining a Product Security Lab environment
Practical experience with embedded device security, secure boot, cryptographic services, firmware integrity, or hardware security features
Understanding of medical device cybersecurity standards such as FDA Premarket Guidance, post market expectations, IMDRF, AAMI TIR57/TIR97, ISO/IEC 81001-5-1, and SBOM-related standards (SPDX, CycloneDX)
Familiarity with DevOps or DevSecOps pipelines, including CI/CD security tooling and automation
Experience developing or maintaining secure communication protocols (TLS, mutual authentication, key exchange mechanisms)
Experience using risk analysis and mitigation methodologies
Quality and continuous improvement mindset
Demonstrated ability to communicate effectively both verbally and in writing
Benefits
Multiple group medical, dental and vision plans
Robust wellness program
Life insurance and disability coverages
Variety of voluntary programs such as group accident, hospital indemnity, critical illness, pet insurance
401(k) plan with a matching contribution
Vacation and sick time programs for associates
Company
Terumo Blood and Cell Technologies
Headquartered in Lakewood, Colorado, Terumo Blood and Cell Technologies is a global leader in blood component, therapeutic apheresis and cellular technologies serving customers in more than 150 countries.
5001-10000 employees
H1B Sponsorship
Terumo Blood and Cell Technologies has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (14)
2024 (7)
2023 (8)
2022 (8)
2021 (8)
2020 (7)
Funding
Current Stage
Late StageLeadership Team
Antoinette Gawin
President & Chief Executive Officer at Terumo Blood and Cell Technologies
Rusty Spinney
Chief Financial Officer
Recent News
2024-04-09
biopharma-reporter.com
2023-12-22
Medical Device Network
2023-12-22
Company data provided by crunchbase