Product Security Engineer II

About The Position

Requirements

• Bachelor’s degree in computer science or equivalent education and experience sufficient to perform the essential functions of the job.
• Minimum 5+ years of relevant experience.
• Demonstrated experience conducting product and/or cybersecurity practices in a regulated industry or environment.
• Strong working knowledge of global standards and frameworks (ISO 81001-5-1, AAMI TIR57/TIR97, NIST CSF, FDA pre-/post-market guidance).
• Professional cybersecurity certification (e.g., CISSP, CEH, or similar) strongly preferred.
• Experience using risk analysis and mitigation methodologies.
• Quality and continuous improvement mindset.
• Demonstrated ability to communicate effectively both verbally and in writing.

Nice To Haves

• Experience with PKI and certificate management for medical devices, including provisioning, rotation, secure storage, and certificate-based authentication.
• Familiarity with Azure Cloud Services, including identity and access management, secure architecture patterns, and application/service hardening in cloud-hosted environments.
• Hands-on experience supporting or maintaining a Product Security Lab environment.
• Practical experience with embedded device security, secure boot, cryptographic services, firmware integrity, or hardware security features.
• Understanding of medical device cybersecurity standards such as FDA Premarket Guidance, post market expectations, IMDRF, AAMI TIR57/TIR97, ISO/IEC 81001-5-1, and SBOM-related standards (SPDX, CycloneDX).
• Familiarity with DevOps or DevSecOps pipelines, including CI/CD security tooling and automation.
• Experience developing or maintaining secure communication protocols (TLS, mutual authentication, key exchange mechanisms).

Responsibilities

• Define, maintain, and evolve objective, testable, technology-agnostic product security requirements, ensuring traceability to product security needs, risks, and regulatory expectations.
• Analyze complex technical issues, document findings, and partner with engineering and product teams to drive implementation of risk-based, secure-by-design solutions.
• Lead the development and ongoing maintenance of Product Security Plans, Threat Models, Product Security Reports, and related lifecycle deliverables, ensuring accuracy and alignment throughout the product lifecycle.
• Guide engineering teams in vulnerability identification and analysis, assess post-market risk, and lead post-market activities, including threat intelligence integration, vulnerability management, coordinated disclosure, patch planning, and product incident response.
• Lead assessment of third-party components and suppliers, oversee SBOM creation and maintenance, monitor component lifecycle risk, and proactively identify vulnerabilities or end-of-support concerns.
• Lead contributions to customer-facing and regulatory documentation, including labeling content and cybersecurity documentation for submissions, clearly communicating complex technical findings verbally and in writing.
• Drive updates and continuous improvement of product security procedures, work instructions, and technical guidance documents, ensuring alignment with evolving regulatory and industry standards.
• Provide technical leadership and mentorship to engineering teams, and collaborate closely with R&D architects, Quality, Safety, and Regulatory partners to ensure a cohesive and consistent security posture across the product portfolio.
• Develop, maintain, and enhance the product security test lab environment.
• Actively participate in and influence regulatory, safety, and design reviews.
• Conduct penetration testing directly or manage and oversee third-party penetration testing vendors, including scoping, execution, and review of findings.
• Play a key role in product incident response activities.
• Represent Product Security in customer, auditor, and regulatory discussions as a subject matter expert.

Benefits

• At Terumo Blood and Cell Technologies, we provide competitive total reward offerings that consist of compensation, benefits, recognition, along with a wealth of other well-being, work-life and recognition programs which support in unlocking the potential for you and your family.
• Included in our expansive list of benefits offerings are multiple group medical, dental and vision plans, a robust wellness program, life insurance and disability coverages, also a variety of voluntary programs such as group accident, hospital indemnity, critical illness, pet insurance and much more.
• To help you save for retirement, we offer a 401(k) plan with a matching contribution and for work-life balance we have vacation and sick time programs for associates.
• For us, it’s about protecting the personal welfare of our associates and their families, helping to achieve personal goals and offering those extra touches for convenience, security and overall peace of mind.