TERUMO BCT, INC
Product Security Engineer
Date:
Jan 9, 2026
Location:
Lakewood, CO, US
Requisition ID:
34544
Terumo Blood and Cell Technologies (TBCT) designs, engineers, and builds medical technology that helps save lives. TBCT integrates cybersecurity throughout the total product lifecycle to ensure our products are safe, secure, and effective.
The Product Security Engineer partners with R&D, Quality, Regulatory, and other cross‑functional stakeholders to define, implement, and support cybersecurity activities from initial concept through decommissioning. This role drives secure‑by‑design practices, facilitates product security risk management, and ensures compliance with TBCT’s Product Security Lifecycle Procedure and associated procedures.
ESSENTIAL DUTIES
Define and maintain objective, testable, technology‑agnostic product security requirements, ensuring traceability to product security needs, risks, and regulatory expectations.
Analyze technical issues, document findings, and collaborate with engineering and product teams to support implementation of risk‑based, secure‑by‑design solutions.
Support the development and maintenance of Product Security Plans, Threat Models, Product Security Reports, and related lifecycle deliverables, ensuring they remain accurate and updated throughout the product lifecycle.
Assist engineering teams with vulnerability identification and analysis, support post‑market risk assessment, and contribute to post‑market activities, including vulnerability management, threat intelligence intake, and patch planning.
Assess third‑party components and suppliers, support SBOM creation and maintenance, monitor component lifecycle risk, and help identify vulnerabilities or end‑of‑support concerns.
Contribute to customer‑facing and regulatory documentation, including labeling content and cybersecurity documentation for submissions, and communicate technical findings verbally and in writing.
Maintain and support updates to product security procedures, work instructions, and technical guidance documents, contributing to continuous improvement and alignment with evolving standards.
Provide technical input and guidance to engineering teams, and collaborate with R&D, Quality, Safety, and Regulatory partners to support a cohesive product security posture.
OTHER DUTIES AND RESPONSIBILITIES
Support development and maintenance of the product security test lab environment.
Participate in regulatory, safety, and design reviews.
May conduct penetration testing activities under guidance or support third‑party penetration testing efforts.
May participate in product incident response activities.
May support Product Security representation in customer, auditor, or regulatory discussions.
PREFERRED / NICE‑TO‑HAVE EXPERIENCE & SKILLS
Experience with PKI and certificate management for medical devices, including provisioning, rotation, secure storage, and certificate‑based authentication.
Familiarity with Azure Cloud Services, including identity and access management, secure architecture patterns, and application/service hardening in cloud‑hosted environments.
Hands‑on experience supporting or maintaining a Product Security Lab environment.
Practical experience with embedded device security, secure boot, cryptographic services, firmware integrity, or hardware security features.
Understanding of medical device cybersecurity standards such as FDA Premarket Guidance, post‑market expectations, IMDRF, AAMI TIR57/TIR97, ISO/IEC 81001‑5‑1, and SBOM‑related standards (SPDX, CycloneDX).
Familiarity with DevOps or DevSecOps pipelines, including CI/CD security tooling and automation.
Experience developing or maintaining secure communication protocols (TLS, mutual authentication, key exchange mechanisms).
Experience using risk analysis and mitigation methodologies.
Quality and continuous improvement mindset.
Demonstrated ability to communicate effectively both verbally and in writing.
MINIMUM QUALIFICATION REQUIREMENTS Education
Bachelor’s degree in computer science or an equivalent of education and experience sufficient to successfully perform the essential functions of the job.
Experience
Minimum 3 years of relevant experience.
Experience supporting product and/or cybersecurity practices in a regulated industry or environment.
Familiarity with global standards and frameworks (ISO 81001‑5‑1, AAMI TIR57, NIST CSF, FDA pre‑/post‑market guidance) preferred.
Professional cybersecurity certification (e.g., CISSP, CEH, or similar) preferred.
-Or- An equivalent competency level acquired through a variation of these qualifications may be considered.
PHYSICAL REQUIREMENTS Typical Office Environment requirements include reading, speaking, hearing, close vision, walking, bending, sitting, and occasional lifting up to 20 pounds. The physical demands described here are representative of those that must be met by an associate to successfully perform the essential duties of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential duties.
We are proud to be an Equal Opportunity
Affirmative Action Employer. All applicants will be afforded equal opportunity without discrimination because of race, color, religion, sex, gender identity or expression, sexual orientation, marital status, order of protection status, national origin or ancestry, citizenship status, age, physical or mental disability unrelated to ability, military status or an unfavorable discharge from military service.
Terumo Blood and Cell Technologies is committed to providing a safe, healthy and secure working environment. Our Colorado campus locations are tobacco‑free workplaces, and we maintain a drug‑free workplace and perform pre‑employment substance abuse testing and detailed background verification.
#J-18808-Ljbffr
Jan 9, 2026
Location:
Lakewood, CO, US
Requisition ID:
34544
Terumo Blood and Cell Technologies (TBCT) designs, engineers, and builds medical technology that helps save lives. TBCT integrates cybersecurity throughout the total product lifecycle to ensure our products are safe, secure, and effective.
The Product Security Engineer partners with R&D, Quality, Regulatory, and other cross‑functional stakeholders to define, implement, and support cybersecurity activities from initial concept through decommissioning. This role drives secure‑by‑design practices, facilitates product security risk management, and ensures compliance with TBCT’s Product Security Lifecycle Procedure and associated procedures.
ESSENTIAL DUTIES
Define and maintain objective, testable, technology‑agnostic product security requirements, ensuring traceability to product security needs, risks, and regulatory expectations.
Analyze technical issues, document findings, and collaborate with engineering and product teams to support implementation of risk‑based, secure‑by‑design solutions.
Support the development and maintenance of Product Security Plans, Threat Models, Product Security Reports, and related lifecycle deliverables, ensuring they remain accurate and updated throughout the product lifecycle.
Assist engineering teams with vulnerability identification and analysis, support post‑market risk assessment, and contribute to post‑market activities, including vulnerability management, threat intelligence intake, and patch planning.
Assess third‑party components and suppliers, support SBOM creation and maintenance, monitor component lifecycle risk, and help identify vulnerabilities or end‑of‑support concerns.
Contribute to customer‑facing and regulatory documentation, including labeling content and cybersecurity documentation for submissions, and communicate technical findings verbally and in writing.
Maintain and support updates to product security procedures, work instructions, and technical guidance documents, contributing to continuous improvement and alignment with evolving standards.
Provide technical input and guidance to engineering teams, and collaborate with R&D, Quality, Safety, and Regulatory partners to support a cohesive product security posture.
OTHER DUTIES AND RESPONSIBILITIES
Support development and maintenance of the product security test lab environment.
Participate in regulatory, safety, and design reviews.
May conduct penetration testing activities under guidance or support third‑party penetration testing efforts.
May participate in product incident response activities.
May support Product Security representation in customer, auditor, or regulatory discussions.
PREFERRED / NICE‑TO‑HAVE EXPERIENCE & SKILLS
Experience with PKI and certificate management for medical devices, including provisioning, rotation, secure storage, and certificate‑based authentication.
Familiarity with Azure Cloud Services, including identity and access management, secure architecture patterns, and application/service hardening in cloud‑hosted environments.
Hands‑on experience supporting or maintaining a Product Security Lab environment.
Practical experience with embedded device security, secure boot, cryptographic services, firmware integrity, or hardware security features.
Understanding of medical device cybersecurity standards such as FDA Premarket Guidance, post‑market expectations, IMDRF, AAMI TIR57/TIR97, ISO/IEC 81001‑5‑1, and SBOM‑related standards (SPDX, CycloneDX).
Familiarity with DevOps or DevSecOps pipelines, including CI/CD security tooling and automation.
Experience developing or maintaining secure communication protocols (TLS, mutual authentication, key exchange mechanisms).
Experience using risk analysis and mitigation methodologies.
Quality and continuous improvement mindset.
Demonstrated ability to communicate effectively both verbally and in writing.
MINIMUM QUALIFICATION REQUIREMENTS Education
Bachelor’s degree in computer science or an equivalent of education and experience sufficient to successfully perform the essential functions of the job.
Experience
Minimum 3 years of relevant experience.
Experience supporting product and/or cybersecurity practices in a regulated industry or environment.
Familiarity with global standards and frameworks (ISO 81001‑5‑1, AAMI TIR57, NIST CSF, FDA pre‑/post‑market guidance) preferred.
Professional cybersecurity certification (e.g., CISSP, CEH, or similar) preferred.
-Or- An equivalent competency level acquired through a variation of these qualifications may be considered.
PHYSICAL REQUIREMENTS Typical Office Environment requirements include reading, speaking, hearing, close vision, walking, bending, sitting, and occasional lifting up to 20 pounds. The physical demands described here are representative of those that must be met by an associate to successfully perform the essential duties of this job. Reasonable accommodation may be made to enable individuals with disabilities to perform the essential duties.
We are proud to be an Equal Opportunity
Affirmative Action Employer. All applicants will be afforded equal opportunity without discrimination because of race, color, religion, sex, gender identity or expression, sexual orientation, marital status, order of protection status, national origin or ancestry, citizenship status, age, physical or mental disability unrelated to ability, military status or an unfavorable discharge from military service.
Terumo Blood and Cell Technologies is committed to providing a safe, healthy and secure working environment. Our Colorado campus locations are tobacco‑free workplaces, and we maintain a drug‑free workplace and perform pre‑employment substance abuse testing and detailed background verification.
#J-18808-Ljbffr