Job Description Summary

As an Attack Surface Management Engineer, you will play a critical role in our cybersecurity team, focusing on identifying, analyzing, and reducing risks across our digital ecosystem. Your responsibilities will include managing asset discovery, assessing vulnerabilities, and ensuring the security of our medical device products, enterprise IT infrastructure, and manufacturing environments. You will operate in a dynamic and complex environment, leveraging advanced security tools and methodologies to protect sensitive data and maintain the integrity of our products and services.

Job Description

We are the makers of possible

BD is one of the largest global medical technology companies in the world. Advancing the world of health™ is our Purpose, and it’s no small feat. It takes the imagination and passion of all of us—from design and engineering to the manufacturing and marketing of our billions of MedTech products per year—to look at the impossible and find transformative solutions that turn dreams into possibilities.

We believe that the human element, across our global teams, is what allows us to continually evolve. Join us and discover an environment in which you’ll be supported to learn, grow and become your best self. Become a maker of possible with us.

As an Attack Surface Management Engineer, you will play a critical role in our cybersecurity team, focusing on identifying, analyzing, and reducing risks across our digital ecosystem. Your responsibilities will include managing asset discovery, assessing vulnerabilities, and ensuring the security of our medical device products, enterprise IT infrastructure, and manufacturing environments. You will operate in a dynamic and complex environment, using advanced security tools and methodologies to protect sensitive data and maintain the integrity of our products and services.

Primary Duties / Responsibilities

In this role, you will collaborate closely with Security Operations teams to continuously evaluate BD's attack surface, identify cybersecurity risks, and engage collaborators in risk mitigation and remediation efforts. This involves actively working with various teams to assess potential vulnerabilities, analyze risks, prioritize remediation efforts, and provide detailed recommendations for reducing exposure.

You will also stay up-to-date on cybersecurity standard processes, open-source intelligence (OSINT) methodologies, and emerging attack surface management trends through professional development and training. Continuously seek opportunities to enhance knowledge and skills in this rapidly evolving field.

Degree of Accountability:

• Responsible for setting personal work direction and completing tasks effectively.

• Actively contributes to Information Security projects and initiatives.

• Advocates for the protection of BD’s intellectual property and information assets.

Financial Impact:

As a member of the Cyber Fusion Team, you will help identify and minimize security risks, reducing potential financial, market share, and brand reputation impacts.

Quality Impact:

Ensures alignment to BD’s Quality Standards by driving continuous improvement within assigned responsibilities while maintaining compliance with regulatory requirements.

Cost Impact:

Supports continuous improvement initiatives to enhance the maturity and efficiency of attack surface management operations, optimizing security investments and operational effectiveness.

Operational Responsibilities

• Attack Surface Discovery & Assessment: Continuously identify and assess assets across BD’s infrastructure, including medical devices, IT infrastructure, cloud environments, and manufacturing systems.
  

• Risk Prioritization & Remediation: Analyze discovered risks, prioritize remediation efforts based on potential impact, and coordinate with relevant teams to reduce exposure.
  

• Threat Intelligence & Trend Analysis: Collaborate with the BD Cyber Threat Intelligence Team to monitor emerging cybersecurity threats, techniques, and vulnerabilities affecting the healthcare and manufacturing sectors, integrating insights into attack surface management strategies.
  

• Alerting & Reporting: Provide timely reporting and notifications to relevant partners about critical vulnerabilities, delivering detailed risk assessments and actionable remediation recommendations.
  

• Secure Development Collaboration: Partner with product development teams to integrate security standard methodologies into the design of medical devices, software, and related systems, ensuring a secure-by-design approach.
  

• Incident Response Support: Assist in refining incident response protocols and actively contribute to investigations and mitigation efforts when security incidents arise.
  

• Regulatory Compliance & Standards: Ensure alignment to industry regulations and standards, including HIPAA, CMMC, FDA guidelines for medical devices, and ISO/NIST cybersecurity frameworks.
  

• Security Awareness & Training: Assist in conducting training sessions to enhance cybersecurity awareness among collaborators, emphasizing threats relevant to BD, its customers, and patients. Effectively communicate technical risks to non-technical audiences and provide guidance on cybersecurity best practices.
  

• Process & Tool Optimization: Continuously seek improvements in attack surface management processes, methodologies, and security toolsets to enhance operational effectiveness.

Experience:

• A minimum of 2 years of experience with Qualys is required

• Experience with Qualys API and pulling data out into PowerBI is preferred

• Strong background in cybersecurity, with a deep understanding of attack surface management, risk assessment, and vulnerability analysis

• Experience collaborating with security operations teams and engaging stakeholders across various business units

• Familiarity with cybersecurity best practices, open-source intelligence (OSINT) methodologies, and emerging trends in attack surface management

• Ability to analyze and prioritize risks based on potential impact, and provide actionable remediation recommendations

At BD, we prioritize on-site collaboration because we believe it fosters creativity, innovation, and effective problem-solving, which are essential in the fast-paced healthcare industry. For most roles, we require a minimum of 4 days of in-office presence per week to maintain our culture of excellence and ensure smooth operations, while also recognizing the importance of flexibility and work-life balance. Remote or field-based positions will have different workplace arrangements which will be indicated in the job posting.

For certain roles at BD, employment is contingent upon the Company’s receipt of sufficient proof that you are fully vaccinated against COVID-19. In some locations, testing for COVID-19 may be available and/or required. Consistent with BD’s Workplace Accommodations Policy, requests for accommodation will be considered pursuant to applicable law.

Why Join Us?

A career at BD means being part of a team that values your opinions and contributions and that encourages you to bring your authentic self to work. It’s also a place where we help each other be great, we do what’s right, we hold each other accountable, and learn and improve every day.  

To find purpose in the possibilities, we need people who can see the bigger picture, who understand the human story that underpins everything we do. We welcome people with the imagination and drive to help us reinvent the future of health. At BD, you’ll discover a culture in which you can learn, grow, and thrive. And find satisfaction in doing your part to make the world a better place.  

To learn more about BD visit https://bd.com/careers

Becton, Dickinson and Company is an Equal Opportunity/Affirmative Action Employer. We do not unlawfully discriminate on the basis of race, color, religion, age, sex, creed, national origin, ancestry, citizenship status, marital or domestic or civil union status, familial status, affectional or sexual orientation, gender identity or expression, genetics, disability, military eligibility or veteran status, or any other protected status. 

Required Skills

Continual Improvement Process, Cybersecurity, Information Security, Information Technology (IT) Infrastructure, Remediation, Risk Mitigation Strategies, Security Operations, Security Tools

Optional Skills

Mitigation, Regulatory Compliance, Security Practices, Standards Compliance

.

Primary Work Location

USA NJ - Franklin Lakes

Additional Locations

Work Shift