Bausch + Lomb (NYSE/TSX: BLCO) is a leading global eye health company dedicated to protecting and enhancing the gift of sight for millions of people around the world—from the moment of birth through every phase of life. Our mission is simple, yet powerful: helping you see better, to live better.

Our comprehensive portfolio of over 400 products is fully integrated and built to serve our customers across the full spectrum of their eye health needs throughout their lives. Our iconic brand is built on the deep trust and loyalty of our customers established over our 170-year history. We have a significant global research, development, manufacturing and commercial footprint of approximately 13,000 employees and a presence in approximately 100 countries, extending our reach to billions of potential customers across the globe. We have long been associated with many of the most significant advances in eye health, and we believe we are well positioned to continue leading the advancement of eye health in the future.

 

The Product Security Engineer is responsible for ensuring the security of applications and products by conducting Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), Software Composition Analysis (SCA), and penetration testing, while integrating security tools into CI/CD pipelines. This role collaborates with development and DevOps teams to embed security best practices throughout the Software Development Life Cycle (SDLC), enforce secure coding standards, and manage vulnerability remediation. Additionally, the engineer provides training, oversees the responsible disclosure program, supports risk assessments and regulatory compliance, and stays ahead of emerging cybersecurity threats to enhance security practices.

 

Role and Responsibilities

Conduct and manage Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST), and Software Composition Analysis (SCA) for all applications and products. Perform manual and automated penetration testing of applications, APIs, and products to identify vulnerabilities. Integrate security testing tools into CI/CD pipelines to enable automated and continuous security assessments. Analyze security testing results and collaborate with development teams to remediate vulnerabilities. Develop and enforce secure coding standards, application security policies, and best practices. Maintain and update application security tools, ensuring they meet current and future needs. Prioritize and track vulnerabilities, ensuring timely remediation and mitigation. Support risk assessments and provide security recommendations for new applications and products. Partner with cross-functional teams, including DevOps and product engineering, to embed security throughout the SDLC. Stay updated on the latest security threats, vulnerabilities, and industry trends to enhance testing practices. Provide training and guidance to developers on secure coding practices and tool usage. Oversee the responsible disclosure program to ensure vulnerabilities are properly handled. Collaborate with third-party penetration testing vendors when necessary and validate findings. Interface with product development teams to identify security solutions required for each product. Assist with the filing of regulatory documents related to cybersecurity concerns.

 

Qualifications and Education Requirements

Bachelor’s degree in computer science, cybersecurity, or a related field (or equivalent experience). 3+ years of experience in application security or product security roles. Hands-on experience with SAST, DAST, and SCA tools (e.g., Veracode, Checkmarx, OWASP ZAP, or similar). Strong understanding of secure coding practices and common vulnerabilities (e.g., OWASP Top 10, SANS CWE Top 25). Proven expertise in manual and automated penetration testing. Familiarity with CI/CD pipelines and integrating security tools (e.g., Jenkins, GitLab, Azure DevOps). Experience working with developers to remediate vulnerabilities and improve security practices. Excellent problem-solving and communication skills, including the ability to convey complex technical issues to non-technical stakeholders.

Preferred

Professional certifications such as OSCP, GWAPT, GPEN, or CSSLP. Experience with cloud security and container security (e.g., AWS, Azure, Docker, Kubernetes). Familiarity with regulated industry security requirements (e.g., FDA, ISO 27001, NIST).

Knowledge of threat modeling and security architecture reviews.

All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status. 

  

Job Applicants should be aware of job offer scams perpetrated through the use of the Internet and social media platforms. 

To learn more please read Bausch + Lomb's Job Offer Fraud Statement. 

  

Our Benefit Programs: Employee Benefits: Bausch + Lomb 

  

Applicants must be authorized to work for ANY employer in the U.S. We are unable to sponsor or take over sponsorship of an employment Visa at this time.