To succeed as a Security Engineer at Becton Dickinson, you must prove your capabilities across several core domains. Interviewers will probe these areas heavily, often using your own past projects as the foundation for their questions.
Past Experience and Technical Deep-Dive
Interviewers at Becton Dickinson favor a conversational but highly probing interview style. They want to see that you actually drove the security initiatives listed on your resume, rather than just participating in them. Strong performance here means you can explain the "why" behind every technical decision, the alternatives you considered, and the ultimate business impact.
Be ready to go over:
- Architecture decisions – Why you chose a specific security tool or framework over another.
- Implementation hurdles – How you overcame technical debt or legacy system constraints.
- Outcome metrics – How you measured the success of your security implementations.
- Advanced concepts (less common) –
- Zero Trust architecture rollouts in legacy environments.
- Custom scripting for automated threat hunting.
Example questions or scenarios:
- "Walk me through the most complex security architecture you designed. What were the primary attack vectors you had to mitigate?"
- "You mentioned implementing a new SIEM on your resume. How did you tune the alerting to reduce false positives for the SOC team?"
- "Tell me about a time you found a critical vulnerability in a production system. How did you handle the remediation process?"
Security Architecture and Device Security
Because Becton Dickinson manufactures medical devices, securing hardware and IoT ecosystems is just as important as securing enterprise IT. You will be evaluated on your ability to design secure systems from the ground up and your understanding of network segmentation, encryption, and endpoint protection.
Be ready to go over:
- Network Segmentation – Isolating critical medical devices from general enterprise networks.
- Cryptography – Implementing encryption at rest and in transit for sensitive health data.
- Vulnerability Management – Scanning and patching systems without causing downtime to critical services.
- Advanced concepts (less common) –
- Embedded systems security.
- FDA pre-market and post-market cybersecurity guidelines for medical devices.
Example questions or scenarios:
- "How would you design the network architecture for a hospital deploying a new fleet of connected infusion pumps?"
- "What is your approach to securing legacy systems that cannot be easily patched or updated?"
- "Explain how you would implement mutual TLS (mTLS) between a medical device and a cloud backend."
Incident Response and Threat Mitigation
When a security event occurs, the engineering team must respond swiftly and methodically. Interviewers will test your analytical thinking during a crisis. A strong candidate will outline a clear, step-by-step methodology for containment, eradication, and recovery, while keeping stakeholder communication in mind.
Be ready to go over:
- Threat Modeling – Identifying potential threats during the software development lifecycle (STRIDE, DREAD).
- Log Analysis – Parsing logs to track lateral movement or data exfiltration.
- Incident Handling – Your methodology for containing an active breach.
- Advanced concepts (less common) –
- Reverse engineering malware.
- Developing automated playbooks (SOAR) for incident response.
Example questions or scenarios:
- "You receive an alert that an unauthorized user is accessing a database containing patient records. What are your first three steps?"
- "How do you conduct threat modeling for a new web application interacting with an external API?"
- "Describe a time you had to respond to a security incident under high pressure. What was the outcome?"
`