Tejas Bharambe

Staff Engineer II, Product Security — Irvine, CA · Promoted to Staff Engineer II in June 2026; joined via BD's acquisition of Edwards Lifesciences' Critical Care business unit.

• Lead product security across multiple medical device programs — threat modeling, secure design, vulnerability management, V&V, and cybersecurity documentation for FDA premarket submissions in partnership with Regulatory, Quality, and Program Management.
• Built hardened Windows golden images for AI-algorithm laptop platforms under a compressed FDA AI response timeline (BIOS, firmware, OS, access control, lockdown), converting urgent one-off execution into a reusable pattern projected to cut future hardening from months to ~1 week.
• Centralized Coverity SAST scanning across product teams into a controlled, scalable model and accelerated containerized build adoption across engineering.
• Led migration of Coverity and Black Duck (with historical scan data and checker configurations) from Edwards into BD, preserving audit continuity after the divestiture.
• Built a C/C++ SBOM generator using build-system interception to capture statically linked and manually included dependencies, addressing a known industry gap.
• Developed SBOM end-of-life enrichment with confidence scoring, released as the open-source SBOM Support Analyzer.
• Built self-service security automation (Microsoft Forms + Power Automate + Azure DevOps) for PKI certificate issuance and rolling PIN provisioning, replacing manual spreadsheets with authenticated, traceable flows.
• Built a post-market vulnerability monitoring pipeline from Black Duck and Microsoft RSS feeds into Jira, generating remediation tasks routed by ownership.

Senior Engineer, Product Security — Irvine, CA · Critical Care business unit divested to BD in October 2024.

• Owned product security across the full lifecycle of a Yocto-based embedded healthcare monitor — cybersecurity management plan, threat modeling, secure design, implementation, vulnerability management, and FDA premarket submission.
• Built the OpenSTLinux hardening baseline for the division's first embedded Linux product of its kind; reused across subsequent product programs.
• Established a QMS workflow wiring FDA eSTAR cybersecurity artifacts directly into the Product Development Lifecycle for repeatable compliance.
• Authored Azure security configuration requirements and built scripts validating Terraform-defined infrastructure against them — drift detection and security-as-code before it was common practice.
• Drove creation of a dedicated DevOps function: repo structure, secure build-agent strategy, a "build once, validate, promote" model, and reusable pipeline templates integrating SCA/SAST/IaC into IDEs and PR gates.
• Replaced Ubuntu-based containers with minimal Alpine images, cleaning up ~95% of vulnerability noise; deployed Prisma Cloud CSPM/Compute and architected a private DigiCert ONE environment for SSL, code signing, and container signing.

Security Engineer, ArcGIS Enterprise — Redlands, CA

• Stood up the threat modeling process for ArcGIS Enterprise and its applications; designed user-level access controls with the development team.
• Hardened Docker images on Kubernetes by triaging WhiteSource and Protecode findings; implemented runtime monitoring with Falco.
• Conducted black-box penetration testing of the Kubernetes cluster, pods, and services; triaged Acunetix findings and verified fixes across Windows and Linux patch releases.

Graduate Research Assistant — Syracuse, NY

• Built a Data Consistency Checker improving verification rate for distributed-systems consistency models (linearizability, eventual, sequential) by ~10%, hardened against result tampering by executing inside an Intel SGX enclave.