Tejas Bharambe

Staff Engineer II, Product Security · Irvine, CA

Promoted to Staff Engineer II in June 2026. Joined BD via its acquisition of Edwards Lifesciences' Critical Care business unit, continuing with the same team.

• Lead product security across multiple medical device programs — threat modeling, secure design, vulnerability management, V&V, and cybersecurity documentation for FDA premarket submissions in partnership with Regulatory, Quality, and Program Management.
• Built hardened Windows golden images for AI-algorithm laptop platforms under a compressed FDA AI response timeline (BIOS, firmware, OS, access control, lockdown), turning urgent one-off work into a reusable pattern projected to cut future hardening from months to ~1 week.
• Centralized Coverity SAST scanning across product teams into a controlled, scalable model and accelerated containerized build adoption across engineering.
• Built a C/C++ SBOM generator using build-system interception to capture statically linked and manually included dependencies — addressing a known industry gap and guiding vendor toolchain discussions.
• Developed SBOM end-of-life enrichment with confidence scoring, released as the open-source SBOM Support Analyzer.
• Built self-service security automation (Microsoft Forms + Power Automate + Azure DevOps) for PKI certificate issuance and rolling PIN provisioning, replacing manual spreadsheets with authenticated, traceable flows.
• Built a post-market vulnerability monitoring pipeline from Black Duck and Microsoft RSS feeds into Jira, generating remediation tasks routed by ownership.

Senior Engineer, Product Security · Irvine, CA

Critical Care business unit divested to BD in October 2024.

• Owned product security across the full lifecycle of a Yocto-based embedded healthcare monitor — cybersecurity management plan, threat modeling, secure design, implementation, vulnerability management, and FDA premarket submission.
• Built the OpenSTLinux hardening baseline for the division's first embedded Linux product of its kind; the resulting foundation was reused across subsequent product programs.
• Established a QMS workflow wiring FDA eSTAR cybersecurity artifacts directly into the Product Development Lifecycle for repeatable compliance.
• Authored Azure security configuration requirements and built scripts validating Terraform-defined infrastructure against them — drift detection and security-as-code before it was common practice.
• Drove creation of a dedicated DevOps function: repo structure, secure build-agent strategy, a "build once, validate, promote" model, and reusable pipeline templates integrating SCA/SAST/IaC into IDEs and PR gates.
• Replaced Ubuntu-based containers with minimal Alpine images, cleaning up ~95% of vulnerability noise and establishing a reusable secure container pattern.
• Deployed Prisma Cloud CSPM and Compute runtime protection across Azure and on-prem hospital gateways, and architected a private DigiCert ONE environment for SSL, code signing, and container signing.

Security Engineer · Redlands, CA

• Stood up the threat modeling process for ArcGIS Enterprise and its applications, and designed user-level access controls with the development team.
• Hardened Docker images on Kubernetes by triaging WhiteSource and Protecode findings, and implemented runtime security monitoring with Falco.
• Conducted black-box penetration testing of the Kubernetes cluster, pods, and services; triaged Acunetix findings and verified fixes across Windows and Linux patch releases.

Graduate Research Assistant · Syracuse, NY

• Built a Data Consistency Checker that improved verification rate for distributed-systems consistency models (linearizability, eventual, sequential) by ~10%, hardened against result tampering by executing inside an Intel SGX enclave.