×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security Systems Engineer

Principal Med Device Security Engineer

Job in Concord, Merrimack County, New Hampshire, 03306, USA
Listing for: Scorpion Therapeutics
Full Time position
Listed on 2026-06-18
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, Systems Engineer
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below

Job Description

Principal Product Security Engineer

Responsibilities
  • Implement J&J’s enterprise Product Security strategy/framework across the Heart Recovery portfolio.
  • Deliver security architecture, cryptographic controls, embedded security protections/controls, and threat-mitigation techniques across the product lifecycle (pre- and post-market).
  • During development: review security requirements, complete quality documentation, perform threat modeling, coordinate third‑party penetration testing, conduct software architecture reviews, and perform code/security testing.
  • Post‑market: monitor vulnerabilities, support patching/remediation, respond to customer security questionnaires, and review security contractual language.
  • Drive framework alignment; define secure boot/firmware integrity/anti‑tamper; enforce crypto for data‑at‑rest/in‑transit (FDA cyber, NIST 800‑175, FIPS 140‑3, IEC 62443).
  • Define key management (PKI/HSM/TPM/secure enclave); enable vulnerability assessment for wireless links; implement Zero Trust (mTLS/continuous auth); oversee secure OTA (signing, rollback, supply‑chain validation).
Required Qualifications
  • 8+ years Information Security; 5+ years embedded/IoT/medical device cybersecurity;
    Bachelor’s or equivalent.
  • Threat modeling (STRIDE) and risk assessment (CVSS 3.1+); security requirements writing for embedded/web.
  • Third‑party penetration testing/vuln scanning; regulatory submission experience (FDA Cybersecurity Guidance (2025), EU MDR, NIST 800‑53, IMDRF, AAMI TIR
    57).
  • Knowledge of OS hardening, cloud security, SBOM generation, SCA via SBOM scans; security architecture views for medical devices.
  • Secure coding reviews/recommendations; HIPAA/GDPR; HITRUST/ISO 27001.
  • Autonomy, leadership, project tracking, strong communication/collaboration.
Preferred Qualifications
  • Security audits; QNX/QoS, Yocto, Linux (Ubuntu/Alpine); global regulatory process familiarity; web/server hardening (AWS/Azure, OWASP Top 10, blue teaming); cybersecurity pre‑sales; software dev; CISSP/CISM; MS/advanced degree.
Benefits (time off)
  • Vacation (120 hrs/yr)
  • Sick time (40 hrs/yr; CO 48; WA 56)
  • Holiday pay incl. floating holidays (13 days/yr)
  • Parental leave (480 hrs in one year)
#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search