×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Senior Product Security Engineer

Job in Danvers, Essex County, Massachusetts, 01923, USA
Listing for: Johnson & Johnson
Full Time position
Listed on 2026-01-04
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
  • Engineering
    Cybersecurity, Systems Engineer
Job Description & How to Apply Below

Principal Product Security Engineer

Johnson & Johnson – Med Tech Cybersecurity Team

Job Description

Johnson & Johnson’s Med Tech cybersecurity team is recruiting an experienced Principal Product Security Engineer to be based in Danvers, MA or Raritan, NJ. This role can also be remote or hybrid and will require up to 10% travel.

In this role you will own the product security process for J&J’s Heart Recovery portfolio of medical devices and supporting platforms, from pre‑market design through post‑market operations. You will deliver security architecture, cryptographic controls, embedded system protections, threat mitigation techniques, and ensure regulatory compliance across the product lifecycle.

Responsibilities
  • Drive alignment with J&J Product Security’s overarching framework and strategy for Heart Recovery.
  • Define and implement secure boot, firmware integrity validation, and anti‑tamper mechanisms for device firmware.
  • Enforce cryptographic protocols for data‑at‑rest and data‑in‑transit, ensuring compliance with FDA cybersecurity requirements, NIST standards, and IEC 62443.
  • Define and implement key‑management infrastructure (PKI, HSMs, TPMs, secure enclave) for device identity, authentication, and software signing.
  • Develop real‑time vulnerability assessment techniques for wireless communications (Bluetooth LE, NFC, Wi‑Fi, 5G, proprietary RF).
  • Implement Zero Trust security for device‑to‑cloud connectivity, integrating mTLS and continuous authentication models.
  • Oversee secure OTA update mechanisms, ensuring firmware rollbacks, code signing, and supply‑chain integrity validation.
  • Lead Secure Development Lifecycle practices, integrating threat modeling, static/dynamic analysis, fuzz testing, and formal verification.
  • Work with R&D Engineering to define hardware security architecture, including trust zones and hardware root of trust.
  • Implement memory safety strategies to mitigate buffer overflows, side‑channel attacks, and execution vulnerabilities.
  • Respond to customer cybersecurity questionnaires and contractual language for post‑market devices.
  • Coordinate third‑party penetration testing, software architecture review, code analysis, and other security testing activities.
  • Monitor for new vulnerabilities, assist with patching and remediation plans for marketed devices.
Qualifications – Required
  • 5+ years industry experience in Information Security; 3+ years in embedded system, IoT, or medical device cybersecurity.
  • Bachelor’s degree or equivalent.
  • Experience generating threat models without the use of threat‑modeling tools.
  • Experience performing risk assessments using CVSS 3.1+ and STRIDE per element.
  • Ability to write technical security requirements for embedded systems and web platforms based on the latest regulations.
  • Knowledge of third‑party penetration testing, vulnerability scanning, CVSS, and other general security testing principles.
  • Experience supporting regulatory security submissions (FDA Cybersecurity Guidance 2025, EU MDR, NIST 800‑53, IMDRF, AAMI TIR
    57).
  • Knowledge of real‑time operating systems hardening, cloud security principles, and SBOM generation.
  • Ability to generate pre‑market risk assessments, post‑market SCA SBOM scans, and security architecture views for medical devices.
  • Strong secure‑coding and review skills, familiarity with HIPAA & GDPR, and industry certifications such as HITRUST & ISO 27001.
  • Proven ability to lead large projects and deliver results on schedule; excellent communication, collaboration, and customer focus.
  • Creative problem‑solving skills and a proactive, autonomous work style.
Preferred Skills
  • Experience leading or participating in formal security audits.
  • Familiarity with FDA and other global regulatory cybersecurity guidance and submission processes.
  • Experience with web applications and server hardening (AWS, Azure) and knowledge of OWASP Top 10 and blue‑team techniques.
  • Experience in cybersecurity pre‑sales, software development, and advanced degrees (MS or higher).
  • Certifications such as CISSP, CISM, or other security credentials.
Job Information

Seniority level: Not Applicable

Employment type: Full‑time

Locations: Danvers, Massachusetts;
Raritan, New Jersey (remote/hybrid options); up to…

Position Requirements
10+ Years work experience
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search