×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Sr. Manager Medical Devices Product Security

Job in Danvers, Essex County, Massachusetts, 01923, USA
Listing for: Scorpion Therapeutics
Full Time position
Listed on 2026-02-01
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 120000 - 160000 USD Yearly USD 120000.00 160000.00 YEAR
Job Description & How to Apply Below

Role Summary

Sr. Manager Medical Devices Product Security will own the Product Security process across the Heart Recovery devices, guiding security by design throughout development and post‑market activities. Based in Danvers, MA or Raritan, NJ, with remote or hybrid options and up to 10% travel. Lead implementation of J&J’s enterprise Product Security strategy for the Heart Recovery portfolio and provide technical leadership for secure device architectures, cryptographic controls, embedded protections, and threat mitigation across the product lifecycle.

Responsibilities
  • Drive alignment to J&J Product Security’s overarching framework.
  • Support the Product Security strategy and objectives within Heart Recovery.
  • Define and implement secure boot, firmware integrity validation, and anti‑tamper mechanisms to protect Heart Recovery device firmware against unauthorized modification.
  • Define and enforce cryptographic protocols for data-at-rest and data-in-transit, ensuring compliance with FDA cybersecurity requirements, NIST 800‑175, FIPS 140‑3, and IEC 62443.
  • Define and implement key management infrastructure (PKI, HSMs, TPMs, and secure enclave integration) for device identity, authentication, and software signing.
  • Develop real‑time vulnerability assessment techniques for detecting security flaws in wireless communications used in Heart Recovery medical devices.
  • Implement Zero Trust security for device‑to‑cloud connectivity, integrating mTLS and continuous authentication models into clinical applications.
  • Oversee secure OTA update mechanisms, ensuring firmware rollbacks, code signing, and supply chain integrity validation.
Qualifications
  • Required:

    10+ years in Information Security.
  • Required:

    5+ years in embedded systems, IoT, or medical device cybersecurity.
  • Required:

    Bachelor’s degree or equivalent.
  • Required:

    Expertise generating threat models without the use of threat modeling tools.
  • Required:

    Expertise performing risk assessments using CVSS 3.1+ with STRIDE per element.
  • Required:

    Experience writing technical security requirements for embedded systems and web platforms based on regulations.
  • Required:

    Coordination and execution of third‑party penetration testing, vulnerability scanning, CVSS or other security testing principles.
  • Required:

    Experience supporting regulatory security submissions and generating Cybersecurity QMS documentation (FDA Cybersecurity Guidance, EU MDR, NIST 800‑53, IMDRF, AAMI TIR
    57).
  • Required:

    Experience with RTOS hardening and pruning, and generating SBOMs with software composition analysis.
  • Required:

    Experience with cloud security and securely connecting embedded medical devices to the cloud.
  • Required:

    Experience generating SBOMs from source code, binaries, firmware, and OS.
  • Required:

    Experience with pre‑market and post‑market risk assessments using STRIDE and SBOM/SCAs.
  • Required:

    Ability to translate technical security requirements into solutions and provide secure coding recommendations.
  • Required:

    Data privacy experience (HIPAA, GDPR) and knowledge of HITRUST, ISO 27001, IEC 81001‑5‑1.
  • Required:

    Ability to work autonomously, lead large projects, and manage security perspectives across timelines.
  • Required:

    Strong communication, collaboration, and leadership skills.
  • Preferred:
    Experience leading/formal security audits; OS experience (QNX QOS, Yocto, Linux Ubuntu); familiarity with FDA/global regulatory cybersecurity guidance and submission process; web app/server hardening (AWS/Azure) and OWASP Top 10; cybersecurity pre‑sales; software development experience; CISSP/CISM or other security certification; MS or advanced degree.
Skills
  • Security architecture design and threat modeling
  • Secure development lifecycle and hardware security concepts (HRoT, trust zones)
  • Memory safety, RTOS security, and code analysis
  • Zero Trust, mTLS, and device‑to‑cloud security patterns
  • Cryptographic protocols, key management, and secure boot mechanisms
  • SBOM creation, software composition analysis, and patch management
  • Regulatory cybersecurity knowledge (FDA, NIST, IMDRF, EU MDR)
  • Communication, leadership, and cross‑functional collaboration
Education
  • Bachelor’s degree or equivalent
Additional Requirements
  • Travel up to 10% may be required
  • Location:

    Danvers, MA or Raritan, NJ; remote/hybrid acceptable
#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search