×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Systems Engineer

Principal Cloud Security Engineer

Job in Danvers, Essex County, Massachusetts, 01923, USA
Listing for: Scorpion Therapeutics
Part Time position
Listed on 2026-02-16
Job specializations:
  • IT/Tech
    Cybersecurity, Systems Engineer
  • Engineering
    Cybersecurity, Systems Engineer
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below

Role Summary

The Principal Cloud Security Engineer will implement Johnson & Johnson's enterprise Product Security strategy and framework across the Heart Recovery portfolio of medical devices and supporting platforms. This role will join Abiomed, part of Johnson & Johnson Med Tech, to provide technical leadership in securing Impella heart pump technologies, next-generation cardiac support systems, and connected medical devices. It will deliver security architecture, cryptographic controls, embedded protections, and threat mitigation techniques to ensure robust, regulatory-compliant security across the product lifecycle.

The position is based in Danvers, MA or Raritan, NJ with remote or hybrid options and may require up to 20% travel.

Responsibilities
  • Drive alignment of the Cloud security controls and documentation to the J&J Product Security framework.
  • Define and prioritize compliance with the FDA Pre-Market Guidance Appendix 1.
  • Define the security requirements for USA 510k, EU MDR, and Japan PDMA compliance.
  • Support the Product Security strategy and objectives within Heart Recovery.
  • Define and enforce cryptographic protocols for data-at-rest and data-in-transit, ensuring compliance with FDA cybersecurity requirements, NIST 800-175, FIPS 140-3, and IEC 62443.
  • Define and implement key management infrastructure (PKI, cloud-based HSMs) for device identity, authentication, and software signing.
  • Implement Zero Trust security for device-to-cloud connectivity, integrating mTLS and continuous authentication models into clinical applications.
  • Oversee secure OTA update mechanisms, ensuring software and firmware rollbacks, code signing, and supply chain integrity validation.
  • Working from the office in Danvers, MA or Raritan, NJ for a minimum of 3 days per week (candidates within commuting distance).
  • Partner with engineering teams (cloud, console) to drive adherence to product security policies, processes, framework and program objectives.
  • Create, update, and improve product security processes for the cloud infrastructure and application.
  • Demonstrate deep understanding of the Azure Cloud platform and implement security services such as Defender, WAF, NSGs, Key Vault, Azure VM Security, AKS security.
  • Act as a subject-matter expert on cybersecurity and provide guidance to engineering and cross-functional teams.
  • Advocate for proactive inclusion of cybersecurity controls across the product life cycle and contribute to strategic road map planning.
  • Deliver pre-market documentation including product security plans, threat models, security requirements, SBOMs, and risk assessments.
  • Drive and monitor post-market vulnerability management with CVE risk assessments and timelines aligned with cross-functional stakeholders.
  • Perform security risk assessments and develop security views for Cloud infrastructure and applications (Global System View, Patchability View, Multi-Patient Harm View, Security Use Case Views).
  • Collaborate with cloud engineering and development teams to integrate security measures into the CI/CD pipeline and Dev Sec Ops  processes.
  • Continuously improve Defender Score and support compliance certification activities (SOC2 Type 2, FedRAMP, ISO 27001, 81001-5-1, etc.).
  • Identify, research, evaluate, and integrate new compliance requirements, industry standards, and best practices into product security programs.
  • Maintain relationships with Heart Recovery’s Information Sharing and Analysis Organizations.
  • Guide teams to balance business needs with medical device security objectives and work across organizational boundaries with customers.
  • Perform other related duties as assigned.
Qualifications
  • Required:

    Bachelor’s degree
  • Required:

    5+ years industry experience in Information Security
  • Required:

    Experience generating threat models without threat modeling tools
  • Required:

    Experience performing risk assessments utilizing CVSS 3.1 or higher, with STRIDE per element
  • Required:

    Ability to write technical security requirements for embedded systems and web platforms based on the latest regulations
  • Required:

    Experience architecting and securing MS Azure with configuring and hardening Azure security services
  • Required:

    Experience working in a Cloud…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search