Lead Product Security Engineer

Job Overview

Johnson & Johnson’s Heart Recovery division is redefining team‑driven success in heart recovery. The Product Security Analyst will join the newly formed Product Security team to ensure security is built into the device from design through post‑market. This role is critical to integrating cybersecurity activities across the entire product lifecycle and supporting compliance certification.

• Partner with engineering and cross‑functional teams (cloud, console, pump, etc.) to drive adherence to the product security program.
• Deliver documentation for pre‑market development activities including security plans, architecture and data flow diagrams, threat models, requirements, SBOM, and risk documentation.
• Define and implement key‑management infrastructure (PKI, HSMs, TPMs, and secure enclave integration) for device identity, authentication, and software signing.
• Monitor and drive post‑market vulnerability management activities with strict adherence to timelines.
• Support compliance certification activities such as SOC2, FedRAMP, ISO 27001, etc.
• Identify, research, evaluate, and integrate new compliance requirements and industry standards/trends into the product security program.
• Guide teams to balance business needs with security objectives and make informed decisions across organizational boundaries.
• Perform other related duties and responsibilities as assigned.

• Bachelor’s degree in Computer Science, Information Systems, or a related field.
• 4+ years of industry experience in Information Security.
• Working knowledge of regulatory standards and compliance frameworks such as NIST Cybersecurity Framework, ISO 27001, SOC2, HIPAA, and GDPR.
• Experience with security risk management techniques and tactics.
• Experience working in a regulated environment (FDA‑regulated preferred).
• Demonstrated organizational skills, attention to detail, and ability to manage multiple assignments simultaneously.
• Strong communication and interpersonal skills.
• Commitment to working with a sense of urgency and embracing new challenges.

Travel: up to 20%.

Anticipated base pay range: $94,000 – $151,800.

• Medical, dental, vision, life insurance.
• Short- and long-term disability, business accident insurance, and group legal insurance.
• Consolidated retirement plan (pension) and 401(k) savings plan.
• Paid time off: vacation (120 hrs/yr), sick time (40 hrs/yr), holiday pay (13 days/yr), work/family time (up to 40 hrs/yr), parental leave (480 hrs/yr), condolence leave, caregiver leave, volunteer leave, military spouse time‑off.

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or any other characteristic protected by federal, state or local law. Johnson & Johnson actively seeks qualified candidates who are protected veterans and individuals with disabilities. The company is committed to providing an inclusive interview process that accommodates applicants’ needs.

If you have a disability and would like to request an accommodation, please contact us via  or ask GS for your accommodation resource.