×
Register Here to Apply for Jobs or Post Jobs. X

Principal Med Device Security Engineer

Job in Garden City, Horry County, South Carolina, 29756, USA
Listing for: Scorpion Therapeutics
Full Time position
Listed on 2026-07-09
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 100000 - 130000 USD Yearly USD 100000.00 130000.00 YEAR
Job Description & How to Apply Below
Location: Garden City

Responsibilities

  • Implement J&J enterprise Product Security strategy/framework across the Heart Recovery medical device portfolio (pre- and post-market).
  • Deliver security architecture, cryptographic controls, embedded protections/controls, and threat mitigation across product lifecycle.
  • Support product development phases: review security requirements, recommend designs, complete quality documentation, perform threat modeling, coordinate third‑party penetration testing, and conduct code/software architecture security reviews.
  • Post‑market: monitor vulnerabilities, support patching/remediation, respond to security questionnaires, and review security language in contractual agreements.
  • Drive Product Security framework alignment; define secure boot, firmware integrity validation, anti‑tamper.
  • Enforce crypto for data‑at‑rest/in‑transit (FDA cybersecurity guidance, NIST 800‑175, FIPS 140‑3, IEC 62443); define key management (PKI/HSMs/TPM/secure enclave).
  • Develop real‑time vulnerability assessment for wireless (BLE, NFC, Wi‑Fi, 5G, proprietary RF); implement Zero Trust (mTLS, continuous authentication).
  • Oversee secure OTA updates (rollback protection, code signing, supply‑chain integrity).
  • Lead SDL: threat modeling, static/dynamic analysis, fuzz testing, formal verification; define hardware security architecture (trust zones, HRoT, secure microcontroller); implement memory‑safety mitigations.
Required Qualifications
  • 8+ years information security; 5+ years embedded/IoT/medical device cybersecurity;
    Bachelor’s degree/equivalent.
  • Threat modeling without tools; risk assessments using CVSS 3.1+ with STRIDE.
  • Security requirements for embedded/web; third‑party penetration testing/vuln scanning.
  • Regulatory submission experience (FDA cybersecurity guidance 2025, EU MDR, NIST 800‑53, IMDRF, AAMI TIR
    57).
  • RTOS hardening; cloud security principles; generate SBOMs; pre‑/post‑market risk assessments.
  • Security architecture views (system boundaries, data flows, external interactions); translate requirements to solutions; secure coding reviews.
  • Data privacy (HIPAA, GDPR); HITRUST/ISO 27001 knowledge; autonomy/leadership; communication/collaboration.
Preferred Qualifications
  • Formal security audit experience; QNX/QoS, Yocto, Linux (Ubuntu/Alpine); global regulatory submission familiarity.
  • Web/app + server hardening (AWS/Azure), OWASP Top 10, blue teaming; pre‑sales; software development; CISSP/CISM; MS/advanced degree.
Benefits

Vacation 120h/yr; sick time 40h/yr (48h CO, 56h WA); holidays including floating 13 days/yr; work/personal/family up to 40h/yr; parental leave 480h/within 1 year; bereavement 240h immediate/40h extended; caregiver leave 80h/52-week period; volunteer leave 32h/yr; military spouse time‑off 80h/yr.

#J-18808-Ljbffr
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary