More jobs:
Principal Med Device Security Engineer
Job in
Garden City, Horry County, South Carolina, 29756, USA
Listed on 2026-07-09
Listing for:
Scorpion Therapeutics
Full Time
position Listed on 2026-07-09
Job specializations:
-
IT/Tech
Cybersecurity, Information Security
Job Description & How to Apply Below
Responsibilities
- Implement J&J enterprise Product Security strategy/framework across the Heart Recovery medical device portfolio (pre- and post-market).
- Deliver security architecture, cryptographic controls, embedded protections/controls, and threat mitigation across product lifecycle.
- Support product development phases: review security requirements, recommend designs, complete quality documentation, perform threat modeling, coordinate third‑party penetration testing, and conduct code/software architecture security reviews.
- Post‑market: monitor vulnerabilities, support patching/remediation, respond to security questionnaires, and review security language in contractual agreements.
- Drive Product Security framework alignment; define secure boot, firmware integrity validation, anti‑tamper.
- Enforce crypto for data‑at‑rest/in‑transit (FDA cybersecurity guidance, NIST 800‑175, FIPS 140‑3, IEC 62443); define key management (PKI/HSMs/TPM/secure enclave).
- Develop real‑time vulnerability assessment for wireless (BLE, NFC, Wi‑Fi, 5G, proprietary RF); implement Zero Trust (mTLS, continuous authentication).
- Oversee secure OTA updates (rollback protection, code signing, supply‑chain integrity).
- Lead SDL: threat modeling, static/dynamic analysis, fuzz testing, formal verification; define hardware security architecture (trust zones, HRoT, secure microcontroller); implement memory‑safety mitigations.
- 8+ years information security; 5+ years embedded/IoT/medical device cybersecurity;
Bachelor’s degree/equivalent. - Threat modeling without tools; risk assessments using CVSS 3.1+ with STRIDE.
- Security requirements for embedded/web; third‑party penetration testing/vuln scanning.
- Regulatory submission experience (FDA cybersecurity guidance 2025, EU MDR, NIST 800‑53, IMDRF, AAMI TIR
57). - RTOS hardening; cloud security principles; generate SBOMs; pre‑/post‑market risk assessments.
- Security architecture views (system boundaries, data flows, external interactions); translate requirements to solutions; secure coding reviews.
- Data privacy (HIPAA, GDPR); HITRUST/ISO 27001 knowledge; autonomy/leadership; communication/collaboration.
- Formal security audit experience; QNX/QoS, Yocto, Linux (Ubuntu/Alpine); global regulatory submission familiarity.
- Web/app + server hardening (AWS/Azure), OWASP Top 10, blue teaming; pre‑sales; software development; CISSP/CISM; MS/advanced degree.
Vacation 120h/yr; sick time 40h/yr (48h CO, 56h WA); holidays including floating 13 days/yr; work/personal/family up to 40h/yr; parental leave 480h/within 1 year; bereavement 240h immediate/40h extended; caregiver leave 80h/52-week period; volunteer leave 32h/yr; military spouse time‑off 80h/yr.
#J-18808-LjbffrTo View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
Search for further Jobs Here:
×