Principal Product Security Engineer
Not Disclosed•Full-TimeHybrid
location_onHybrid
About Johnson & Johnson
At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity.
About the Role
We are searching for a Principal Product Security Engineer to join the newly formed Product Security team within our Abiomed division. This role is designed for a passionate security professional interested in a collaborative, "Patient First!" culture. You will help ensure security is implemented by design for a top-performing medical device company, impacting development initiatives that will shape future product development and industry standards.
In this position, you will own the Product Security process, covering both pre-market and post-market phases that engineering teams leverage throughout the product development lifecycle. You will act as a Subject Matter Expert (SME) on cybersecurity matters, guiding teams to make decisions that balance business needs with medical device security objectives. Your work will directly influence how security risk and compliance skills are applied to make a difference in patient lives.
Location and Work Model
This role is based in Danvers, MA, or Raritan, NJ. Candidates located within commutable distance to the site are expected to be in the office for a minimum of three days per week. Remote work options may be considered on a case-by-case basis if approved by the Company.
Hiring Process
Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants' needs. If you are an individual with a disability and would like to request an accommodation, please email the Employee Health Support Center at ra-employeehealthsup@its.jnj.com or contact AskGS to be directed to your accommodation resource.
Equal Opportunity
Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status, or other characteristics protected by federal, state, or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.
Work location
Work model: Hybrid
Hybrid
Key Responsibilities
- check_circlePartner with engineering teams to drive adherence to product security policies and program objectives
- check_circleCreate, update, and improve product security processes throughout the development lifecycle
- check_circleDrive and monitor post-market vulnerability management activities within strict timelines
- check_circleSupport compliance certification activities such as SOC2, FedRAMP, and ISO 27001
- check_circleIdentify and integrate new compliance requirements and industry standards into security programs
- check_circleGuide teams to balance business needs with medical device security objectives
- check_circleDeliver pre-market documentation including security plans, threat models, and risk management artifacts
- check_circleAct as a subject matter expert to provide security guidance to development teams
Requirements
- verifiedBachelor's degree
- verified5+ years industry experience in Information Security
- verifiedWorking knowledge of regulatory standards and compliance frameworks (e.g., NIST Cybersecurity Framework, ISO27001, SOC2, HIPAA, GDPR)
- verifiedExperience with security risk management techniques
Nice to Have
Experience working in a regulated environment, specifically FDA-regulated.
Benefits & Perks
check_circleMedical, dental, vision, life, short- and long-term disability, business accident, and group legal insurancecheck_circleConsolidated retirement plan (pension) and 401(k) savings plancheck_circleVacation time up to 120 hours per calendar yearcheck_circleSick time up to 40 hours per calendar year (56 hours for Washington residents)check_circleHoliday pay including up to 13 floating holidays per calendar yearcheck_circlePersonal and Family Time up to 40 hours per calendar yearcheck_circleAnnual performance-based cash bonus program
Similar Job Opportunities
Skills, education and keywords
Skills: Nist Cybersecurity Framework, Iso27001, Soc2, Hipaa, GDPR, Fedramp, Iso 27001, Security Risk Management, Threat Models, Sbom.
Education: Bachelor's degree required.
Frequently asked questions about Principal Product Security Engineer at Johnson & Johnson
What does a Principal Product Security Engineer at Johnson & Johnson do?expand_more
In this Principal Product Security Engineer at Johnson & Johnson role, you will partner with engineering teams to drive adherence to product security policies and program objectives; create, update, and improve product security processes throughout the development lifecycle; drive and monitor post-market vulnerability management activities within strict timelines; and support compliance certification activities such as soc2, fedramp, and iso 27001.
What are the requirements for this Principal Product Security Engineer role?expand_more
To qualify for the Principal Product Security Engineer at Johnson & Johnson position, applicants should have: Bachelor's degree; 5+ years industry experience in Information Security; Working knowledge of regulatory standards and compliance frameworks (e.g., NIST Cybersecurity Framework, ISO27001, SOC2, HIPAA, GDPR); and Experience with security risk management techniques.
Where is the Principal Product Security Engineer role at Johnson & Johnson located?expand_more
Principal Product Security Engineer at Johnson & Johnson is based in Hybrid. This is a hybrid role.
Is this Principal Product Security Engineer job remote, hybrid, or on-site?expand_more
Johnson & Johnson has listed this Principal Product Security Engineer role as hybrid.
How much experience is required for this Principal Product Security Engineer role?expand_more
Principal Product Security Engineer at Johnson & Johnson typically requires 5+ years of relevant experience at the lead level.
What skills do you need for the Principal Product Security Engineer role at Johnson & Johnson?expand_more
Key skills for Principal Product Security Engineer at Johnson & Johnson include Nist Cybersecurity Framework; Iso27001; Soc2; Hipaa; GDPR; Fedramp; Iso 27001; and Security Risk Management.
What education is required for Principal Product Security Engineer at Johnson & Johnson?expand_more
Educational requirements for this role: Bachelor's degree required.
What category does the Principal Product Security Engineer role belong to?expand_more
Principal Product Security Engineer at Johnson & Johnson is part of the IT job category on Recrutus.
About Johnson & Johnson
JNJ Online Auction Service of Fremont LLC specializes in facilitating the acquisition and disposition of medical equipment and assets for healthcare providers. Based in New Brunswick, NJ, the service supports hospitals, clinics, and health systems by offering a streamlined platform for auctioning surplus, used, or obsolete equipment. This solution helps institutions optimize resource management while ensuring cost-effective access to essential medical tools. Operating within the Hospitals and Health Care industry, the service aligns with its parent company’s commitment to advancing healthcare innovation through practical, scalable support systems. By connecting buyers and sellers in the healthcare sector, JNJ Online Auction Service of Fremont LLC contributes to improving operational efficiency and sustainability in medical facilities. The company’s approach reflects a focus on reliability, transparency, and meeting the evolving needs of healthcare professionals.
Browse more roles: All Johnson & Johnson jobs, IT jobs on Recrutus.