Johnson & Johnson
Principal Product Security Engineer
Johnson & Johnson, Danvers, Massachusetts, us, 01923
Johnson & Johnson is recruiting for a Principal Product Security Engineer to be located in Danvers, MA. Remote work options may be considered on a case-by-case basis and if approved by the Company.
At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity.
For more than 130 years, diversity, equity & inclusion (DEI) has been a part of our cultural fabric at Johnson & Johnson. Our diverse workforce and culture of belonging accelerate innovation to solve the world’s most pressing healthcare challenges.
Are you passionate about security and interested in joining a community of collaborative colleagues working in a Patient First! culture? If that’s you, we have an immediate opportunity for a Product Security Analyst to join the newly formed Product Security team to help ensure security is implemented by design for this top-performing medical device company. This is an exciting opportunity to impact development initiatives that will shape future product development and industry standards.
Primary Duties and Responsibilities:
Being at the office in Danvers MA for a minimum of 3 days per week (for candidates within commutable distance to site).
Partner with engineering teams (cloud, console, pump, etc.) to drive successful adherence to Abiomed’s product security policies, processes, program objectives.
Create, update, and improve product security processes.
Act as a SME on cyber security matters and provide guidance to development teams.
Advocate for proactive inclusion of cyber security input into all phases of the product life cycle.
Deliver documentation for pre-market product development activities including security plans, architecture diagrams, data flow diagrams, threat models, security requirements, Design for Security, SBOM, and risk management documentation.
Drive and monitor post-market vulnerability management activities, with adherence to strict timelines.
Support compliance certification activities, such as SOC2, FedRAMP, ISO 27001, etc.
Identify, research, evaluate, and integrate new compliance requirements, industry standards, and best practices into the product security programs.
Maintain relationships with Abiomed’s Information Sharing and Analysis Organizations.
Guide teams to make decisions that balance business needs with medical device security objectives.
Work across organizational boundaries and exhibit empathy with customers, both internal and external.
Perform other related duties and responsibilities, as assigned.
QualificationsRequired:
Bachelor’s degree.
5+ years industry experience in Information Security.
Working knowledge of regulatory standards and compliance frameworks (e.g., NIST Cybersecurity Framework, ISO27001, SOC2, HIPAA, GDPR).
Experience with security risk management techniques.
Demonstrated organizational skills, attention to detail, and ability to handle multiple assignments simultaneously.
Strong communication and interpersonal skills.
Preferred:
Experience working in a regulated environment, FDA-regulated.
The anticipated base pay range for this position is $99,000- $170,200.
Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com.
#J-18808-Ljbffr
At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity.
For more than 130 years, diversity, equity & inclusion (DEI) has been a part of our cultural fabric at Johnson & Johnson. Our diverse workforce and culture of belonging accelerate innovation to solve the world’s most pressing healthcare challenges.
Are you passionate about security and interested in joining a community of collaborative colleagues working in a Patient First! culture? If that’s you, we have an immediate opportunity for a Product Security Analyst to join the newly formed Product Security team to help ensure security is implemented by design for this top-performing medical device company. This is an exciting opportunity to impact development initiatives that will shape future product development and industry standards.
Primary Duties and Responsibilities:
Being at the office in Danvers MA for a minimum of 3 days per week (for candidates within commutable distance to site).
Partner with engineering teams (cloud, console, pump, etc.) to drive successful adherence to Abiomed’s product security policies, processes, program objectives.
Create, update, and improve product security processes.
Act as a SME on cyber security matters and provide guidance to development teams.
Advocate for proactive inclusion of cyber security input into all phases of the product life cycle.
Deliver documentation for pre-market product development activities including security plans, architecture diagrams, data flow diagrams, threat models, security requirements, Design for Security, SBOM, and risk management documentation.
Drive and monitor post-market vulnerability management activities, with adherence to strict timelines.
Support compliance certification activities, such as SOC2, FedRAMP, ISO 27001, etc.
Identify, research, evaluate, and integrate new compliance requirements, industry standards, and best practices into the product security programs.
Maintain relationships with Abiomed’s Information Sharing and Analysis Organizations.
Guide teams to make decisions that balance business needs with medical device security objectives.
Work across organizational boundaries and exhibit empathy with customers, both internal and external.
Perform other related duties and responsibilities, as assigned.
QualificationsRequired:
Bachelor’s degree.
5+ years industry experience in Information Security.
Working knowledge of regulatory standards and compliance frameworks (e.g., NIST Cybersecurity Framework, ISO27001, SOC2, HIPAA, GDPR).
Experience with security risk management techniques.
Demonstrated organizational skills, attention to detail, and ability to handle multiple assignments simultaneously.
Strong communication and interpersonal skills.
Preferred:
Experience working in a regulated environment, FDA-regulated.
The anticipated base pay range for this position is $99,000- $170,200.
Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com.
#J-18808-Ljbffr