Johnson & Johnson logo

Lead Product Security Engineer

Johnson & Johnson
June 26, 2026
Remote friendly (Raritan, NJ)
United States
IT
Product Security Analyst (J&J Heart Recovery)

Responsibilities:
- Partner with engineering and cross-functional teams (cloud, console, pump, etc.) to drive adherence to the product security program.
- Create pre-market security documentation: security plans, architecture/data flow diagrams, threat models, requirements, SBOM, and risk documentation.
- Define and implement key management infrastructure (PKI, HSMs, TPMs, secure enclave integration) for device identity, authentication, and software signing.
- Monitor and manage post-market vulnerability management with strict timelines.
- Support compliance certification activities (e.g., SOC2, FedRAMP, ISO 27001).
- Identify and integrate new compliance requirements and industry standards/trends into the product security program.
- Help teams balance business needs with security objectives.
- Perform other related duties as assigned.

Qualifications:
- Bachelor’s degree in Computer Science, Information Systems, or related field.
- 4+ years of Information Security experience.
- Working knowledge of regulatory standards/compliance frameworks (e.g., NIST CSF, ISO 27001, SOC2, HIPAA, GDPR).
- Security risk management experience.
- Regulated environment experience; FDA-regulated preferred.
- Strong organization, attention to detail, ability to meet deadlines; strong communication/interpersonal skills.

Other:
- Up to 20% travel.

Benefits (as stated): medical, dental, vision, life insurance, short- and long-term disability, retirement plans (pension/401(k)), and time off (e.g., vacation, sick time, holidays, parental leave).