Lead Product Security Engineer

Role Summary

Lead Product Security Engineer responsible for owning and driving the product security program across the full product development lifecycle for J&J Heart Recovery devices. You will partner with engineering and cross-functional teams to ensure security-by-design and regulatory compliance, influence development initiatives, and help shape future product development and industry standards. You will work in a Patient First culture to directly impact patient lives.

Responsibilities

• Partner with engineering and other cross-functional teams (cloud, console, pump, etc.) to drive successful adherence to J&J Heart Recovery's product security program.
• Deliver documentation for pre-market development activities including security plans, architecture and data flow diagrams, threat models, requirements, SBOM, and risk documentation.
• Define and implement key management infrastructure (PKI, HSMs, TPMs, and secure enclave integration) for device identity, authentication, and software signing.
• Monitor and drive post-market vulnerability management activities, with adherence to strict timelines.
• Support compliance certification activities, such as SOC2, FedRAMP, ISO 27001, etc.
• Identify, research, evaluate, and integrate new compliance requirements and industry standards/trends into the product security program.
• Guide teams to make decisions that balance business needs with security objectives.
• Think across organizational boundaries and empathize with customers, both internal and external.
• Perform other related duties and responsibilities, as assigned.

Qualifications

• Required: 4+ years of industry experience in Information Security.
• Required: Working knowledge of regulatory standards and compliance frameworks (e.g., NIST Cybersecurity Framework, ISO27001, SOC2, HIPAA, GDPR).
• Required: Experience with security risk management techniques and tactics.
• Preferred: FDA-regulated environment experience.
• Required: Demonstrated organizational skills, attention to detail, the ability to handle multiple assignments simultaneously in a timely manner, and ability to meet deadlines.
• Required: Committed to working with a sense of urgency and embracing new challenges.
• Required: Strong communication and interpersonal skills.

Education

• Bachelor’s degree in Computer Science, Information Systems, or related field.

Additional Requirements

• Up to 20% travel.