Johnson & Johnson logo

Lead Product Security Engineer

Johnson & Johnson
Remote friendly (Raritan, NJ)
United States
IT

Role Summary

Lead Product Security Engineer responsible for owning the Product Security process across pre-market and post-market activities for devices within Johnson & Johnson Heart Recovery. You will partner with engineering and cross-functional teams to drive adherence to the product security program and ensure security is built by design. You will support compliance certifications (SOC2, FedRAMP, ISO 27001, HIPAA, GDPR) and guide risk-based decisions across the product development lifecycle. Location: Danvers, MA and Raritan, NJ.

Responsibilities

  • Partner with engineering and other cross-functional teams (cloud, console, pump, etc.) to drive successful adherence to J&J Heart Recovery's product security program.
  • Deliver documentation for pre-market development activities including security plans, architecture and data flow diagrams, threat models, requirements, SBOM, and risk documentation.
  • Define and implement key management infrastructure (PKI, HSMs, TPMs, and secure enclave integration) for device identity, authentication, and software signing.
  • Monitor and drive post-market vulnerability management activities, with adherence to strict timelines.
  • Support compliance certification activities, such as SOC2, FedRAMP, ISO 27001, etc.
  • Identify, research, evaluate, and integrate new compliance requirements and industry standards/trends into the product security program.
  • Guide teams to make decisions that balance business needs with security objectives.
  • Thinks across organizational boundaries and empathizes with customers, both internal and external.
  • Performs other related duties and responsibilities, as assigned.

Qualifications

  • 4+ years industry experience in Information Security.
  • Working knowledge of regulatory standards and compliance frameworks (e.g., NIST Cybersecurity Framework, ISO27001, SOC2, HIPAA, GDPR).
  • Experience with security risk management techniques and tactics.
  • Experience working in a regulated environment, FDA-regulated preferred.
  • Demonstrated organizational skills, attention to detail, the ability to handle multiple assignments simultaneously in a timely manner and be able to meet assigned deadlines.
  • Committed to working with a sense of urgency and embracing new challenges.
  • Strong communication and interpersonal skills.

Education

  • Bachelor’s degree in Computer Science, Information Systems, or related field.

Additional Requirements

  • Up to 20% travel.