At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Security & Controls

Job Category:

People Leader

All Job Posting Locations:

US160 NJ Raritan - 1003 US Highway 202 N, US345 MA Danvers - 22 Cherry Hill Dr

Job Description:

We are searching for the best talent for Technical Fellow, Product Security in Danvers, MA or Raritan, NJ. Position open to remote work in the US.

Fueled by innovation at the intersection of biology and technology, we’re developing the next generation of smarter, less invasive, more personalized treatments.

Your unique talents will help patients on their journey to wellness. Learn more at https://www.jnj.com/medtech

Purpose: The Fellow will join Abiomed, part of Johnson & Johnson MedTech, to provide technical expertise and strategic leadership in securing Impella heart pump technologies, next-generation cardiac support systems, and connected medical devices. This role is responsible for defining and driving security architecture, cryptographic strategies, embedded system protections/controls, and threat mitigation techniques to ensure robust, regulatory-compliant security across the product lifecycle.

As a recognized product cybersecurity expert, you will influence secure design, architecture, and risk mitigation approaches, engaging with R&D, Cloud Engineering, AI/ML teams, Regulatory Affairs, Quality, and Manufacturing to drive a world-class medical device security program.

You will be responsible for:

Leadership & Industry Influence

• Play a critical role in shaping Abiomed’s cybersecurity strategy and influencing senior leadership to ensure security is a core component of business and technology decisions.

• Articulate the importance of cybersecurity as a business enabler, aligning security investments with Abiomed’s innovation roadmap and patient safety goals.

• Provide cybersecurity briefings to Abiomed heart recovery global management board and senior leadership, emphasizing risk management, regulatory compliance, and industry trends. Translate technical cybersecurity risks into business risks, ensuring leadership understands the financial, operational, and reputational impact of security decisions.

• Advocate for product security funding and resource allocation, ensuring product security is embedded in R&D budgets and technology roadmaps.

• Act as the technical cybersecurity thought leader, engaging with executives, regulatory agencies, and global cybersecurity consortia to shape medical device security best practices.

• Mentor and upskill internal teams, fostering a security-first engineering culture

• Scope: Is responsible for an operating budget of $2M and lead a team of 7 to 10 engineers.

Security Architecture & Cryptography

• Architect end-to-end security solutions for implantable, wearable, and external cardiac assist devices, ensuring protection from cyber threats across embedded, edge, cloud, and mobile ecosystems.

• Define and implement secure boot, firmware integrity validation, and anti-tamper mechanisms to protect Impella firmware against unauthorized modification.

• Enforce cryptographic protocols for data-at-rest and data-in-transit, ensuring compliance with NIST 800-175, FIPS 140-3, IEC 62443, and FDA cybersecurity requirements.

• Design key management infrastructure (PKI, HSMs, TPMs, and secure enclave integration) for device identity, authentication, and software signing.

Embedded Security & Secure Development Lifecycle

• Lead Secure Development Lifecycle practices, integrating threat modeling, static/dynamic analysis, fuzz testing, and formal verification into the development process.

• Define hardware security architecture, including trust zones, hardware root of trust (HRoT), and secure microcontroller protections

• Implement memory safety strategies to mitigate buffer overflows, side-channel attacks, and execution vulnerabilities in real-time operating systems (RTOS) and bare-metal firmware.

Product Security Framework, Vulnerability Management & Zero Trust

• Use J&J’s ISRM Product Security framework to ensure a structured, risk-based approach to identifying, assessing, mitigating, monitoring and resolving cybersecurity threats across the medical device total product lifecycle

• Utilize MITRE CVSS rubric for medical devices and structured threat modeling methodologies (STRIDE) to assess vulnerabilities, prioritize risks based on clinical impact, and implement proactive security controls

• Develop real-time vulnerability assessment techniques for detecting security flaws in wireless communications (Bluetooth LE, NFC, Wi-Fi, 5G, proprietary RF) used in Abiomed’s devices.

• Implement Zero Trust security for device-to-cloud connectivity, integrating mTLS, OAuth2, and continuous authentication models into clinical applications.

• Oversee secure OTA (over-the-air) update mechanisms, ensuring firmware rollbacks, code signing, and supply chain integrity validation.

Regulatory Compliance & Post-Market Security

• Lead regulatory security submissions, ensuring compliance with FDA Cybersecurity Guidance (2023), EU MDR, NIST 800-53, IMDRF, and AAMI TIR57.

• Ensure post-market cybersecurity monitoring and SBOM management strategies, integrating real-time CVE tracking, AI-driven anomaly detection, and automated patch validation.

• Oversee Product Security Incident Response for real-time incident response, forensic analysis, and coordinated vulnerability disclosure

Qualifications & Experience:

• Bachelor’s Computer Science, Electrical Engineering, Cybersecurity, or Embedded Systems or equivalent experience

• 15+ years of working experience

• Expertise in secure microcontroller architectures and hardware security modules (HSMs).

• Understanding of PKI, TLS 1.3, and cryptographic primitives used in medical devices.

• Strong background in threat modeling for cybersecurity, and security analytics in medical devices and digital medical devices ecosystems

• Experience with secure OTA updates, SBOM automation, and FDA cybersecurity premarket/post market processes.

• Security certifications such as CISSP, CSSLP, OSCP, CEH, or GIAC GICSP are highly preferred.

This is a remote role available in all states within the US . While specific cities are listed in the Locations section for reference, please note that they are examples only and do not limit your application. We invite candidates from any location across the country to apply.

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act.

Johnson and Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, please email the Employee Health Support Center (ra-employeehealthsup@its.jnj.com) or contact AskGS to be directed to your accommodation resource.

#LI-Remote

The anticipated base pay range for this position is :

Additional Description for Pay Transparency:

The anticipated base pay range for this position is $146,000 to $251,850. Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar/performance year. Bonuses are awarded at the Company’s discretion on an individual basis. Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance. Employees may be eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)). This position is eligible to participate in the Company’s long-term incentive program. Employees are eligible for the following time off benefits: Vacation – up to 120 hours per calendar year Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington – up to 56 hours per calendar year Holiday pay, including Floating Holidays – up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year Additional information can be found through the link below. https://www.careers.jnj.com/employee-benefits