Principal Product Security Engineer

Location: Remote (U.S.‑based; West Coast preferred)
Reporting to: Director of Product Security

We are seeking a seasoned Principal Product Security Engineer to support a critical medical device program within the J&J Monarch platform. This role will serve as a senior‑level advisor and hands‑on contributor, to address program delays, close cybersecurity gaps, and drive regulatory‑ready deliverables.

This individual must be able to hit the ground running, operate independently, and bring deep experience across medtech cybersecurity, product security risk management, and FDA‑facing documentation. The role will work across one major product line, ensuring alignment and consistency in security deliverables.

This engagement is expected to run through end of Q3 or end of Q4.

• Serve as a senior advisor and execution lead for product cybersecurity activities across medical device programs
• Lead and refresh product security threat models and risk assessments
• Own product security risk assessments and vulnerability assessments, including remediation tracking
• Manage and re‑launch penetration testing initiatives, including:
  • Reviewing pen test results
  • Driving remediation efforts
  • Re‑initiating testing once findings are addressed
• Perform hands‑on security testing on physical medical devices and embedded systems, not solely simulations or documentation‑based assessments
• Develop, maintain, and deliver FDA‑facing cybersecurity documentation, including:
  • Cybersecurity metrics submissions
  • Product Security Reports
  • MDS² (MDS Square) documentation
  • Cybersecurity whitepapers
• Conduct consistency checks between two product lines, ensuring standardized deliverables and alignment
• Apply CVSS methodology for vulnerability scoring and align assessments with internal and regulatory expectations
• Work closely with cross‑functional partners in R&D software, regulatory, quality, and cybersecurity teams
• Operate hands‑on within QMS systems, ensuring compliance and audit‑ready documentation
  
  

• 5-6 years of experience in product security, cybersecurity, or related roles within medical device / medtech environments
• Proven experience supporting FDA cybersecurity documentation and regulatory submissions
• Strong background in:
  • Product security risk assessments
  • Threat modeling
  • Vulnerability management
  • Penetration testing lifecycle management
• Demonstrated experience conducting hands‑on product security testing on physical devices
• Hands‑on experience working within QMS systems
• Working knowledge of CVSS vulnerability scoring methodology
• Ability to operate independently as a senior, lead, or principal‑level contributor
• Comfortable working in fast‑moving environments with limited direction; no hand‑holding required
  
  

• Experience performing or supporting DFMEA activities, particularly integrating cybersecurity risks into DFMEA documentation
• Experience supporting multiple product lines simultaneously
• Prior consulting or advisory experience
• Strong ability to translate technical cybersecurity findings into regulatory‑ready documentation
• Experience aligning cybersecurity deliverables across teams for consistency and audit readiness
  

EOE Statement: Specialist Staffing Group is an equal opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or veteran status.

To find out more about Real, please visit www.realstaffing.com