• Create, maintain, and deepen trusted relationships with senior client stakeholders • Act as a senior advisor to clients on IAM, PAM, and Zero Trust strategy • Support contract execution and operational excellence for led accounts • Drive profitable growth through consult led identity and Zero Trust engagements • Provide deep expertise in Identity and Access Management, Privileged Access Management, and Zero Trust architectures • Lead client discussions on identity strategy, target state architecture, roadmaps, and business aligned outcomes • Ensure account compliance and act with integrity across all client engagements • Support the development of technical and consulting talent across Kyndryl

Title: Communications and Security Engineer Location: Fortitude Valley Australia Employees work in a hybrid mode Full-time State/Province: Queensland Business Group: DCS Legal Entity: AECOM Australia Pty Ltd Business Line: B&P - Buildings & Places Work Location Model: Hybrid Operating Group: International Job Description: Work with Us. Change the World. At AECOM, we''re delivering a better world. Whether improving your commute, keeping the lights on, providing access to clean water, or transforming skylines, our work helps people and communities thrive. We are the world''s trusted infrastructure consulting firm, partnering with clients to solve the world's most complex challenges and build legacies for future generations. There has never been a better time to be at AECOM. With accelerating infrastructure investment worldwide, our services are in great demand. We invite you to bring your bold ideas and big dreams and become part of a global team of over 50,000 planners, designers, engineers, scientists, digital innovators, program and construction managers and other professionals delivering projects that create a positive and tangible impact around the world. We''re one global team driven by our common purpose to deliver a better world. Join us. AECOM''s ICT & Security practice is growing, and we''re looking for experienced consultants to take on complex, high-stakes work across Defence and Federal Government. The roles sit at the Senior to Principal level, meaning you''ll lead design deliverables, represent your discipline in client meetings, and contribute to the technical quality of the team, not just execute tasks. The work spans physical security systems, passive (Layer 0 - Passive Infrastructure / Civil Infrastructure, OSP, external and internal cable containment, Layer 1 - structured cabling, fibre etc.) and active ICT infrastructure, and communications design, predominantly in environments governed by PSPF, ISM, and DSPF. If you''ve spent your career in built-environment advising, consulting, and guiding, and understand the difference between designing a system and deploying one, this role is for you. Lead the development of communications and security designs for Defence and Federal Government clients, from concept through to detailed, and construction documentation. Apply your working knowledge of AS/NZS 11801, AS/CA S009, DCCS, and DCRS to deliver compliant, buildable designs. Hold workshops and client design meetings, providing clear technical advice and manage stakeholder expectations. Mentor junior and intermediate staff and contribute to quality reviews across the broader practice. What we''re looking for: You''ll hold a tertiary qualification in electrical engineering, communications, or mechatronics, and have hands-on experience delivering integrated ICT infrastructure, structured cabling, OSP, and physical security systems in complex built environment projects. You''ll hold an AGSVA Baseline Security Clearance with a clear pathway to NV1. Candidates working towards RPEQ, SCEC registration, or RCDD/AVIXA accreditation will stand out, as will those with exposure to Systems Safety and WHS planning in regulated environments. Three to five years in a Defence environment is desirable, but the quality of your design experience matters more than the number of years. We''re one of the few firms in Australia with the scale, sector relationships, and technical depth to deliver at the intersection of ICT, security, and major infrastructure. You''ll work on projects that matter, with a team that takes quality seriously, in a practice actively investing in its people and capability. At AECOM, we are committed to maintaining a secure and trustworthy recruitment process and take any fraudulent hiring activity seriously. To support this commitment, all newly hired employees are required to attend an in-person Day 1 onboarding at an AECOM office location as a condition of employment. AECOM acknowledges the Traditional Owners and Custodians of the lands on which we, our clients and our communities live and work around Australia. We pay our respects to their cultures and to their Elders - past, present, and emerging. We are committed to connecting to Country in our work through meaningful engagement with First Nations peoples and businesses. Find out more about our Australian Reconciliation Action Plan here: https://aecom.com/au/our-vision-for-reconciliation/. About AECOM AECOM is the world's trusted infrastructure consulting firm, delivering professional services throughout the project lifecycle - from advisory, planning, design and engineering to program and construction management. On projects spanning transportation, buildings, water, new energy and the environment, our public- and private-sector clients trust us to solve their most complex challenges. Our teams are driven by a common purpose to deliver a better world through our unrivaled technical and digital expertise, a culture of equity, diversity and inclusion, and a commitment to environmental, social and governance priorities. AECOM is a Fortune 500 firm and its Professional Services business had revenue of $16.1 billion in fiscal year 2025. See how we are delivering sustainable legacies for generations to come at aecom.com and @AECOM. Freedom to Grow in a World of Opportunity You will have the flexibility you need to do your best work with hybrid work options. Whether you're working from an AECOM office, remote location or at a client site, you will be working in a dynamic environment where your integrity, entrepreneurial spirit and pioneering mindset are championed. You will help us foster a culture of equity, diversity and inclusion - a safe and respectful workplace, where we invite everyone to bring their whole selves to work using their unique talents, backgrounds and expertise to create transformational outcomes for our clients. AECOM provides a wide array of compensation and benefits programs to meet the diverse needs of our employees and their families. We also provide a robust global well-being program. We're the world's trusted global infrastructure firm, and we're in this together - your growth and success are ours too. Join us, and you'll get all the benefits of being a part of a global, publicly traded firm - access to industry-leading technology and thinking and transformational work with big impact and work flexibility. As an Equal Opportunity Employer, we believe in each person's potential, and we'll help you reach yours.

Title: Principal Med Device Security Engineer Location: Danvers United States Job Description: Full time job requisition id R-079174 At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit. Job Function: Technology Enterprise Strategy & Security Job Sub Function: Security & Controls Job Category: Scientific/Technology All Job Posting Locations: Alabama (Any City), Alabama (Any City), Alaska (Any City), Arizona (Any City), Arkansas (Any City), California (Any City), Colorado (Any City), Connecticut (Any City), Danvers, Massachusetts, United States of America, Delaware (Any City), Florida (Any City), Georgia (Any City), Hawaii (Any City), Idaho (Any City), Illinois (Any City), Indiana (Any City), Iowa (Any City), Kansas (Any City), Kentucky (Any City), Louisiana (Any City), Maine (Any City), Maryland (Any City), Massachusetts (Any City), Michigan (Any City), Minnesota (Any City) {+ 27 more} Job Description: Johnson & Johnson’s MedTech cybersecurity team is recruiting for an experienced Principal Product Security Engineer. The role can be remote-based or located onsite in Danvers, MA or Raritan, NJ. This role will require up to 10% travel. Are you passionate about security and interested in joining a community of collaborative colleagues working in a Patient First! culture? If that’s you, we have an immediate opportunity for a Principal Product Security Engineer to join the Product Cybersecurity team to help ensure security is implemented by design for this top-performing medical device company. This is an exciting opportunity to impact development initiatives that will shape future product development and industry standards. You will own the Product Security process for the products that you will support throughout the product development lifecycle which includes both pre-market and post-market processes engineering teams. If you are eager to leverage your security risk and compliance skills to make a difference and directly impact patient lives, this could be perfect for you. Purpose: The Principal Product Security Engineer will be responsible for implementation of J&J’s enterprise Product Security strategy and framework throughout the Heart Recovery portfolio of medical devices and supporting platforms. This role will join Abiomed, part of Johnson & Johnson MedTech, to provide technical expertise and strategic leadership in securing Impella heart pump technologies, next-generation cardiac support systems, and connected medical devices. This role is responsible for delivering security architecture, cryptographic controls, embedded system protections/controls, and threat mitigation techniques to ensure robust, regulatory-compliant security across the product lifecycle. Specific responsibilities include supporting heart recovery throughout a new product’s development phases, review product security requirements and recommend security design solutions, complete Quality documentation, threat modelling, coordinate third-party penetration testing, software architecture review and design recommendations, code analysis and other security testing work as needed. Additionally, this position will have post market responsibilities for Heart Recovery marketed devices include monitoring for new vulnerabilities, assisting with patching and remediation plans, as well as responding to customer security questionnaires and reviewing security language within contractual agreements as needed. - Drive alignment to J&J Product Security’s overarching framework. - Support the Product Security strategy and objectives within Heart Recovery - Define and implement secure boot, firmware integrity validation, and anti-tamper mechanisms to protect Heart Recovery Device firmware against unauthorized modification. - Enforce cryptographic protocols for data-at-rest and data-in-transit, ensuring compliance with FDA cybersecurity requirements, NIST 800-175, FIPS 140-3, and IEC 62443. - Define and implement key management infrastructure (PKI, HSMs, TPMs, and secure enclave integration) for device identity, authentication, and software signing. - Develop real-time vulnerability assessment techniques for detecting security flaws in wireless communications (Bluetooth LE, NFC, Wi-Fi, 5G, proprietary RF) used in Heart Recovery’s medical devices. - Implement Zero Trust security for device-to-cloud connectivity, integrating mTLS and continuous authentication models into clinical applications. - Oversee secure OTA (over-the-air) update mechanisms, ensuring firmware rollbacks, code signing, and supply chain integrity validation. - Embedded Security & Secure Development Lifecycle: - Lead Secure Development Lifecycle practices, integrating threat modeling, static/dynamic analysis, fuzz testing, and formal verification into the development process. - Work with R&D Engineering to define hardware security architecture, including trust zones, hardware root of trust (HRoT), and secure microcontroller protections - Implement memory safety strategies to mitigate buffer overflows, side-channel attacks, and execution vulnerabilities in real-time operating systems (RTOS) and bare-metal firmware. - Respond to customer cybersecurity questionnaires and contractual language for post-market medical devices under your responsibility as necessary. Qualifications Required: - 8+ years industry experience in Information Security - 5+ years experience with embedded system, IOT, or medical device cybersecurity - Bachelor’s degree or equivalent - Experience generating Threat models without the use of threat modeling tools - Experience performing risk assessments utilizing CVSS 3.1 or higher, with STRIDE per element - Ability to write technical security requirements for embedded systems and web platforms based on the latest regulations - Understanding and execution of third-party penetration testing, vulnerability scanning, CVSS and/or other general security testing principles - Experience supporting regulatory security submissions, ensuring compliance with FDA Cybersecurity Guidance (2025), EU MDR, NIST 800-53, IMDRF, and AAMI TIR57. - Knowledge of real-time operating systems hardening techniques - Knowledge of cloud security principles - Ability to generate SBOMs from Software source code and Binaries, Firmware, and Operating Systems - Ability to generate pre-market risk assessments against the threat model leveraging STRIDE and post-market risk assessments via SCA SBOM scans. - Ability to generate the security architecture views for medical devices that could include: Global System View, Multi-Patient Harm View, Updateability/Patchability view and, detailing system boundaries, data flows, and external interactions to show risk mitigation, ensuring transparency, and supporting post-market management - Ability to translate technical security requirements into solutions - Ability to provide secure coding recommendations and execute reviews - Data privacy experience, including HIPAA and GDPR - Understanding of industry standards and certifications such as HITRUST & ISO 27001 - Ability to work autonomously and proactively seek out product security opportunities within heart recovery - Ability to lead large projects and proven ability to track to project plan timelines from a security perspective - Ability to create and deliver cybersecurity awareness campaigns and other communications - Creative problem-solving skills - Customer focus (internal & external) - Excellent communication and collaboration skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally - Strong leadership skills Preferred: - Experience leading or participating in formal security audits - Experience with Operating Systems such as QNX QOS, Yocto, Linux Ubuntu. Alpine - Familiarity with FDA and/or other global regulatory cybersecurity guidance requirements and submission process - Experience with web applications and server hardening (i.e. AWS, Azure) including knowledge of OWASP Top 10 and blue teaming techniques - Experience in cybersecurity pre-sales - Software development experience - CISSP, CISM, or other security certification - MS and/or advanced degree Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act. Johnson & Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, please contact us via https://www.jnj.com/contact-us/careers or contact AskGS to be directed to your accommodation resource. #JNJTECH Required Skills: Product Security Preferred Skills: The anticipated base pay range for this position is : $102,000.00 - $177,100.00 Additional Description for Pay Transparency: Subject to the terms of their respective plans, employees are eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)). Subject to the terms of their respective policies and date of hire, employees are eligible for the following time off benefits: • Vacation –120 hours per calendar year • Sick time - 40 hours per calendar year; for employees who reside in the State of Colorado –48 hours per calendar year; for employees who reside in the State of Washington –56 hours per calendar year • Holiday pay, including Floating Holidays –13 days per calendar year • Work, Personal and Family Time - up to 40 hours per calendar year • Parental Leave – 480 hours within one year of the birth/adoption/foster care of a child • Bereavement Leave – 240 hours for an immediate family member: 40 hours for an extended family member per calendar year • Caregiver Leave – 80 hours in a 52-week rolling period10 days • Volunteer Leave – 32 hours per calendar year • Military Spouse Time-Off – 80 hours per calendar year For additional general information on Company benefits, please go to: - https://www.careers.jnj.com/employee-benefits

• Own and operate application security across the SDLC. • Identify and assess application security risks, partnering with Engineering teams on remediation. • Perform secure code reviews (primarily .NET) and support secure development practices. • Lead threat modelling and security assessments across applications and automation workflows. • Adapt security practices to suit different team maturity levels, balancing uplift, standardisation and delivery needs. • Own and optimise AppSec tooling (SAST, DAST, SCA) across CI/CD pipelines. • Ensure effective security testing without impacting delivery velocity. • Own vulnerability visibility, prioritisation and reporting. • Define and apply secure design and development standards. • Establish Security Champions across development teams. • Mentor developers and uplift secure coding capability across teams.