Johnson & Johnson MedTech
Staff Product Security Engineer
Johnson & Johnson MedTech, Cincinnati, Ohio, United States, 45208
Join Johnson & Johnson MedTech as a
Staff Product Security Engineer . At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Job Description: Fueled by innovation at the intersection of biology and technology, we’re developing the next generation of smarter, less invasive, more personalized treatments. The Staff Product Security Engineer will be a key member of the Capital R&D organization, making vital contributions to the New Product Development (NPD) pipeline and transforming patient care through innovation. Responsibilities: Identify threats and vulnerabilities to patient safety and product integrity, assess current security controls and determine potential impact of a threat and the risk level associated with threat/vulnerability pairs. Drive architecture, requirements, and design to ensure that decisions incorporate security considerations. Advise embedded system security software to ensure system hardening and secure coding practices. Support all stakeholders on patch management, vulnerability handling, and SBOM scanning. Document designs and specifications per design control processes and conform to Industry Standards for Medical Device Software (IEC 62304). Qualifications: Bachelor’s degree in Computer Science, Computer Engineering, Cybersecurity or related degree. Experience And Skills: 6+ years’ experience (or 4+ with M.S.) establishing security architecture or implementing security solutions in consumer products or medical devices. 3+ experience in a software engineering or software architectural role in a New Product Development (NPD) environment. Proven experience with threat modeling and risk assessments for connected products or medical devices. Ability to work autonomously and proactively seek out security opportunities within the different surgical robotics teams. Ability to think big picture and have attention to detail – aligning strategic objectives with tactical implementation. Proven experience with electrical and embedded software design. Experience developing software for embedded Real-Time Operating Systems (RTOS). Experience developing embedded software systems using Modern C++ (preferably standards 17+). A results and performance driven demeanor with strong sense of accountability. Understanding of penetration testing, vulnerability scanning, and/or other general security testing principles. Preferred Skills & Experience: Experience with FDA, data governance, and privacy standards (HIPAA, ISO 27001, UL 2900). Work experience with Systems Engineering activities: requirements management and development, risk management, and verification. Strong collaboration, proven technical leadership capabilities, and conflict resolution skills. A security certification from an accredited body is preferred and may be considered in lieu of a portion of required years of experience. Experience working with secure boot, Trusted Platform Module (TPM), Data Distribution System (DDS), and QNX. Other Requirements: Ability to travel up to 10% domestic US and Internationally. The anticipated base pay range for this position is $105,000- $169,050. California Bay Area - The anticipated base pay range for this position is $141,000 – $227,000. Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law.
#J-18808-Ljbffr
Staff Product Security Engineer . At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Job Description: Fueled by innovation at the intersection of biology and technology, we’re developing the next generation of smarter, less invasive, more personalized treatments. The Staff Product Security Engineer will be a key member of the Capital R&D organization, making vital contributions to the New Product Development (NPD) pipeline and transforming patient care through innovation. Responsibilities: Identify threats and vulnerabilities to patient safety and product integrity, assess current security controls and determine potential impact of a threat and the risk level associated with threat/vulnerability pairs. Drive architecture, requirements, and design to ensure that decisions incorporate security considerations. Advise embedded system security software to ensure system hardening and secure coding practices. Support all stakeholders on patch management, vulnerability handling, and SBOM scanning. Document designs and specifications per design control processes and conform to Industry Standards for Medical Device Software (IEC 62304). Qualifications: Bachelor’s degree in Computer Science, Computer Engineering, Cybersecurity or related degree. Experience And Skills: 6+ years’ experience (or 4+ with M.S.) establishing security architecture or implementing security solutions in consumer products or medical devices. 3+ experience in a software engineering or software architectural role in a New Product Development (NPD) environment. Proven experience with threat modeling and risk assessments for connected products or medical devices. Ability to work autonomously and proactively seek out security opportunities within the different surgical robotics teams. Ability to think big picture and have attention to detail – aligning strategic objectives with tactical implementation. Proven experience with electrical and embedded software design. Experience developing software for embedded Real-Time Operating Systems (RTOS). Experience developing embedded software systems using Modern C++ (preferably standards 17+). A results and performance driven demeanor with strong sense of accountability. Understanding of penetration testing, vulnerability scanning, and/or other general security testing principles. Preferred Skills & Experience: Experience with FDA, data governance, and privacy standards (HIPAA, ISO 27001, UL 2900). Work experience with Systems Engineering activities: requirements management and development, risk management, and verification. Strong collaboration, proven technical leadership capabilities, and conflict resolution skills. A security certification from an accredited body is preferred and may be considered in lieu of a portion of required years of experience. Experience working with secure boot, Trusted Platform Module (TPM), Data Distribution System (DDS), and QNX. Other Requirements: Ability to travel up to 10% domestic US and Internationally. The anticipated base pay range for this position is $105,000- $169,050. California Bay Area - The anticipated base pay range for this position is $141,000 – $227,000. Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law.
#J-18808-Ljbffr