Johnson & Johnson, MedTech is recruiting for a Staff Software Product Security Engineer located in Santa Clara, CA (not remote).

Johnson & Johnson MedTech innovates at the intersection of biology and technology. With a focus on treating with pinpoint precision in the hardest-to-reach parts of the body, restoring anatomy and reimagining healing, our portfolio of smarter, less invasive, more personalized treatments is addressing the most complex diseases. Focus areas include: Interventional Solutions, Orthopaedics, Surgery and Vision.

The Staff Software Product Security Engineer will be a key member of the Ottava R& D Product Security organization, make vital contributions to the New Product Development (NPD) pipeline and transform patient care through innovation. They are accountable for leading our NPD teams and creating a strategy to implement cybersecurity into the design and development of product hardware and software for use in cutting edge medical devices and associated capital equipment.

Key Responsibilities:

• Take initiative in all areas of product & infrastructure development.
• Identify threats and vulnerabilities to patient safety and product integrity, assess current security controls and determine potential impact of a threat and the risk level associated with threat/vulnerability pairs.
• Work with quality, regulatory and other compliance orgs to identify product security imperatives and update the threat models based on them.
• Drive architecture and design discussion and ensure that decisions incorporate security considerations.
• Design and develop embedded system security software to integrate with mechanical, electrical, and distributed computing systems.
• Document designs and specifications per design control processes and conform to Industry Standards for Medical Device Software (IEC 62304). * Interact and interface with systems engineering, program management, development operations, control systems and other engineering teams to help implement security controls, evaluate code/design quality and calculate/disposition/register security vulnerabilities and risks

• Bachelor's degree in Computer Science, Computer Engineering, Electrical Engineering, Cybersecurity or related area or equivalent additional professional experience.
• 8 years experience in computing and technology.
• 5 years experience in building/evaluating product security.
• 5 years of coding experience with C/C .
• 5 years experience in Software Engineering or Product Architecture role.

Experience and Skills Required:

• Ability to work autonomously and proactively seek out opportunities to build security capabilities across our platforms.
• Ability to think big picture and have attention to detail - aligning strategic objectives with tactical implementation.
• Proven experience with electrical and embedded software design.
• Proficient in security architecture and risk assessments for connected products, medical devices or IoT platforms.
• Experience developing software for embedded / Real-Time Software / Operating Systems using C/C .
• A results and performance driven demeanor with strong sense of accountability.

Preferred:

• Experience with cybersecurity, data governance, and privacy standards (HIPAA, ISO 27001, UL 2900, FDA)
• Work experience with Systems Engineering activities: requirements management and development, risk management, and verification
• Strong collaboration, proven technical leadership capabilities, and conflict resolution skills
• A security certification from an accredited body is preferred.
• Experience working with SECURE BOOT, TRUSTZONE, TPM, DDS, MQTT, PUBSUB, YOCTO, LINUX and QNX

Other:

Requires up to 10% travel

This job posting is anticipated to close on 5/4/2024. The Company may however extend this time-period, in which case the posting will remain available on https: //www.careers.jnj.com to accept additional applications.

The anticipated base salary for this position is $139k - $224k.

We will ensure that individuals with disabilities are provided reasonable accommodation to participate in the job application or interview process, to perform essential job functions, and to receive other benefits and privileges of employment. Please contact us to request accommodation.

Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.