Johnson & Johnson MedTech · 3 days ago
Staff Product Security Engineer
Santa Clara, CA
Full-time
Onsite
Senior Level, Lead/Staff
$105K/yr - $169K/yr
6+ years expJohnson & Johnson MedTech is focused on healthcare innovation, developing smarter and less invasive treatments. They are seeking a Staff Product Security Engineer to lead the cybersecurity strategy in the New Product Development pipeline for medical devices, ensuring patient safety and product integrity.
Hospital & Health Care
Responsibilities
Identify threats and vulnerabilities to patient safety and product integrity, assess current security controls and determine potential impact of a threat and the risk level associated with threat/vulnerability pairs
Drive architecture, requirements, and design to ensure that decisions incorporate security considerations
Advise embedded system security software to ensure system hardening and secure coding practices
Support all stakeholders on patch management, vulnerability handling, and SBOM scanning
Document designs and specifications per design control processes and conform to Industry Standards for Medical Device Software (IEC 62304)
Qualification
Required
Bachelor's degree in Computer Science, Computer Engineering, Cybersecurity or related degree
6+ years' experience (or 4+ with M.S.) establishing security architecture or implementing security solutions in consumer products or medical devices
3+ experience in a software engineering or software architectural role in a New Product Development (NPD) environment
Proven experience with threat modeling and risk assessments for connected products or medical devices
Ability to work autonomously and proactively seek out security opportunities within the different surgical robotics teams
Ability to think big picture and have attention to detail – aligning strategic objectives with tactical implementation
Proven experience with electrical and embedded software design
Experience developing software for embedded Real-Time Operating Systems (RTOS)
Experience developing embedded software systems using Modern C++ (preferably standards 17+)
A results and performance driven demeanor with strong sense of accountability
Understanding of penetration testing, vulnerability scanning, and/or other general security testing principles
Product Security
Threat Modeling
Preferred
Experience with FDA, data governance, and privacy standards (HIPAA, ISO 27001, UL 2900)
Work experience with Systems Engineering activities: requirements management and development, risk management, and verification
Strong collaboration, proven technical leadership capabilities, and conflict resolution skills
A security certification from an accredited body is preferred and may be considered in lieu of a portion of required years of experience
Experience working with secure boot, Trusted Platform Module (TPM), Data Distribution System (DDS), and QNX
C++ STL
Embedded C++
Benefits
Medical
Dental
Vision
Life insurance
Short- and long-term disability
Business accident insurance
Group legal insurance
Consolidated retirement plan (pension)
Savings plan (401(k))
Long-term incentive program
Vacation – up to 120 hours per calendar year
Sick time - up to 40 hours per calendar year
Holiday pay, including Floating Holidays – up to 13 days per calendar year
Work, Personal and Family Time - up to 40 hours per calendar year
Company
Johnson & Johnson MedTech
At Johnson & Johnson MedTech, we are working to solve the world’s most pressing healthcare challenges through innovations at the intersection of biology and technology.
10001+ employees
Funding
Current Stage
Late StageLeadership Team
Mike Walker
CFO & VP of Finance DePuy Synthes
Tino Schweighoefer, MBA
CFO Monarch Platform
Company data provided by crunchbase