Johnson & Johnson is recruiting for a Product Security Lead. This position is located in Milpitas, CA.
As the world’s most comprehensive medical devices business, we are building on a century of experience, merging science and technology, to shape the future of health and benefit even more people around the world. With our unparalleled breadth, depth and reach across surgery, orthopedics and interventional solutions, we’re working to profoundly change the way care is delivered. We are in this for life. For more information, visit www.jnjmedicaldevices.com.
The Product Security Lead will be responsible for implementation of J&J’s enterprise Product Security strategy and framework throughout Johnson & Johnson Surgical Vision (JJSV) medical device portfolio. This includes identifying key strategy and goals, partnering with internal organizations on existing process and policy enhancements, creating and presenting metrics to senior management, identifying communications plans and raising overall awareness of the capability.
- Support JJSV R&D throughout a new product’s development phases, help complete Quality documentation, threat modelling, penetration testing, software architecture review and design recommendations, code analysis and other security testing or deliverables as needed.
- Post market responsibilities for JJSV’s marketed devices include monitoring for new vulnerabilities, assisting with patching and remediation plans.
- Respond to all customer security questionnaires and reviewing security language within contractual agreements.
- Drive Product Security strategy and goals within JJSV. Partner with internal organizations to enhance processes. Create and present metrics.
- Enforce Product Security governance model for pre and post market JJSV medical devices.
- Create risk remediation plans and assist JJSV engineering team to implement.
- Respond to security related customer questionnaires and contractual language
- Work autonomously and proactively seek out security opportunities within JJSV.
- A minimum of a bachelor’s degree or equivalent is required. An advanced degree is preferred.
- A minimum of 3 years of experience in security and/or embedded software engineering functions is required.
- Intimate knowledge of real-time operating system (i.e. QNX, Windows Embedded) hardening techniques is required.
- Knowledge in at least one coding language (i.e. C/C++, C#) with code review experience is required.
- Knowledge of product or medical device security is preferred.
- Experience working with cloud based IoT management solutions is preferred.
- An understanding of Quality Design Control processes and FDA submission process is preferred.
- Ability to provide secure coding recommendations is required.
- Software engineering experience including securely building embedded applications is required.
- Ability to create and deliver Product Security awareness campaigns and other communications is required.
- Understanding of pen testing, vulnerability scanning, CVSS and/or other general security testing principles with the ability to provide specific recommendations on how to fix resulting vulnerabilities is required.
- Understanding embedded operating system security patching and vulnerability assessment is required.
- CISSP, CEH, MCSD, CSSLP or other certifications is preferred.
- Big Picture thinking with attention to detail is required.
- A sense of urgency with the ability to drive to tight timelines is required.
- Excellent communication and collaboration skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally is required.
- This position is located in Milpitas, CA and may require up to 10% travel.
Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
Johnson & Johnson Surgical Vision, Inc (6234)
R&D Engineering (R&D)