Lead Product Security Engineer

At Johnson & Johnson, we believe health is everything.

Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com

Job Function:
R&D Product Development

Job Sub Function:
R&D Electrical/Mechatronic Engineering

Job Category:
Scientific/Technology

All Job Posting Locations:
Cincinnati, Ohio, United States of America, Raritan, New Jersey, United States of America, Santa Clara, California, United States of America

Job Description:

We are searching for top talent for Lead Product Security Engineer.

The preferred locations for this role are San Jose, California; Cincinnati, Ohio; and Raritan, New Jersey.

Remote opportunities in the US are available on a case by case basis and if approved by the company.

This role may require up to 10 - 20% travel.

The Lead Medical Device Cybersecurity Engineer will be responsible for implementation of J&J’s enterprise Product Security strategy and framework for J&J MedTech Surgery Ottava Robotic Platform.

This includes identifying key strategy and goals, collaborating with internal organizations on existing process and policy enhancements, creating and communicating metrics to Ottava management, identifying communications plans and raising overall awareness of the capability.

Specific responsibilities include supporting Ottava’s R&D throughout a new product’s development phases, review product security requirements and recommend security design solutions, ensure the team completes Quality documentation, threat modelling, security risk assessment, penetration testing, software architecture review and design recommendations, code analysis and other security testing or work as needed.

Additionally, post market responsibilities for Ottava’s surgical robotic platform marketed devices include monitoring for new vulnerabilities, leading the product security teams with patching and remediation plans, as well as responding to all customer security questionnaires and reviewing security language within contractual agreements.

Key Responsibilities:


* Help drive adherence to J&J Product Security’s overarching framework


* Partner with internal organizations to enhance existing processes and policies


* Create and present Product Security metrics to management within Ottava and ISRM


* Champion Product Security strategy and objectives across the Ottava Robotic Platform



* Engaged as a subject matter expert to support completion of product security activities, tasks, deliverables, documentation, approvals, and product security controls.  



* Responsible for defi...