Senior Engineer, R&D Product Security

Company: Johnson & Johnson
Location: Santa Clara
Posted on: July 4, 2025

Job Description:

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com Job Function: R&D Product Development Job Sub Function: R&D Software/Systems Engineering Job Category: Scientific/Technology All Job Posting Locations: Boston, Massachusetts, United States of America, Palm Beach Gardens, Florida, United States of America, Raynham, Massachusetts, United States of America, Santa Clara, California, United States of America Job Description: Johnson & Johnson Medtech Orthopedics is recruiting for a Senior Engineer, R&D Product Security to join the VELYS Digital Organization. This position will be located in Boston, MA. Remote work options may be considered on a case-by-case basis and if approved by the Company. Johnson & Johnson MedTech is focused on shaping the future of digital surgery and expanding its robotics and digital solutions offerings across the entire portfolio, with multi-specialty, end-to-end solutions in orthopedics, endoluminal intervention and general surgery. This includes the VELYS platform, a first-of-its-kind robotic technology indicated for Total Knee Arthroplasty. Johnson & Johnson MedTech Orthopedics is the largest, most innovative and comprehensive Orthopedic business in the world. It offers an unparalleled breadth and depth of products, services and programs in the areas of joint reconstruction, trauma, spine, sports medicine, craniomaxillofacial, power tools and biomaterials. Our Senior Engineer, R&D Product Security will be instrumental in ensuring product success by defining and implementing best-in-class security strategies for complex products. In this role, you will leverage your expertise to lead critical security activities in alignment with design and development SOPs, as well as industry best practices. We are seeking a candidate with a strong background in product security, who thrives in collaborative environments and enjoys working alongside passionate design engineers to bring innovative products to life. Key Responsibilities: Help drive adherence to DPS Security SOPs. Partner with internal teams to enhance existing processes and policies. Provide ownership of the product development team’s cybersecurity deliverables. Perform automated code scanning and coordinate formal security testing. Respond to alerts and adverse events and assist in remediation as needed. Perform regular reviews and analysis of security reports and issues, propose solutions and lead remediation. Support ongoing SOC-2, HIPAA and other internal and external assessments and certifications. Partner with Quality and R&D to respond to customer cybersecurity questionnaires for all post-market medical devices. Other MedTech cybersecurity related duties as needed. Required Experience and Skills: Bachelor's degree in Computer Science, Security, or equivalent degree. 5 years of industry experience in IT or Cybersecurity. Ability to provide secure coding recommendations. Knowledge in at least one coding language (i.e. C/C++, C#, Python) with code review experience. Understanding of penetration testing, vulnerability scanning, CVSS and/or other general security testing principles. Ability to work autonomously and proactively seek out security opportunities within the different surgical robotics teams. Deep knowledge of Threat modeling & analysis. Understanding of penetration testing, vulnerability scanning, CVSS and/or other general security testing principles. Ability to define security requirements. Creative problem-solving skills. Customer focus (internal & external). · Strong communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams and stakeholders. Preferred Experience and Skills: Experience leading or participating in formal security audits (i.e. HITRUST, SOC2, FedRAMP). Security certification like CISSP/ AWS Security Specialist/ CEH or CSSLP is a strong plus. Hands-on experience with software security tools and platforms like Checkmarx, Black Duck, Jfrog Xray, etc. Hands-on experience with vulnerability assessment tools Qualys, Nexpose, etc. Knowledge of product or medical device security or MDDS platforms. Working knowledge of microservices architecture and API security. Experience working within Agile methodology. Experience in data privacy protection. Understanding of Quality Design Control processes and FDA submission processes. Experience with web applications and server hardening (i.e. AWS, Azure) including knowledge of OWASP Top 10 and blue teaming techniques. Software development experience. The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar/performance year. Bonuses are awarded at the Company’s discretion on an individual basis. Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance. Employees may be eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)). This position is eligible to participate in the Company’s long-term incentive program. Employees are eligible for the following time off benefits: Vacation – up to 120 hours per calendar year Sick time - up to 40 hours per calendar year Holiday pay, including Floating Holidays – up to 13 days per calendar year Work, Personal and Family Time - up to 40 hours per calendar year For additional general information on Company benefits, please go to: https://www.careers.jnj.com/employee-benefits This job posting is anticipated to close on 06/09/25. The Company may however extend this time-period, in which case the posting will remain available on https://www.careers.jnj.com to accept additional applications. Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act. Johnson and Johnson is committed to providing an interview process that is inclusive of our applicants’ needs. If you are an individual with a disability and would like to request an accommodation, please email the Employee Health Support Center (ra-employeehealthsup@its.jnj.com) or contact AskGS to be directed to your accommodation resource. The anticipated base pay range for this position is : The anticipated base pay range for this position is $89,000 to $143,750.00 Additional Description for Pay Transparency: California Bay Area, the anticipated base pay range for this position is $103,000 to $165,600.

Keywords: Johnson & Johnson, San Mateo , Senior Engineer, R&D Product Security, IT / Software / Systems , Santa Clara, California