Lead Software Engineer, Product Security. 34 views

About the job

Ethicon, part of Johnson & Johnson Medical Devices Companies, is recruiting for a Lead Software Engineer, Product Security located in Redwood City, CA, or remote within the United States!

Johnson & Johnson Medical Devices is focused on shaping the future of digital surgery and expanding its robotics and digital solutions offerings across the entire portfolio, with multi-specialty, end-to-end solutions in orthopedics, endoluminal intervention and general surgery. This includes the MONARCH® platform, a first-of-its-kind robotic technology indicated for bronchoscopic visualization of and access to patient airways for diagnostic and therapeutic procedures in the lung.

Ethicon, part of Johnson & Johnson Medical Devices Companies, has made significant contributions to surgery for more than 100 years from creating the first sutures, to revolutionizing surgery with minimally invasive procedures. Our continuing dedication to Shape the Future of Surgery is built on our commitment to help address the world’s most pressing health care issues and improve and save more lives. Through Ethicon’s surgical technologies and solutions including sutures, staplers, energy devices, trocars and hemostats and our commitment to treat serious medical conditions like obesity worldwide, we deliver innovation to make a life-changing impact. For more information, visit www.ethicon.com.

Johnson & Johnson is seeking a highly motivated individual who is a self-starter and is passionate about product security for sophisticated and complex robotic systems. Much of this work will involve securing software by design input and reviews, low-level requirements generation, code analysis, as well as any processes and procedures the organization needs to ensure the security of our medical devices. We are looking for a flexible, self-motivated, curious, and willing candidate to help us revolutionize the world of medical robotics.

Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Regular Duties

    • Develop cybersecurity requirements for Johnson & Johnson medical devices, including low-level security requirements.
    • Perform design reviews and low-level code reviews of security critical code.
    • Identify and implement improvements in the architecture, design, and implementation of existing systems in the area of cybersecurity.
    • Analyze Security reports and findings to determine the root cause.
    • Assess medical device cybersecurity risks for our products.
    • Review, analyze, and report on emerging technologies and their impact on the cybersecurity posture of Johnson & Johnson medical devices.
    • Evaluate medical device manufacturers cybersecurity questionnaire for accuracy and completion.
    • Support teams for cybersecurity-related requests.
    • Serve as a cybersecurity subject matter expert for various projects.
    • Provide cybersecurity technical guidance to other technical personnel.
    • Evaluate and recommend products and systems in key technology areas.
    • Keep up-to-date on emerging cybersecurity technologies and trends to help other Johnson & Johnson employees understand the critical role of cybersecurity in the development of our products.
    • Other duties as assigned.



    • Bachelor’s Degree in Computer Engineer, or related field
    • 5+ years of experience in software development
    • Experience in software development using C++
    • Cybersecurity experience with commercial and open-source security tools such as Black Duck, Checkmarx, JFrog Xray
    • Experience with securing cloud-based and distributed systems
    • Knowledge of Linux or QNX
    • This role requires about 10% travel


  • Experience in analysis of pen testing, bug bounty, and other security reports
  • Experience in an FDA-regulated field (Med Device/Pharma)
  • Security Certifications from one or more of the following:
    • SysAdmin, Audit, Network and Security Institute (SANS)
    • International Information Systems Security Certification Consortium (ISC2)
    • Computing Technology Industry Association (CompTIA)
    • Familiarity with cybersecurity-related guidance for Med Devices from FDA, IEC, and HIMSS/NEMA
    • Knowledge of various security APIs and protocols, including, but not limited to, SSL/TLS, SAML, etc.
    • Demonstrated familiarity with the open-source community and development concepts
    • Demonstrated ability to quickly evaluate, learn, put to use, and integrate new technologies to solve a problem
    • Ability to work in a regulated environment in compliance to ISO 13485 and 21 CFR 820


Primary Location
United States-California-Redwood City-150 Shoreline Dr
Auris Health, Inc. (6267)
Job Function
Requisition ID


  • Hospital & Health Care
  • Medical Device
  • Pharmaceuticals

Employment Type


Job Functions

  • Engineering
  • Information Technology

More Information

Apply for this job

Leave your thoughts

Share this job
Company Information
  • Total Jobs 5 Jobs
  • Slogan We all deserve to work where we feel well and welcome.
  • Location United States
  • Full Address 1 Johnson & Johnson Plaza New Brunswick, NJ 08933 United States
Connect with us
Contact Us