About the position
Johnson & Johnson Surgical Vision Inc. a member of the Johnson & Johnson family of companies, is recruiting for a Senior Engineer, Product Risk Management, located in Irvine or Milpitas, California! At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. In this role you will be part of the Johnson & Johnson Vision Lifecycle Management and New Product Introduction Quality Engineering team! This role will focus on vulnerability management, assessment, and risk management to ensure the security and integrity of our systems and data for Vision products excluding Contract lenses and CEH (Consumer Eye Health) solutions.
Responsibilities
- Implement and maintain a comprehensive vulnerability management program
- Conduct routine security checks, including vulnerability scanning and penetration testing
- Develop and refine incident response plans to address potential security breaches
- Responsible for conducting business meetings with other functions and communicating business related issues or opportunities to next management level.
- Perform thorough risk assessments to identify vulnerabilities and potential threats
- Prioritize assets based on their risk level and importance to business operations
- Implement a risk-based approach to vulnerability management
- Work to improve the systems used within the New Product Development community ensuring compliance to existing procedures and uniformity of risk assessments performed on new products
- Design and implement effective security controls to protect critical assets
- Lead remediation efforts, addressing high-risk and critical vulnerabilities first
- Develop and integrate security tooling to manage corporate systems
- Generate customized analytics and reports for stakeholders
- Evaluate and verify the effectiveness of implemented security measures
- Gather and analyze security metrics to provide recommendations for improvement
- Maintain dashboards and other reports of performance metrics as required while providing regular updates and status reports to management.
Requirements
- A minimum of a Bachelor's degree or equivalent in Engineering, Science or related technical field is required.
- 5+ years of experience in information security, with a focus on vulnerability management
- Strong understanding of network protocols, operating systems, and common security vulnerabilities
- Proficiency in using vulnerability assessment tools and techniques
- Experience with CVSS scoring and risk-based vulnerability management approaches
- Expert knowledge of security best practices and industry standards
- Strong analytical and problem-solving skills
- Excellent communication skills, both written and verbal
- Proficiency in programming languages (e.g., Python, Java) for security tool development
- Experience with cloud security and containerization technologies
- Familiarity with compliance frameworks (e.g., NIST, ISO 27001, PCI DSS)
- Proven track record of implementing effective vulnerability management programs
- Ability to gather and analyze security metrics, provide recommendations, and resolve complex issues
- Critical thinking and investigation skills.
- Ability to multitask, including ability to understand customer requirements, retrieve relevant information, and provide responses satisfactorily and with immediacy.
- Familiar with general quality management system concepts, including good documentation practice (GDP), corrective and preventive action (CAPA), and document change control practices.
- Ability to function in a team environment and deliver on team objectives.
- Strong attention to detail with demonstrated written and verbal communication skills.
- Prior medical device complaint handling experience, or knowledge of medical device regulations.
Nice-to-haves
- Developed presentation skills.
- Project management and/or process mapping experience.
Benefits
- Medical, dental, vision, life insurance
- Short- and long-term disability
- Business accident insurance
- Group legal insurance
- Consolidated retirement plan (pension)
- Savings plan (401(k))
- Long-term incentive program
- Vacation - up to 120 hours per calendar year
- Sick time - up to 40 hours per calendar year
- Holiday pay, including Floating Holidays - up to 13 days per calendar year
- Work, Personal and Family Time - up to 40 hours per calendar year
