Software Engineer, Device Security

About the position

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. We are searching for the best talent for a Product Software Security Engineer position to work in Santa Clara, CA. We are seeking a skilled and motivated Product Security Engineer to enhance the security posture of our software products. The preferred candidate will have a strong background in computer software security, proficient programming skills in C++ and Python, and Linux. A good understanding of networking and its impact on security is a bonus. The Product Software Security Engineer works within Johnson & Johnson's (J&J's) product research and development focusing on security for robotic devices for medical technology. The position is in Santa Clara, CA and requires a presence on-site for 3 days a week.

Responsibilities

• Design, implement, and maintain security features in our products.
• Conduct threat modeling and risk assessments to identify vulnerabilities and propose mitigation strategies.
• Develop security testing plans, including static and multifaceted analysis, vulnerability scanning, and penetration testing.
• Collaborate with multi-functional teams to ensure that security requirements are integrated into the software development lifecycle.
• Stay updated with the latest security trends, vulnerabilities, and technologies relevant to our products.
• Assist product teams with secure coding practices and conduct code reviews to ensure compliance with security standards.
• Build and maintain documentation related to security policies, procedures, and standard methodologies.
• Assist in incident response and forensic investigations as needed.
• Participate in security training and awareness programs for development teams.
• Understand and apply J&J's Credo and Leadership Imperatives in day-to-day interactions with team.

Requirements

• Bachelor's degree in Computer Science, Information Security, or a related field (or equivalent experience).
• Minimum of 2-4 years of experience with B.S. (or 0-2 with M.S.)
• Strong programming skills.
• Experience programming in C++ or Python.
• Proven understanding of Linux operating systems and command-line tools.
• Experience with security tools such as static analysis tools, dynamic analysis tools.
• Excellent problem-solving skills and a proactive outlook towards improving security.
• Strong interpersonal skills, both written and verbal, with the ability to convey sophisticated security concepts to technical and non-technical team members.

Nice-to-haves

• Knowledge of networking protocols and concepts (TCP/IP, firewalls, VPNs, etc.).

Benefits

• Medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance.
• Consolidated retirement plan (pension) and savings plan (401(k)).
• Long-term incentive program.
• Vacation - up to 120 hours per calendar year.
• Sick time - up to 40 hours per calendar year.
• Holiday pay, including Floating Holidays - up to 13 days per calendar year.
• Work, Personal and Family Time - up to 40 hours per calendar year.