Product Security Engineer, LCM QA

Johnson & Johnson Innovative Medicine•Irvine, CA

1d•$64,000 - $102,350

About The Position

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit. As a member of the Johnson & Johnson Vision Lifecycle Management and New Product Introduction (NPI) Quality Engineering team, this role is responsible for leading and delivering the vulnerability, assessment, and risk management activities that protect Vision product systems (excluding Contract Lenses and CEH solutions). The position has authority to design, operate, and continuously improve the vulnerability management program; conduct and coordinate vulnerability scans, penetration tests, and risk assessments; lead remediation prioritization and verify remediation effectiveness; and escalate and communicate risks, findings, and recommended mitigations to appropriate management levels.

Requirements

BS in Computer Science/Engineering or equivalent experience.
0–3 years in software QA, data analysis, test automation, or application security support.
Basic scripting (Python/Bash/JS); familiarity with Source Code Control (Git) and CI/CD concepts.
Awareness of OWASP Top Ten and basic SAST/DAST/SCA tooling.

Responsibilities

Support the implementation and operation of a comprehensive vulnerability management program for Vision product systems.
Execute and document vulnerability scans, assist with penetration testing engagements, and perform risk assessments for components in scope
Triage findings, reproduce issues, create clear remediation tickets, and track remediation progress with product and engineering teams.
Recommend remediation approaches and security controls; participate in pilots and tooling integrations to improve detection, tracking, and reporting.
Validate remediation work and verify fixes for assigned vulnerabilities; escalate unresolved or high-severity issues to senior product security.
Participate in cross-functional meetings to communicate findings, status, and technical guidance; influence engineering decisions through collaboration.
Contribute to incident response activities for product-related security events and coordinate with internal teams and external partners as directed.
Maintain program documentation, runbooks, and reporting dashboards; contribute to continuous improvement of SDLC security gates and CI/CD pipelines.

Benefits

The Company maintains highly competitive, performance-based compensation programs.
Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar/performance year. Bonuses are awarded at the Company’s discretion on an individual basis.
Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance.
Employees may be eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).
Employees are eligible for the following time off benefits: o Vacation – up to 120 hours per calendar year o Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington – up to 56 hours per calendar year o Holiday pay, including Floating Holidays – up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year

Stand Out From the Crowd

Upload your resume and get instant feedback on how well it matches this job.

Upload and Match Resume