At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com **Job Function:** Supply Chain Engineering **Job Sub** **Function:** Quality Engineering **Job Category:** Scientific/Technology **All Job Posting Locations:** Milpitas, California, United States of America, US331 CA Irvine - 31 Technology Dr **Job Description:** Johnson & Johnson Surgical Vision Inc. a member of the Johnson & Johnson family of companies, is recruiting for a Staff Engineer, Product Risk Management, located in Irvine or Milpitas, California! At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com/. In this role you will be part of the Johnson & Johnson Vision Lifecycle Management and New Product Introduction Quality Engineering team! This role will focus on vulnerability management, assessment, and risk management to ensure the security and integrity of our systems and data for Vision products excluding Contract lenes and CEH (Consumer Eye Health) solutions. **Key Responsibilities:** + Vulnerability Management + Implement and maintain a comprehensive vulnerability management program + Conduct routine security checks, including vulnerability scanning and penetration testing + Develop and refine incident response plans to address potential security breaches + Responsible for conducting business meetings with other functions and communicating business related issues or opportunities to next management level. + Risk Assessment and Management + Perform thorough risk assessments to identify vulnerabilities and potential threats + Prioritize assets based on their risk level and importance to business operations + Implement a risk-based approach to vulnerability management + Works to improve the systems used within the New Product Development community ensuring compliance to existing procedures and uniformity of risk assessments performed on new products + Security Controls and Remediation + Design and implement effective security controls to protect critical assets + Lead remediation efforts, addressing high-risk and critical vulnerabilities first + Develop and integrate security tooling to manage corporate systems + Reporting and Analysis + Generate customized analytics and reports for stakeholders + Evaluate and verify the effectiveness of implemented security measures + Gather and analyze security metrics to provide recommendations for improvement + Maintains dashboards and other reports of performance metrics as required while providing regular updates and status reports to management. **Qualifications** **Education:** + A minimum of a Bachelor's degree or equivalent in Engineering, Science or related technical field is required. + 5+ years of experience in information security, with a focus on vulnerability management + Strong understanding of network protocols, operating systems, and common security vulnerabilities + Proficiency in using vulnerability assessment tools and techniques + Experience with CVSS scoring and risk-based vulnerability management approaches **Experience and Skills:** **Required:** + Expert knowledge of security best practices and industry standards + Strong analytical and problem-solving skills + Excellent communication skills, both written and verbal + Proficiency in programming languages (e.g., Python, Java) for security tool development + Experience with cloud security and containerization technologies + Familiarity with compliance frameworks (e.g., NIST, ISO 27001, PCI DSS) + Proven track record of implementing effective vulnerability management programs + Ability to gather and analyze security metrics, provide recommendations, and resolve complex issues + Critical thinking and investigation skills. + Ability to multitask, including ability to understand customer requirements, retrieve relevant information, and provide responses satisfactorily and with immediacy. + Familiar with general quality management system concepts, including good documentation practice (GDP), corrective and preventive action (CAPA), and document change control practices. + Ability to function in a team environment and deliver on team objectives. + Strong attention to detail with demonstrated written and verbal communication skills. + Prior medical device complaint handling experience, or knowledge of medical device regulations. **Preferred:** + Developed presentation skills. + Project management and/or process mapping experience. **Other:** This position may be located in design centers at Irvine, CA, or Milpitas, CA and may require up to 25% domestic or international travel. **The anticipated base pay range for this position is :** The anticipated base pay range for the Irvine, CA location of this position is $91,000 to $147200. The anticipated base pay range for the Milpitas, CA location of this position is $105,000 to $169,050. Additional Description for Pay Transparency: The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar/performance year. Bonuses are awarded at the Company’s discretion on an individual basis. Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance. Employees may be eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)). This position is eligible to participate in the Company’s long-term incentive program. Employees are eligible for the following time off benefits: Vacation – up to 120 hours per calendar year Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington – up to 56 hours per calendar year Holiday pay, including Floating Holidays – up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year Additional information can be found through the link below. http://www.careers.jnj.com/employee-benefits The compensation and benefits information set forth in this posting applies to candidates hired in the United States. Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market.