At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com

QUALIFICATIONS / REQUIREMENTS:

• Proficiency in Python, Go, Java, or similar programming languages.
• Hands-on experience with cloud platforms such as AWS, Azure, or GCP, including their security services.
• Practical experience working with CI/CD tools like Jenkins, GitLab CI, or GitHub Actions.
• Deep knowledge of containerization (Docker, Kubernetes) and container security scanning.
• Infrastructure as Code: Terraform, CloudFormation, or equivalent.
• Familiarity with security tools such as SonarQube, Veracode, Checkmarx, and Snyk.

EXPERIENCE & KNOWLEDGE

• 3-5 years in software engineering, security, or DevOps, focusing on secure development practices.
• Strong understanding of the Secure Software Development Lifecycle (SSDLC).
• Knowledge of relevant security standards and frameworks (NIST, OWASP, NVD).
• Experience with vulnerability management, risk mitigation, and remediation strategies.
• Foundational understanding of networking, system administration, and security principles.

SOFT SKILLS

• Excellent communication skills to clearly convey complex technical concepts.
• Proven ability to collaborate effectively across diverse business units.
• Strong problem-solving skills with meticulous attention to detail.
• Self-motivated, adaptable, and capable of managing multiple priorities independently.

PREFERRED QUALIFICATIONS

• Bachelor’s degree in Computer Science, Cybersecurity, or related fields; advanced degrees preferred.
• Prior experience in DevSecOps or Product Security roles
• Familiarity with threat intelligence and current security research.

We are seeking a highly motivated and versatile Software Engineer to join our Product Security DevSecOps team. This critical role focuses on enhancing our security posture by developing and maintaining security tools and infrastructure that support secure software development across our organization. You will be a key contributor to building scalable, innovative solutions aligned with Johnson & Johnson’s mission to improve global health.

You will be responsible for:

• Design, develop, and deploy security automation tools that support MedTech product teams.
• Seamlessly integrate security scanning tools (SAST, DAST, SCA, container scanning) into CI/CD pipelines.
• Build, develop, and maintain product security self-service tooling and applications to streamline security workflows.
• Serve as a key contributor to creating and maintaining secure, scalable CI/CD pipelines, collaborating with product teams to gather requirements and ensure effective deployment across multiple MedTech products.
• Configure and optimize security tools within development workflows to enable faster, safer software releases.
• Partner with business units to assess DevSecOps maturity, providing guidance for security improvements.
• Develop training materials and documentation to empower teams in implementing security best practices.
• Act as the technical liaison to facilitate clear communication between Product Security and MedTech product teams.
• Participate in security architecture reviews, threat modeling, and policy development to uphold standards and best practices.