Johnson & Johnson logo

Lead Product Security Architect

Johnson & Johnson
June 25, 2026
Remote friendly (Santa Clara, CA)
United States
IT
Lead Product Security Architect (Santa Clara, CA)

Purpose
- Own the cybersecurity architecture, system-level view, and technical implementation of the OTTAVA surgical robot, with potential to impact millions of patients and expand the capabilities of physicians globally.
- This role is not focused on enterprise IT or cloud security operations.

You will be responsible for
- Own end-to-end cybersecurity architecture for the OTTAVA product (FDA-regulated), maintaining a system-level view and ensuring security-by-design from firmware/embedded software to external interfaces.
- Serve as the singular R&D voice on security; align approaches with internal stakeholders (quality, information security, regulatory) and external stakeholders (FDA).
- Act as technical authority for cybersecurity decisions and tradeoffs.
- Design and oversee implementation of technical cybersecurity controls (primarily software and network infrastructure).
- Lead R&D cyber reviews and documentation (threat modeling, risk assessment) with internal collaborators.
- Translate security risks into patient safety, regulatory, and business impact for non-security stakeholders.
- Use a risk-based approach across cybersecurity needs, patient safety, regulatory expectations, and quality system requirements.

Required
- 10+ years in software development or systems engineering focused on device security.
- 5+ years hands-on technical leadership in cybersecurity.
- Regulatory guidance experience (preferably FDA) for cybersecurity implementation/documentation, pre- and post-market surveillance, and risk assessment.
- Proficiency in software development for complex safety-critical products (medical device or other highly regulated industries).
- Proven leadership designing system-level security architecture for embedded devices.
- Ability to influence in a matrix environment.
- Strong communication and collaboration skills.
- Travel up to 10% (international and domestic).

Preferred
- Hands-on experience with FDA Class II or III medical devices; IEC 62304.
- Post-market vulnerability monitoring, FDA audits, cloud certifications (e.g., SOC2).
- Understanding of robotic technology/robotic surgery paradigms; global development team.
- Experience supporting or launching medical device products.

Benefits (time off)
- Vacation: 120 hours/year; Sick time: 40 hours/year (Colorado 48; Washington 56); Holiday pay (floating holidays): 13 days/year; Work/personal/family time: up to 40 hours/year; Parental leave: 480 hours; Bereavement leave: 240 hours (immediate) and 40 hours (extended); Caregiver leave: 80 hours/52 weeks; Volunteer leave: 32 hours; Military spouse time-off: 80 hours.
- For additional general information on Company benefits, please go to: https://www.careers.jnj.com/employee-benefits