Product Security Engineer, LCM QA

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and Med Tech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity.

Learn more at

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

R&D Product Development

R&D Software/Systems Engineering

Scientific/Technology

Irvine, California, United States of America

Fueled by innovation at the intersection of biology and technology, we’re developing the next generation of smarter, less invasive, more personalized treatments.

Are you passionate about improving and expanding on the possibilities of vision treatments? Ready to join a team that’s reimagining how vision is improved? Our Vision team solves the toughest health challenges. Help combine cutting‑edge insights, science, technology, and people to encourage eye care professionals and patients to proactively protect, correct and enhance healthy sight for life. Our products and services address these needs – from the pediatric to aging eye – in a patient’s lifetime.

Your unique talents will help patients on their journey to wellness. Learn more at

As a member of the Johnson & Johnson Vision Lifecycle Management and New Product Introduction (NPI) Quality Engineering team, this role is responsible for leading and delivering the vulnerability, assessment, and risk management activities that protect Vision product systems (excluding Contract Lenses and CEH solutions). The position has authority to design, operate, and continuously improve the vulnerability management program; conduct and coordinate vulnerability scans, penetration tests, and risk assessments;

lead remediation prioritization and verify remediation effectiveness; and escalate and communicate risks, findings, and recommended mitigations to appropriate management levels.

• Support the implementation and operation of a comprehensive vulnerability management program for Vision product systems.
• Execute and document vulnerability scans, assist with penetration testing engagements, and perform risk assessments for components in scope.
• Triage findings, reproduce issues, create clear remediation tickets, and track remediation progress with product and engineering teams.
• Recommend remediation approaches and security controls; participate in pilots and tooling integrations to improve detection, tracking, and reporting.
• Validate remediation work and verify fixes for assigned vulnerabilities; elevate unresolved or high‑severity issues to senior product security.
• Participate in cross‑functional meetings to communicate findings, status, and technical guidance; influence engineering decisions through collaboration.
• Contribute to incident response activities for product‑related security events and coordinate with internal teams and external partners as directed.
• Maintain program documentation, runbooks, and reporting dashboards; contribute to continuous improvement of SDLC security gates and CI/CD pipelines.

• BS in Computer Science/Engineering or equivalent experience.
• 0–3 years in software QA, data analysis, test automation, or application security support.
• Basic scripting (Python/Bash/JS); familiarity with Source Code Control (Git) and CI/CD concepts.
• Awareness of OWASP Top Ten and basic SAST/DAST/SCA tooling.

Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation,…