Johnson & Johnson
Principal Product Security Cloud Engineer
Full details on LinkedIn
The complete job description, requirements, and application details are available on the original posting.
About Johnson & Johnson
Johnson & Johnson is a multinational healthcare company founded in 1886 in New Brunswick, New Jersey. It specializes in pharmaceuticals, medical devices, and consumer health products. The company began by producing sterile surgical supplies and has since grown into one of the largest and most diversified healthcare organizations globally. Johnson & Johnson operates primarily in two business areas: Innovative Medicine and MedTech. Its notable products include Tylenol for pain relief, a range of infant care products, and surgical supplies like antiseptic sutures. The company has a strong global presence, with over 260 subsidiaries and more than 130,000 employees worldwide. Johnson & Johnson remains committed to developing innovative healthcare solutions to enhance human health and well-being.
Security at Johnson & Johnson
Compiled from public job postings, careers pages, and company materials. Data may not reflect current state — verify during interviews.
Security Philosophy
“Johnson & Johnson's AppSec philosophy centers on the safety of products and patients, stating that 'nothing is more important than the security and safety of our products and the patients they serve.' The team prioritizes developer enablement through automation rather than manual gatekeeping, with a stated goal to 'introduce delivery automation processes' and 'drive scaled Agile security delivery.' Their risk philosophy includes a commitment to external researchers, promising to 'reply to the emailed report within (3) business days' to confirm receipt of vulnerability submissions.”
Security Team
The Application Security team at Johnson & Johnson operates within the 'Function Technology Enterprise Strategy & Security' department. The team is led by Gary Harbison, the Global Chief Information Security Officer, who is described as a 'proven security leader with over 19 years of experience.' While the exact team size is not publicly available, the company is actively hiring, with at least two current openings for an App Security Manager and a Principal Product Security Cloud Engineer. Recruitment patterns emphasize skills in delivery automation and scaled Agile security delivery.
Key Initiatives
Current initiatives at Johnson & Johnson focus on automating the secure SDLC and scaling security within Agile frameworks. The team is working to 'introduce delivery automation processes' across testing and release. Vulnerability management is handled through a Coordinated Vulnerability Disclosure program that covers infrastructure, websites, APIs, and applications, with a commitment to acknowledge reports within 3 to 10 business days. There is currently no public evidence of a formal Security Champions program. Recent efforts, as indicated by job postings from April 2026, emphasize 'scaled Agile security delivery.'
Preparing for an AppSec interview?
Get the weekly briefing 2,000+ security pros trust.