MANAGER, PRODUCT SECURITY VULNERABILITY MANAGEMENT

Johnson and Johnson is currently recruiting for a Manager, Product Security Vulnerability Management within the Johnson & Johnson Technology (JJT) organization.
This role will be based in Raritan, NJ, Irvine, CA or remote US.
At Johnson & Johnson, we believe health is everything.
Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated and cured, where treatments are smarter and less invasive and solutions are personal.
Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow and profoundly impact health for humanity.
Learn more at https://www.
nj.
om/.
The Manager, Product Security Vulnerability Management will play a key role in implementation of the ISRM Product Security Vulnerability Management Process.
This includes supporting identified key strategies and goals, collaborating with internal organizations on existing process and policy enhancements, creating and communicating metrics to MedTech management, supporting communications plans and raising overall awareness of the capability.
Specific responsibilities include supporting MedTech Business Units throughout the post market phase, review product vulnerabilities and recommend security design solutions, and support the coordinated vulnerability disclosure process.
Key Responsibilities.
Reporting directly to the Senior Manager, Product Security Risk Management Engineer this role supports the integration of vulnerability management and provides inputs to initiatives that bolster the cybersecurity resiliency throughout the MedTech business.
Support the integration of ISRM vulnerability management process into Business Unit Quality Management Systems.
Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
Perform cyber defense trend analysis and reporting.
Map event correlation using information gathered from a variety of sources within the enterprise to gain situational awareness and determine the effectiveness of an observed attack.
Participate in security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy using threat modeling.
Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
Collaborate with other ISRM capabilities to ensure risk analysis (e.
., threat, vulnerability, and probability of occurrence) whenever high exploit vulnerabilities occur.
Provide input to the Risk Management Framework process activities and related documentation (e.
., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
Support the creation of plans of action and milestones or remediation plans are in place for vulnerabilities identified during risk assessments.
Contributes with the Coordinated Vulnerability Disclosure process through the generation of vulnerability memos.
Applies ISRM product security policies and standards when performing all duties Qualifications Required Bachelor’s degree or equivalent in Computer Science or similar engineering discipline Minimum 8+ years relevant experience, or equivalent combination of education/experience.
Must be experienced in Vulnerability Management, including scanning, remediation, stakeholder engagement, system administration and engineering.
Experience with SBOM creation/scanning automation Preferred Skills.
Experienced in the following domains.
APIs Security, Vulnerability Scan, compliance and threat detection, OWASP Top 10 API Security, Web App Security, AppSec, SAST, DAST, and SCA (Software composition analysis).
Experience or good understanding of the different enterprise components to publish and use APIs (e.
., API Gateways (Apigee), Microservices, Cloud Components, Load Balancers, WAFs) Experience with API security testing, vulnerability scan and compliance reporting.
Experience with OWASP Top 10 for Web App & APIs.
Experience with Postman Collections, Swagger, OpenAPI, and other common formats for organizing and functionally testing REST APIs.
Excellent analytical, written, and verbal communication skills – capable of explaining complex requirements in simple words.
Any programming or integration experience in the past will be highly beneficial.
Healthcare medical equipment network integration management experience.
Cybersecurity management experience, preferably with medical devices.
Ideally this position would be located in Raritan, NJ or Irvine, CA however this position can be located anywhere in the United States and may require up to 10% travel.
Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer.
All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
The anticipated base pay range for this position is $ to $.
The Company maintains highly competitive, performance-based compensation programs.
Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan.
The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar/performance year.
Bonuses are awarded at the Company’s discretion on an individual basis.
Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs.
medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance.
Employees may be eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).
Employees are eligible for the following time off benefits.
Vacation – up to 120 hours per calendar year Sick time - up to 40 hours per calendar year; for employees who reside in the State of Washington – up to 56 hours per calendar year Holiday pay, including Floating Holidays – up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar year Additional information can be found through the link below.
https://www.
areers.
nj.
om/employee-benefits The compensation and benefits information set forth in this posting applies to candidates hired in the United States.
Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market.
JNJtech #LI-remote