Johnson & Johnson
Overview
Senior Cloud Security Engineer role at Johnson & Johnson. The position can be based in Raritan, NJ or Danvers, MA. Remote work options may be considered on a case-by-case basis and if approved by the Company. Join a Product Security team focused on security by design for medical device development. This role leads the Product Security process across pre-market and post-market activities, influencing development initiatives, security risk and compliance, and patient safety. Primary Duties And Responsibilities
Be at the office in Danvers MA for a minimum of 3 days per week (for candidates within commutable distance to site). Partner with engineering teams (cloud, console) to drive adherence to product security policies, processes, and program objectives. Create, update, and improve product security processes. Act as an SME on cyber security matters and provide guidance to development teams. Advocate for proactive inclusion of cyber security input into all phases of the product life cycle, process improvements, and strategic product road map planning. Deliver documentation for pre-market product development activities including security plans, threat models, security requirements, SBOM, and risk management documentation. Drive and monitor post-market vulnerability management activities, with adherence to strict timelines. Perform security risk assessment on Cloud infrastructure and applications. Collaborate with the development team to integrate security measures into the CI/CD pipeline and the DevSecOps processes. Continuous improvement of Defender Score. Support compliance certification activities, such as SOC2, FedRAMP, ISO 27001, etc. Identify, research, evaluate, and integrate new compliance requirements, industry standards, and best practices into the product security programs. Maintain relationships with Information Sharing and Analysis Organizations. Guide teams to balance business needs with medical device security objectives. Work across organizational boundaries and with customers, both internal and external. Perform other related duties and responsibilities as assigned. Qualifications
Required:
Bachelor’s degree 5+ years industry experience in Information Security Experience working in a Cloud Scrum/Agile Azure DevOps environment Familiarity with tools such as Snyk, Veracode, Wiz, JIRA, Confluence Experience with Docker and Kubernetes Working knowledge of regulatory standards and compliance frameworks (e.g., NIST Cybersecurity Framework, ISO27001, SOC2, HIPAA, GDPR) Experience with security risk management techniques Strong organizational skills and ability to manage multiple assignments with deadlines Sense of urgency and adaptability to new challenges Strong communication and interpersonal skills Preferred:
Experience in an FDA-regulated environment Compensation and Benefits
The anticipated base pay range for this position is $100,000 - $172,500. The company maintains competitive, performance-based compensation programs. The position is eligible for an annual performance bonus and various benefits including medical, dental, vision, life insurance, disability coverage, retirement plans, and paid time off. Details vary by location. Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act. If you are an individual with a disability and would like to request an accommodation, please email ra-employeehealthsup@its.jnj.com or contact AskGS to be directed to your accommodation resource.
#J-18808-Ljbffr
Senior Cloud Security Engineer role at Johnson & Johnson. The position can be based in Raritan, NJ or Danvers, MA. Remote work options may be considered on a case-by-case basis and if approved by the Company. Join a Product Security team focused on security by design for medical device development. This role leads the Product Security process across pre-market and post-market activities, influencing development initiatives, security risk and compliance, and patient safety. Primary Duties And Responsibilities
Be at the office in Danvers MA for a minimum of 3 days per week (for candidates within commutable distance to site). Partner with engineering teams (cloud, console) to drive adherence to product security policies, processes, and program objectives. Create, update, and improve product security processes. Act as an SME on cyber security matters and provide guidance to development teams. Advocate for proactive inclusion of cyber security input into all phases of the product life cycle, process improvements, and strategic product road map planning. Deliver documentation for pre-market product development activities including security plans, threat models, security requirements, SBOM, and risk management documentation. Drive and monitor post-market vulnerability management activities, with adherence to strict timelines. Perform security risk assessment on Cloud infrastructure and applications. Collaborate with the development team to integrate security measures into the CI/CD pipeline and the DevSecOps processes. Continuous improvement of Defender Score. Support compliance certification activities, such as SOC2, FedRAMP, ISO 27001, etc. Identify, research, evaluate, and integrate new compliance requirements, industry standards, and best practices into the product security programs. Maintain relationships with Information Sharing and Analysis Organizations. Guide teams to balance business needs with medical device security objectives. Work across organizational boundaries and with customers, both internal and external. Perform other related duties and responsibilities as assigned. Qualifications
Required:
Bachelor’s degree 5+ years industry experience in Information Security Experience working in a Cloud Scrum/Agile Azure DevOps environment Familiarity with tools such as Snyk, Veracode, Wiz, JIRA, Confluence Experience with Docker and Kubernetes Working knowledge of regulatory standards and compliance frameworks (e.g., NIST Cybersecurity Framework, ISO27001, SOC2, HIPAA, GDPR) Experience with security risk management techniques Strong organizational skills and ability to manage multiple assignments with deadlines Sense of urgency and adaptability to new challenges Strong communication and interpersonal skills Preferred:
Experience in an FDA-regulated environment Compensation and Benefits
The anticipated base pay range for this position is $100,000 - $172,500. The company maintains competitive, performance-based compensation programs. The position is eligible for an annual performance bonus and various benefits including medical, dental, vision, life insurance, disability coverage, retirement plans, and paid time off. Details vary by location. Johnson & Johnson is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, disability, protected veteran status or other characteristics protected by federal, state or local law. We actively seek qualified candidates who are protected veterans and individuals with disabilities as defined under VEVRAA and Section 503 of the Rehabilitation Act. If you are an individual with a disability and would like to request an accommodation, please email ra-employeehealthsup@its.jnj.com or contact AskGS to be directed to your accommodation resource.
#J-18808-Ljbffr