ISRM Senior Analyst Product Cybersecurity

At Johnson & Johnsonwe believe health is everything. Our strength in healthcare innovation empowers us to build aworld where complex diseases are prevented treated and curedwhere treatments are smarter and less invasive andsolutions are our expertise in Innovative Medicine and MedTech we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow and profoundly impact health for more at

Job Function:

Job Sub Function:

Job Category:

All Job Posting Locations:

Job Description:

The ISRM Senior Analyst Product Cybersecurity will play a key role in the support of J&Js enterprise Product Cyber Risk Management Process. This includes crafting and communicating metrics to Medtech management identifying communications plans and raising overall awareness of the capability. Specific responsibilities include supporting Medtech Business Units throughout the post market phase review product vulnerabilities and recommend security design solutions and support the coordinated vulnerability disclosure process.

Job Title - ISRM Senior Analyst Product Cybersecurity

Fully remote working.

Work timings - 8:00 AM to 5:00 PM EST

Key Responsibilities:

• Support cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
• Support cyber defense trend analysis and reporting.
• Support security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy using threat modeling.
• Conduct research analysis and correlation across a wide variety of all source data sets (indications and warnings).
• Support risk analysis (e.g. threat vulnerability and probability of occurrence) whenever an application or system undergoes a major change.
• Provide input to the Risk Management Framework process activities and related documentation (e.g. system life-cycle support plans concept of operations operational procedures and maintenance training materials).
• Support the creation of plans of action and breakthroughs or remediation plans are in place for vulnerabilities identified during risk assessments
• Applies ISRM product security policies and standards when performing all duties
• Anything a team member can do that contributes to improved systems reliability and availability is within scope.

Qualifications:

• Bachelors degree or equivalent in Computer Science or similar engineering field
• Minimum 3 years relevant experience or equivalent combination of education/experience.
• Must be experienced in Vulnerability Management including scanning remediation stakeholder engagement system administration and engineering.
• Experience with SBOM creation/scanning automation

Preferred Skills:

• Experienced in the following disciplines: APIs Security Vulnerability Scan compliance and threat detection OWASP Top 10 API Security Web App Security AppSec SAST DAST and SCA (Software composition analysis).
• Experience or good understanding of the different enterprise components to publish and use APIs (e.g. API Gateways (Apigee) Microservices Cloud Components Load Balancers WAFs)
• Experience with API security testing vulnerability scan and compliance reporting.
• Experience with OWASP Top 10 for Web App & APIs.
• Experience with Postman Collections Swagger OpenAPI and other common formats for coordinating and functionally testing REST APIs.
• Excellent analytical written and verbal communication skills capable of explaining sophisticated requirements in simple words.
• Any programming or integration experience in the past will be highly beneficial.
• Healthcare medical equipment network integration management experience.
• Cybersecurity management experience preferably with medical devices.

Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity age national origin or protected veteran status and will not be discriminated against on the basis of disability.