Principal Attack Surface Management

Warsaw - Poland

Monthly Salary: Not Disclosed

Posted on: Yesterday

Vacancies: 1 Vacancy

Job Summary

At Johnson & Johnsonwe believe health is everything. Our strength in healthcare innovation empowers us to build aworld where complex diseases are prevented treated and curedwhere treatments are smarter and less invasive andsolutions are our expertise in Innovative Medicine and MedTech we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow and profoundly impact health for more at

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Security & Controls

Job Category:

Scientific/Technology

All Job Posting Locations:

São Paulo Brazil Warsaw Masovian Poland

Job Description:

At Johnson & Johnson we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented treated and cured where treatments are smarter and less invasive and solutions are personal. Through our expertise in Innovative Medicine and MedTech we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow and profoundly impact health for humanity. Learn more at

Role Objective:

Senior ASM vulnerability management specialist (7 years) responsible for identifying prioritizing and remediating vulnerabilities across web apps and infrastructure in on-prem and cloud environments. Authority in designing configuring and maintaining scanning controls and programs. Leads exploitation simulations exposure management and meticulous analysis to drive risk reduction across a global enterprise. Collaborates with security operations and development teams; accelerates detection and remediation through automation; strengthens security posture and regulatory compliance.

Responsibilities

Define and implement secure baseline configurations aligned with CIS Benchmarks across OS apps and cloud resources.
Develop remediation playbooks and policy-as-code to ensure consistent secure configurations.
Conduct regular vulnerability assessments (Windows Linux network devices); map findings to controls and business risk; drive prioritized actions.
Lead remediation planning; track progress in ITSM systems; deliver executive-ready compliance reports.
Oversee onboarding maintenance and support of vulnerability assessment controls and other tools used by the ASM team.
Maintain continuous compliance monitoring and gap analysis for audit readiness.
Plan coordinate and implement targeted testing (web apps APIs infrastructure cloud) using automated tools and skilled manual testing.
Validate findings with evidence; collaborate with engineering to verify remediation effectiveness; re-test as needed.
Integrate vulnerability findings into SIEM ITSM CMDB and DevSecOps tooling; automate ticketing and remediation workflows.
Leverage threat intel and threat modeling to prioritize tests and remediation efforts.
Coordinate platform support and cloud security posture management (AWS/Azure) to scale and strengthen security posture.
Create clear concise documentation to support colleagues and stakeholders.

Qualifications

7 years in vulnerability management/secure configurations; relevant certifications (e.g. CISSP GIAC OSCP) preferred.
Solid experience with CIS Benchmarks cloud security tooling SIEM/ITSM integrations and threat modeling.
Excellent stakeholder communication and executive reporting skills.

Nice-to-haves

Experience with regulatory frameworks (NIST CSF 800-53 ISO 27001 PCI-DSS HIPAA).
Prior experience conducting controlled exploitation simulations or red-team/blue-team exercises.

Johnson & Johnson Family of Companies are equal opportunity employers and all qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity genetic information national origin protected veteran status disability status or any other characteristic protected by law.

Required Skills:

Preferred Skills:

Business Process Design Crisis Management Critical Thinking Information Security Auditing Information Security Management System (ISMS) Information Technology (IT) Security Assessments Information Technology Strategies Mentorship Organizing Presentation Design Process Optimization Root Cause Analysis (RCA) Security Architecture Design Security Policies Technical Credibility Vulnerability Management

Required Experience:

Staff IC

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Security & Controls

Job Category:

Scientific/Technology

All Job Posting Locations:

São Paulo Brazil Warsaw Masovian Poland

Job Description:

At Johnson & Johnson we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented treated and cured where treatments are smarter and less invasive and solutions are personal. Through our expertise in Innovative Medicine and MedTech we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow and profoundly impact health for humanity. Learn more at

Role Objective:

Responsibilities

Define and implement secure baseline configurations aligned with CIS Benchmarks across OS apps and cloud resources.
Develop remediation playbooks and policy-as-code to ensure consistent secure configurations.
Conduct regular vulnerability assessments (Windows Linux network devices); map findings to controls and business risk; drive prioritized actions.
Lead remediation planning; track progress in ITSM systems; deliver executive-ready compliance reports.
Oversee onboarding maintenance and support of vulnerability assessment controls and other tools used by the ASM team.
Maintain continuous compliance monitoring and gap analysis for audit readiness.
Plan coordinate and implement targeted testing (web apps APIs infrastructure cloud) using automated tools and skilled manual testing.
Validate findings with evidence; collaborate with engineering to verify remediation effectiveness; re-test as needed.
Integrate vulnerability findings into SIEM ITSM CMDB and DevSecOps tooling; automate ticketing and remediation workflows.
Leverage threat intel and threat modeling to prioritize tests and remediation efforts.
Coordinate platform support and cloud security posture management (AWS/Azure) to scale and strengthen security posture.
Create clear concise documentation to support colleagues and stakeholders.

Qualifications

7 years in vulnerability management/secure configurations; relevant certifications (e.g. CISSP GIAC OSCP) preferred.
Solid experience with CIS Benchmarks cloud security tooling SIEM/ITSM integrations and threat modeling.
Excellent stakeholder communication and executive reporting skills.

Nice-to-haves

Experience with regulatory frameworks (NIST CSF 800-53 ISO 27001 PCI-DSS HIPAA).
Prior experience conducting controlled exploitation simulations or red-team/blue-team exercises.

Required Skills:

Preferred Skills:

Required Experience:

Staff IC

Key Skills

Business Development
Classroom Experience
Dayforce
Go
Cloud Computing
AWS
Teaching
Administrative Experience
Leadership Experience
negotiation
SAS
Data Analysis Skills

Apply Now

About Company

Johnson & Johnson

About Johnson & Johnson A t Johnson & Johnson, we believe good health is the foundation of vibrant lives, thriving communities and forward progress. That’s why for more than 130 years, we have aimed to keep people well at every age and every stage of life. Today, as the world’s larges ... View more

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click