close-menu

Principal Exposure Management

Johnson & Johnson

Not Interested
Bookmark
Report This Job
profile Job Location:

Warsaw - Poland

profile Monthly Salary: Not Disclosed
Posted on: Yesterday
Vacancies: 1 Vacancy
Register to Apply

Job Summary

At Johnson & Johnsonwe believe health is everything. Our strength in healthcare innovation empowers us to build aworld where complex diseases are prevented treated and curedwhere treatments are smarter and less invasive andsolutions are our expertise in Innovative Medicine and MedTech we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow and profoundly impact health for more at

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Security & Controls

Job Category:

Scientific/Technology

All Job Posting Locations:

São José dos Campos São Paulo Brazil Warsaw Masovian Poland

Job Description:

Johnson & Johnson is currently recruiting for a Principal Attack Surface Management within the Information Security and Risk Management (ISRM) organization.

This position is based out of Warsaw Poland or São José dos Campos Brazil.

As a member of the Attack Surface Management (ASM) team you will lead J&Js Exposure Management. Continuously discover quantify and reduce internal and external attack surface. You will turn findings into prioritized action lead adversarial validation and collaborate across security and technology teams to deliver measurable risk reduction. Driving remediation across onprem and cloud environments - consistently and with measurable impact!

Key Responsibilities:

  • Support Exposure and Attack Surface Management platform configuration scalability upgrades policy enforcement and overall health.

  • Partner with ASM vendor to coordinate platform issues upgrades maintenance roadmaps and feature requests.

  • Drive detection and prioritization: tune and automate detection rules enrichment and correlation logic to reduce false positives and accelerate response.

  • Support ingestion and delivery of exposure and incident data into enterprise risk tools to support incident response containment and postincident review.

  • Ensure exposure management practices align with CIS NIST and applicable compliance requirements.

  • Produce actionable reporting and indicators (heat maps MTTR exploitable exposure reduction observability coverage) to guide prioritization and executive decision-making.

  • Plan authorize and coordinate adversarial exposure programs (pen tests Red Team Purple Team) defining scope rules of engagement success criteria and approvals.

  • Perform or coordinate authorized exploit validation and proof of concept development in isolated labs; operationalize findings into CTEM/ASM workflows to adjust scoring tune detection and trigger remediation/ticketing.

  • Collaborate multi-functionally with Technology teams Cloud Security Application Security Identity the Cyber Defense Center and business owners to coordinate fixes and risk acceptance.

Experience and Skills:

Required:

  • 8 years in security engineering exposure/attack surface management vulnerability management or similar roles.

  • Handson experience with CTEM/ASM platforms and asset discovery tools and integrating them into enterprise tooling.

  • Strong scripting and automation skills (Python PowerShell or equivalent) for integrations enrichment and remediation orchestration via APIs.

  • Demonstrable experience conducting or coordinating authorized exploit validation PoC testing and working with Pen Test/Red Team/Purple Team engagements.

  • Solid knowledge of exposure and risk prioritization methodologies threat intelligence ingestion and exploitability scoring.

  • Demonstrated ability to build remediation playbooks automate ticketing/workflows and drive multi-functional remediation at scale.

  • Ability to translate technical vulnerabilities into business risk language for executive and business-owner reporting.

  • Proven track record of producing measurable outcomes (reduced exploitable exposures improved MTTR increased observability coverage).

Preferred:

  • Certifications: CISSP GPEN GWAPT CRISC OSCP/OSWE or equivalent; cloud security certs (AWS/Azure/GCP) a plus.

  • Prior experience in large hybrid enterprises or compliance-focused environments adhering to security frameworks such as CIS and NIST.

  • Vendor management experience including platform evaluation roadmap alignment and procurement support.

  • Strong dataanalytics approach: experience building dashboards and executivelevel key risk metrics.

For more information on how we support the whole health of our employees throughout their wellness career and life journey please visit .

Required Skills:

Preferred Skills:

Business Process Design Crisis Management Critical Thinking Information Security Auditing Information Security Management System (ISMS) Information Technology (IT) Security Assessments Information Technology Strategies Mentorship Organizing Presentation Design Process Optimization Root Cause Analysis (RCA) Security Architecture Design Security Policies Technical Credibility Vulnerability Management

Required Experience:

Staff IC

At Johnson & Johnsonwe believe health is everything. Our strength in healthcare innovation empowers us to build aworld where complex diseases are prevented treated and curedwhere treatments are smarter and less invasive andsolutions are our expertise in Innovative Medicine and MedTech we are unique...
View more view more

Key Skills

  • Business Development
  • Classroom Experience
  • Dayforce
  • Go
  • Cloud Computing
  • AWS
  • Teaching
  • Administrative Experience
  • Leadership Experience
  • negotiation
  • SAS
  • Data Analysis Skills
Apply Now

About Company

Johnson & Johnson
Company Logo

About Johnson & Johnson A t Johnson & Johnson, we believe good health is the foundation of vibrant lives, thriving communities and forward progress. That’s why for more than 130 years, we have aimed to keep people well at every age and every stage of life. Today, as the world’s larges ... View more

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click

AI AutoApply

AI Resume Builder

Create an ATS-ready CV in minutes

AI Resume Builder

AI Cover Letter

Write a personalized letter instantly

AI Cover Letter

Related Jobs

Internship Network Security Policy Management Support (fm)

Bosch Group

profile Warszawa

Principal Attack Surface Management

Johnson & Johnson

profile Warsaw

Learning Management System Administrator, Poland

Exact Sciences

profile Warsaw

Learning Management Systems Coordinator II, Poland

Exact Sciences

profile Warsaw

Junior Contract Management Specialist (maternity cover)

Motorola Solutions

profile Kraków

HR Specialist – Talent Management & Learning

Qvc

profile Kraków

Risk Management Specialist with German | Infrastructure Managed Services

Pricewaterhousecoopers

profile Warsaw

Principal Software Engineer (Ruby Expert)

Sigma Software

profile Warsaw
  1. Home
  2. Jobs In Poland
  3. Jobs In Warsaw
  4. Principal Exposure Management
About Dr.Job

Dr.Job is an AI-powered career platform that bridges the gap between employers and talented job seekers. Since 2015, we have been one of the leading job portals in the UAE, trusted by thousands daily to find opportunities faster and smarter. Today, Dr.Job is expanding worldwide, connecting professionals and employers across borders. With AI-driven tools for resume building, interview preparation, and automated applications, Dr.Job empowers job seekers to land their dream roles and helps employers find top talent with accuracy and speed.

Follow Dr.Job
Payment accepted icon
Company
Popular Searches
Employer
Quick Links
Job seeker
Jobs by Countries

Dr Job FZ LLC. 2025 © All Rights Reserved

Terms of Use. Privacy Policy. Cookie Policy