Johnson and Johnson is currently recruiting for a Manager, Product SecurityDevSecOps within the Johnson Johnson Technology (JJT) organization.

At Johnson Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated and cured, where treatments are smarter and less invasive and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow and profoundly impact health for humanity. Learn more athttps://www.jnj.com/.

The Manager, Product Security DevSecOps will be responsible for implementation of JJ’s enterprise Product Security tooling for MedTech. This includes identifying key strategy and goals, collaborating with internal organizations on existing process and policy enhancements, creating and communicating metrics to MedTech management, identifying communications plans and raising overall awareness of the capability. Specific responsibilities include supporting MedTech business units throughout a new product’s development phases, review product security requirements and recommend security design solutions, to ensure automation of security tooling inside of development pipelines.

Key Responsibilities:

Design solutions to enable global cloud provisioning and migrationDesign and build software tools to enable self-service and no ops capabilitiesGuide teams working with Azure PaaS and Atlassian ServicesGuide team members working with Azure in problem solving and implementationBe a subject matter expert on Azure IaaS and PaaS services for the MedTech platform engineering teamWork with tools such as Git, Azure DevOps, Artifactory, and other similar toolingBuild and consume REST APIsContribute to dev ops workflows through expert guidance and support for MedTech business unit security automationApplies ISRM product security policies and standards when performing all dutiesAnything a team member can do that contributes to enhanced systems reliability and availability is within scope.

Johnson and Johnson is currently recruiting for a Manager, Product SecurityDevSecOps within the Johnson Johnson Technology (JJT) organization.

At Johnson Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated and cured, where treatments are smarter and less invasive and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow and profoundly impact health for humanity. Learn more athttps://www.jnj.com/.

The Manager, Product Security DevSecOps will be responsible for implementation of JJ’s enterprise Product Security tooling for MedTech. This includes identifying key strategy and goals, collaborating with internal organizations on existing process and policy enhancements, creating and communicating metrics to MedTech management, identifying communications plans and raising overall awareness of the capability. Specific responsibilities include supporting MedTech business units throughout a new product’s development phases, review product security requirements and recommend security design solutions, to ensure automation of security tooling inside of development pipelines.

Key Responsibilities:

Design solutions to enable global cloud provisioning and migrationDesign and build software tools to enable self-service and no ops capabilitiesGuide teams working with Azure PaaS and Atlassian ServicesGuide team members working with Azure in problem solving and implementationBe a subject matter expert on Azure IaaS and PaaS services for the MedTech platform engineering teamWork with tools such as Git, Azure DevOps, Artifactory, and other similar toolingBuild and consume REST APIsContribute to dev ops workflows through expert guidance and support for MedTech business unit security automationApplies ISRM product security policies and standards when performing all dutiesAnything a team member can do that contributes to enhanced systems reliability and availability is within scope.

Required:

Bachelor’s degree or equivalent work experience required5 years of DevOps experience2 years of DevSecOps Experience2 years of software development experienceUnderstanding of DevOps pipeline and CI/CD toolsand ability to mentor and teach others complex CI/CD and application conceptsWorking knowledge of Waterfall, Agile, and primarily DevOps development methodologiesWorking knowledge of tools such as Git, Azure DevOps, Artifactory, and other similar toolingExperience with Agile methodologies

Preferred:

Experience with SBOM Automation ToolingFamiliarity with system and security design principles of medical device back-end softwareIn-depth understanding of cloud security principles and hands-on experience with cloud platforms such as AWS, Azure, or Google CloudDemonstrated mastery in IaC tools and technologies with a deep understanding of IaC principles and best practicesStrong understanding and experience with RESTful API’sAdvanced knowledge of one or more scripting languages, such as Python, Bash, or PowerShellExperience with one or more programming languages, such as Type/JavaScript, JAVA, or PHP or PythonProficiency in using SIEM for monitoring and analyzing security eventsExtensive experience and expertise in leveraging tools for automating security processes within the development pipelineUnderstanding of Quality Design Control processes and FDA submission processes.Experience with web applications and server hardening (i.e. AWS, Azure) including knowledge of OWASP Top 10 and blue teaming techniques

Other:

Proficiency in EnglishLimited travel is required, up to 10%, including international travel.

The anticipated base pay range for this position in the United States is $100,000 to $172,500. California Bay Area - The anticipated base pay range for this position is $114,000 to $197,800.

The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar/performance year. Bonuses are awarded at the Company’s discretion on an individual basis.

Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance.Employees may be eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).Employees are eligible for the following time off benefits:Vacation – up to 120 hours per calendar yearSick time - up to 40 hours per calendar year; for employees who reside in the State of Washington – up to 56 hours per calendar yearHoliday pay, including Floating Holidays – up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar yearAdditional information can be found through the link below. https://www.careers.jnj.com/employee-benefits

The compensation and benefits information set forth in this posting applies to candidates hired in the United States. Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market."

Required:

Bachelor’s degree or equivalent work experience required5 years of DevOps experience2 years of DevSecOps Experience2 years of software development experienceUnderstanding of DevOps pipeline and CI/CD toolsand ability to mentor and teach others complex CI/CD and application conceptsWorking knowledge of Waterfall, Agile, and primarily DevOps development methodologiesWorking knowledge of tools such as Git, Azure DevOps, Artifactory, and other similar toolingExperience with Agile methodologies

Preferred:

Experience with SBOM Automation ToolingFamiliarity with system and security design principles of medical device back-end softwareIn-depth understanding of cloud security principles and hands-on experience with cloud platforms such as AWS, Azure, or Google CloudDemonstrated mastery in IaC tools and technologies with a deep understanding of IaC principles and best practicesStrong understanding and experience with RESTful API’sAdvanced knowledge of one or more scripting languages, such as Python, Bash, or PowerShellExperience with one or more programming languages, such as Type/JavaScript, JAVA, or PHP or PythonProficiency in using SIEM for monitoring and analyzing security eventsExtensive experience and expertise in leveraging tools for automating security processes within the development pipelineUnderstanding of Quality Design Control processes and FDA submission processes.Experience with web applications and server hardening (i.e. AWS, Azure) including knowledge of OWASP Top 10 and blue teaming techniques

Other:

Proficiency in EnglishLimited travel is required, up to 10%, including international travel.

The anticipated base pay range for this position in the United States is $100,000 to $172,500. California Bay Area - The anticipated base pay range for this position is $114,000 to $197,800.

The Company maintains highly competitive, performance-based compensation programs. Under current guidelines, this position is eligible for an annual performance bonus in accordance with the terms of the applicable plan. The annual performance bonus is a cash bonus intended to provide an incentive to achieve annual targeted results by rewarding for individual and the corporation’s performance over a calendar/performance year. Bonuses are awarded at the Company’s discretion on an individual basis.

Employees and/or eligible dependents may be eligible to participate in the following Company sponsored employee benefit programs: medical, dental, vision, life insurance, short- and long-term disability, business accident insurance, and group legal insurance.Employees may be eligible to participate in the Company’s consolidated retirement plan (pension) and savings plan (401(k)).Employees are eligible for the following time off benefits:Vacation – up to 120 hours per calendar yearSick time - up to 40 hours per calendar year; for employees who reside in the State of Washington – up to 56 hours per calendar yearHoliday pay, including Floating Holidays – up to 13 days per calendar year of Work, Personal and Family Time - up to 40 hours per calendar yearAdditional information can be found through the link below. https://www.careers.jnj.com/employee-benefits

The compensation and benefits information set forth in this posting applies to candidates hired in the United States. Candidates hired outside the United States will be eligible for compensation and benefits in accordance with their local market."