ISRM Senior Analyst Product Cybersecurity

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at https://www.jnj.com

Job Function:

Job Sub Function:

Job Category:

All Job Posting Locations:

Job Description:

The ISRM Senior Analyst Product Cybersecurity will play a key role in the support of J&J’s enterprise Product Cyber Risk Management Process. This includes crafting and communicating metrics to Medtech management, identifying communications plans and raising overall awareness of the capability. Specific responsibilities include supporting Medtech Business Units throughout the post market phase, review product vulnerabilities and recommend security design solutions, and support the coordinated vulnerability disclosure process.

Job Title - ISRM Senior Analyst Product Cybersecurity

Fully remote working.

Work timings - 8:00 AM to 5:00 PM EST

• Support cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
• Support cyber defense trend analysis and reporting.
• Support security reviews and identify security gaps in security architecture resulting in recommendations for inclusion in the risk mitigation strategy using threat modeling.
• Conduct research, analysis, and correlation across a wide variety of all source data sets (indications and warnings).
• Support risk analysis (e.g., threat, vulnerability, and probability of occurrence) whenever an application or system undergoes a major change.
• Provide input to the Risk Management Framework process activities and related documentation (e.g., system life-cycle support plans, concept of operations, operational procedures, and maintenance training materials).
• Support the creation of plans of action and breakthroughs or remediation plans are in place for vulnerabilities identified during risk assessments
• Applies ISRM product security policies and standards when performing all duties
• Anything a team member can do that contributes to improved systems reliability and availability is within scope.

• Bachelor’s degree or equivalent in Computer Science or similar engineering field
• Minimum 3+ years relevant experience, or equivalent combination of education/experience.
• Must be experienced in Vulnerability Management, including scanning, remediation, stakeholder engagement, system administration and engineering.
• Experience with SBOM creation/scanning automation

• Experienced in the following disciplines: APIs Security, Vulnerability Scan, compliance and threat detection, OWASP Top 10 API Security, Web App Security, AppSec, SAST, DAST, and SCA (Software composition analysis).
• Experience or good understanding of the different enterprise components to publish and use APIs (e.g., API Gateways (Apigee), Microservices, Cloud Components, Load Balancers, WAFs)
• Experience with API security testing, vulnerability scan and compliance reporting.
• Experience with OWASP Top 10 for Web App & APIs.
• Experience with Postman Collections, Swagger, OpenAPI, and other common formats for coordinating and functionally testing REST APIs.
• Excellent analytical, written, and verbal communication skills – capable of explaining sophisticated requirements in simple words.
• Any programming or integration experience in the past will be highly beneficial.
• Healthcare medical equipment network integration management experience.
• Cybersecurity management experience, preferably with medical devices.

Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.