IT Lead, Application Security Engineering

Full Time
Raritan, NJ
Areas of Interest: Software Assurance and Security Engineering
report a problem

Feed your passion.
What type of mark will YOU make?
Johnson & Johnson is currently recruiting for a IT Lead, Application Security Engineering within its Information Security and Risk Management (ISRM) group. This position will be based out of Raritan, NJ.
Johnson & Johnson, through its operating companies, is the world's most comprehensive and broadly based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical devices and diagnostics markets. We strive to provide scientifically sound, high quality products and services to help heal, cure disease and improve the quality of life.
Thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to inclusion. Proud to be an equal opportunity employer.
Johnson & Johnson recognizes that information is a critical business asset and that our ability to manage, control and protect this asset will have a direct and significant impact on our success as a business. As a part of the Application Security Architecture & Engineering team, the IT Lead Application Security Engineering is responsible for- developing, deploying and training target audiences on application security processes and tooling capabilities as part of the J&J Application Security Program. These include, for example, threat modelling, static and dynamic analysis, vulnerability scanning, penetration testing etc. The role also supports application security SMEs and IT development teams in defining security standards and secure application architecture re-use patterns. The IT Lead also monitors the industry landscape for emerging threats, technologies and capabilities.
  • Develop and publish technical standards, policies and associated training materials and implementation guidance.
  • Design/ acquire and implement specific security solutions (e.g., vulnerability scan, code review)
  • Act as expert advisor on projects (e.g., tailored security design required).
  • Stay abreast of new technologies and technology service models (e.g., cloud, containerization, use of frameworks, IoT, DevSecOps, use of AI and machine learning, virtualization/cloud hybrid, etc.) and provide out of the box thinking to assist stakeholders in designing, assessing, and implementing IT internal controls for new technologies, projects, and existing applications.
  • Actively monitor security scenario (e.g., new vulnerabilities, new threats)
  • Bachelor’s degree or equivalent experience is required. 
  • A minimum of 5 years of experience working in application security is required including hands-on implementation level understanding of the OWASP Top 10 for both web and mobile.
  • Experience of working for at least 3 years as either a software developer or an application penetration tester is required.
  • Experience of working with security techniques and tools including threat modelling, static/dynamic/interactive software analysis tools, software composition analysis tools, source code management tools, continuous integration tools and repository tools is required.
  • Experience analyzing application architecture to identify security gaps and designing solutions is required.
  • Strong knowledge of the application security landscape including trends in process, tooling and threats is required.
  • Demonstrable track record of working within large projects is preferred. 
  • Ability to manage multiple competing priorities is required.
  • Strong knowledge of IT internal control is required
  • Big Picture/Attention to Detail – align strategic and tactical security aspects is required.
  • Results Orientation/Sense of Urgency – ability to drive to tight timelines is required. 
  • Excellent communication skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally is required.
  • Proven ability to influence/collaborate to get to desired result is required.  
  • Strong leadership skills are required. 

Primary Location:  United States-New Jersey-Raritan
Organization:  Johnson & Johnson Services Inc. (6090)
Job Function:  Information Security
Requisition ID:  7401170407

Johnson & Johnson Family of Companies are equal opportunity employers, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, protected veteran status, disability status, or any other characteristic protected by law. EEO is the law | EEO is the law GINA Supplement

Share this job:

Johnson & Johnson

Caring for the world, one person at a time... inspires and unites the people of Johnson & Johnson. We embrace research and science - bringing innovative ideas, products and services to advance the health and well-being of people. Employees of the Johnson & Johnson Family of Companies work with partners in health care to touch the lives of over a billion people every day, throughout the world.

Our Family of Companies comprises:

The world’s premier consumer health company.
The world’s largest and most diverse medical devices company.
The world’s third-largest biologics company.
And the world’s sixth-largest pharmaceuticals company.

We have more than 250 operating companies in 57 countries employing 120,200 people. Our worldwide headquarters is in New Brunswick, New Jersey, USA.

Health Care, Medical Devices & Diagnostics, Pharmaceuticals, Consumer
Visit Johnson & Johnson's Social Media pages:
Company Industry: Hospital & Health Care
Company Type: Public Company
Company Size: 10,001+