Johnson & Johnson Medical Device Companies is recruiting for a Cloud Security Administrator/Engineer located in Somerville, NJ.
Johnson & Johnson Medical Device Companies produce a broad range of innovative products and solutions used primarily by health care professionals in the fields of general surgery, orthopedics, neurological disease, infection prevention, cardiovascular disease, and aesthetics. As the most comprehensive devices business in the world, J&J Medical Devices is the best suited to serve evolving customer needs, train more surgeons to improve standards of care, and treat more patients globally as access expands.
The Cloud Security Administrator/Engineer for our Digital Surgery group will have strong technical knowledge of security practices of key public cloud offerings such as Microsoft Azure and Amazon Web Services to build and administer cloud infrastructure platform as a Product within digital ecosystem for medical devices.
• Perform Cloud Security Assessments of Cloud platforms/environments using industry standard frameworks.
• Establish secure design patterns ensuring security and compliance of the cloud environment.
• Implement industry leading practices around cyber risks and cloud security.
• Implement the HITRUST, HIPAA, GDPR and CCPA regulation requirements.
• Design and Develop Cloud-specific security policies, standards and procedures e.g. Identity and Access Management (SSO, SAML), and Privilege Access Management (PAM), Firewall management, SSL/IPSec, Encryption Key Management (BYOK), Security incident and event management (SIEM), Data protection (DLP, encryption), Vulnerability Management in partnership with Infrastructure Services, and Application Development.
• Develop Security automation and APIs in the Public Cloud across the key pillars of security namely IAM, CICD Security, Security Logging, Incident Response, Data Protection, Compliance Validation. Security Analytics, Vulnerability Management, Platform and Application Threat Modeling etc.
• Orchestrate & Automate security control (guardrails) in Azure and AWS compute &/or Container services.
• Follows automate-first automate-everything philosophy with use of technologies like Terraform.
• Focus on Platform Governance & Security and automating operational tasks wherever possible.
Minimum of a bachelor’s degree in IT or related engineering field is required. A master’s degree in IT or related Engineering field is preferred.
Experience and Skills:
• Minimum of 5- 7 years of experience in infrastructure security discipline covering, data, systems and public cloud environments
• Minimum of 5 - 7 years of Security Architecture and/or Engineering experience and cloud security administration
• Proven experience with assessment, development, implementation, optimization, and documentation of a comprehensive and broad set of security technologies and processes (secure software development (Application Security), data protection, cryptography, key management, identity and access management (IAM) and network security
• Experience with perimeter security and firewall technologies on Azure and AWS
• Experience with Container technologies (Docker, Kubernetes)
• Experience executing in an Agile software development methodology
• Experience with addressing HITRUST, HIPAA, GDPR and CCPA regulation requirements
• Experience with Vulnerability Management and Privilege Account management
• Experience with Infrastructure as Code Automation (Terraform)
• Experience with deployment orchestration, automation, and security configuration management
• Experience performing threat modeling and design reviews to assess security implications and requirements for introduction of new technologies.
• Microsoft Azure and/or AWS certification
• DevOps experience
This position may require up to 10% travel, domestic and international.
Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
United States-New Jersey-Somerville-
Johnson & Johnson Services Inc. (6090)