Johnson & Johnson Careers

Manager Pen Testing Services

Raritan, New Jersey; Fort Washington, Pennsylvania
Information Security

Job Description

Requisition ID: 5899190531

The Product Security team within Johnson & Johnson’s Information Security & Risk Management (ISRM) is recruiting for a Pen Testing Services Manager responsible for supporting the product security program of pre and post market management of digital and connected systems and products and their ecosystems manufactured and developed by the Johnson & Johnson Family of Companies globally. In this position, the preferred locations are Raritan, NJ or Fort Washington, PA.

Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 125 years. We embrace research and science -- bringing innovative ideas, products, and services to advance the health and well-being of people. Employees of the Johnson & Johnson Family of Companies work with partners in health care to touch the lives of over a billion people every day, throughout the world.

The Pen Testing Services manager will join the Johnson & Johnson Product Security team, whose overall mission is to ensure that systems and products of the Johnson & Johnson Family of Companies are built on Cybersecurity best practices and that Cybersecurity Risks in marketed products are properly managed to support our customer’s safety and security.

The main responsibility of this role is to help ensure that software, hardware, and related components supporting systems and products of the J&J Family of Companies are protected from cyber-attacks. In this role, you will be a part of a growing team and will be leading the development of the penetration testing security services and practices for Johnson & Johnson. Your responsibilities will include leading pen testing teams, managing 3d party partners, identifying and managing key strategies and goals, partnering with internal organizations on process and policy enhancements, identifying communications plans, and raising overall awareness of the cybersecurity of platforms and capabilities. This is essential for patient safety and confidence in Johnson & Johnson products and for security of the Johnson & Johnson enterprise systems.

  • Engage in Credo-based decision-making
  • Identify and drive Pen testing services strategy and goals
  • Partner with internal organizations to enhance existing processes and policies
  • Define, create, and present metrics to senior management
  • Partner with external organizations and industry groups to represent Johnson & Johnson
  • Provide security architecture guidance / review for new product development or product updates
  • Assist in investigations of J&J product security incidents by providing a technical evaluation / recreation of the compromise
  • Oversee 3rd party product penetration tests and perform internal product penetration tests as needed
  • Conduct technical research on new vulnerabilities / exploits / methods and help determine overall risk to products
  • Provide periodic training opportunities to Product Security Managers on technical security topics related to attack / defense of products
  • Evaluate or develop new tools / methods to assist in product penetration testing
  • Conduct penetration tests individually and/or as part of the team and create reports

  • An understanding of Software as a Medical Device, embedded system security, application security mechanisms, such as authentication and authorization techniques, data validation, and the proper use of encryption is required
  • An understanding of, and the ability to recognize, various types of application, infrastructure, and protocol security vulnerabilities is required
  • Working knowledge of pen testing tools including but not limited to Metasploit, NetworkMiner, Burp Suite
  • Knowledge of OWASP Top 10, CVSS, and CVE is required
  • Experience with Bug bounty program management is desired
  • Proven analytical and problem-solving skills, as well as the desire to assist others in solving issues is required
  • Highly effective internal and external communicator with exceptional oral, written, and presentation skills is required
  • Willingness and the ability to learn in a dynamic environment is required
  • A real passion for, and knowledge of, leading and new technologies is required
  • Highly motivated with the willingness to take ownership / responsibility as well as the ability to work alone or as part of a team is required
  • A Bachelor’s degree is preferred or relevant experience preferably in computer science, risk management, security, or a related area
  • A minimum of 8 years of relevant experience is required
  • A minimum of 3 years of Product Security experience is required
  • CISSP and GPEN are required
  • One or more of the following certifications are desired CSSLP, HCISPP, GAWN, GICSP, CISM
  • This position may sit in Raritan, NJ or Fort Washington, PA and will require up to 20% travel

Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.


Primary Location
United States-New Jersey-Raritan-
Other Locations
North America-United States-Pennsylvania-Fort Washington
Johnson & Johnson Services Inc. (6090)
Job Function
Information Security
Requisition ID