Johnson & Johnson Careers

Manager, Application Security Governance

New Brunswick, New Jersey; Providence, Rhode Island; Raritan, New Jersey; Tampa, Florida; New Jersey, United States
Information Security

Job Description

Requisition ID: 5929180705

Johnson & Johnson is currently recruiting for a Manager, Application Security Governance. The primary preferred location for this role is Providence, Rhode Island with alternate locations being in Raritan, New Jersey or Tampa, Florida.


Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 125 years. We embrace research and science -- bringing innovative ideas, products and services to advance the health and well-being of people. Employees of the Johnson & Johnson Family of Companies work with partners in health care to touch the lives of over a billion people every day, throughout the world.


With $76.5 billion in 2017 sales, Johnson & Johnson is the world's most comprehensive and broadly-based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical devices and diagnostics markets. There are more than 265 Johnson & Johnson operating companies employing approximately 126,500 people and with products touching the lives of over a billion people every day, throughout the world. If you have the talent and desire to touch the world, Johnson & Johnson has the career opportunities to help make it happen.


Thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to inclusion.  Proud to be an equal opportunity employer


As a part of the Application Security Governance team, the Manager Application Security and Governance is responsible for:

  • Defining and deploying J&J enterprise application security processes and tooling capabilities as part of the J&J Application Security Program. These include, for example, threat modelling, static and dynamic analysis, open source component management, integration with DevOps toolset and workflow, etc.
  • Supporting application security SMEs and IT development teams in defining security standards and secure application architecture re-use patterns across diverse architectures including internal and external private cloud, SaaS/PaaS, API frameworks, ‘big data’/in-memory and machine learning technologies.
  • Providing security education and awareness to JJT Technical Services (TS) NA development team personnel through ongoing engagement and collaboration.
  • Monitoring the industry landscape for emerging threats, technologies and capabilities.

Major Duties & Responsibilities

Approximate Percentage of Time - Tasks/Duties/Responsibilities

  • 20% - Develop technical standards and associated training materials and implementation guidance.
  • 20% - Support identification and implementation of application security tools (e.g., scanning, code review, etc.)
  • 30% - Engage with NA Technical Services Development personnel to provide ongoing education, awareness and act as a security SME and advisor for the development team personnel.
  • 20% - Stay abreast of new technologies and technology service models for the application security space and provide out of the box thinking to assist stakeholders in designing, assessing, and implementing IT internal controls for new technologies, projects, and existing applications.
  • 10% - Actively monitor new threats and vulnerabilities, advising development teams and other relevant personnel on appropriate actions to address them.

  • A Bachelor’s degree, or equivalent experience, is preferred.
  • A minimum of 5 years of experience working in application security is required.
  • Hands-on implementation level understanding of the OWASP Top 10 for both web and mobile is preferred. 
  • Experience of working for at least 3 years as either a software developer or an application penetration tester is required.
  • Experience of working with security techniques and tools including threat modelling, static/dynamic/interactive software analysis tools, software composition analysis tools, source code management tools, continuous integration tools and repository tools is preferred.
  • Experience analyzing application architecture to identify security gaps and designing solutions is preferred.
  • Knowledge of the application security landscape including trends in process, tooling and threats is required.
  • Demonstrable track record of working within large projects and managing multiple competing priorities.
  • Strong knowledge of IT internal controls.
  • Big Picture/Attention to Detail – align strategic and tactical security aspects.
  • Results Orientation/Sense of Urgency – ability to drive to tight timelines.
  • Excellent interpersonal skills.
  • Creative problem-solving skills.
  • Customer focus (internal & external).
  • Excellent communication skills, able to network, interface and influence at all levels of the organization, cross sector, cross-functionally and globally.
  • Proven ability to influence/collaborate to get to desired result. 
  • Strong leadership skills.
  • Up to 20% domestic and international travel is required.  

Primary Location
United States-New Jersey-New Brunswick
Other Locations
North America-United States-New Jersey, North America-United States-Rhode Island-Providence, North America-United States-Florida-Tampa, North America-United States-New Jersey-Raritan
Johnson & Johnson Services Inc. (6090)
Job Function
Information Security
Requisition ID