Manager, Product Security Vulnerability Management

$99,000 - $170,200/Yr

Johnson & Johnson - Providence, RI

posted 24 days ago

Full-time - Manager

Remote - Providence, RI

Chemical Manufacturing

About the position

The Manager, Product Security Vulnerability Management at Johnson & Johnson will oversee the implementation of the ISRM Product Security Vulnerability Management Process. This role is crucial for enhancing cybersecurity resilience within the MedTech business by collaborating with various internal organizations, supporting product vulnerability assessments, and ensuring effective communication of security metrics and strategies.

Responsibilities

Support the integration of ISRM vulnerability management process into Business Unit Quality Management Systems.
Ensure cybersecurity-enabled products or other compensating security control technologies reduce identified risk to an acceptable level.
Perform cyber defense trend analysis and reporting.
Map event correlation using information gathered from various sources to gain situational awareness and assess attack effectiveness.
Participate in security reviews and identify security gaps in architecture, recommending risk mitigation strategies using threat modeling.
Conduct research, analysis, and correlation across diverse data sets for indications and warnings.
Collaborate with ISRM capabilities to ensure comprehensive risk analysis during high exploit vulnerabilities.
Provide input to Risk Management Framework process activities and related documentation.
Support the creation of remediation plans for vulnerabilities identified during risk assessments.
Contribute to the Coordinated Vulnerability Disclosure process through the generation of vulnerability memos.

Requirements

Bachelor's degree or equivalent in Computer Science or similar engineering discipline.
Minimum 8 years relevant experience, or equivalent combination of education/experience.
Experience in Vulnerability Management, including scanning, remediation, stakeholder engagement, system administration, and engineering.
Experience with SBOM creation/scanning automation.

Nice-to-haves

Experience in APIs Security, Vulnerability Scan, compliance and threat detection, OWASP Top 10 API Security, Web App Security, AppSec, SAST, DAST, and SCA.
Understanding of enterprise components for publishing and using APIs (e.g., API Gateways, Microservices, Cloud Components).
Experience with API security testing, vulnerability scanning, and compliance reporting.
Familiarity with Postman Collections, Swagger, OpenAPI, and other formats for testing REST APIs.
Healthcare medical equipment network integration management experience.
Cybersecurity management experience, preferably with medical devices.

Benefits

Medical insurance
Dental insurance
Vision insurance
Life insurance
Short- and long-term disability insurance
Business accident insurance
Group legal insurance
401(k) retirement plan
Vacation time (up to 120 hours per year)
Sick time (up to 40 hours per year)
Holiday pay (up to 13 days per year)
Floating Holidays
Work, Personal and Family Time (up to 40 hours per year)

Manager, Product Security Vulnerability Management

About the position

Responsibilities

Requirements

Nice-to-haves

Benefits

Tools

Career Hubs

Guides

Company