Lead Penetration Tester

  • Fort Washington, PA


: $150,470.00 - $150,470.00 /year *

Employment Type

: Full-Time


: Information Technology

Loading some great jobs for you...

The Product Security and Services team within Johnson & Johnson s Information Security & Risk Management (ISRM) is recruiting for a Lead Penetration Tester responsible for supporting the J&J Enterprise Penetration Testing program. In this position, the preferred location is Fort Washington, PA or Raritan, NJ.

The Lead Penetration Tester will join the Johnson & Johnson Product Security and Services team, whose overall mission is to ensure enterprise systems and marketed products of the Johnson & Johnson Family of Companies are built on Cybersecurity best practices and Cybersecurity Risks are properly managed.

The main responsibility of this role is to help ensure software, hardware, and related components supporting systems and products of the J&J Family of Companies are protected from cyber-attacks. In this role, you will be a part of a growing team, and will be contributing to the development of the penetration testing security services and practices for Johnson & Johnson. Your responsibilities will include penetration testing, handling 3rd party partners, identifying and communicating key strategies and goals, partnering with internal organizations on process and policy enhancements, identifying communication plans and raising overall awareness of cybersecurity for platforms and capabilities. This is critical for patient safety and confidence in Johnson & Johnson products and for security of Johnson & Johnson enterprise systems.

Key Responsibilities:
  • Engages in Credo-based decision-making
  • Conduct penetration tests individually and/or as part of the team and create reports.
  • Identify and contribute to Pen testing services strategy and goals
  • Partner with internal organizations to enhance existing processes and policies
  • Define, create and communicate metrics to management
  • Partner with external organizations and industry groups to represent Johnson & Johnson
  • Provide security architecture guidance / review for enterprise systems and products
  • Assist in investigations of J&J security incidents by providing a technical evaluation / recreation of the compromise
  • Oversee 3rd party product penetration tests and perform internal product penetration tests as needed
  • Conduct technical research on new vulnerabilities / exploits / methods and help determine overall risk to J&J assets
  • Provide periodic training opportunities to Product Security Managers on technical security topics related to attack / defense of products
  • Evaluate or develop new tools / methods to assist in penetration testing.

  • A Bachelor s degree is preferred or equivalent experience preferably in computer science, risk management, security, or a related area.
  • A minimum of five (5) years of information security applications and systems experience is required
  • A minimum of three (3) years of experience with programming using at least one of the following: PHP, Perl, Python, ruby, bash, including scripting and editing existing code is required
  • A minimum of three (3) years of experience with mobile (IOS / Android) penetration testing is required
  • A minimum of three (3) years of experience with web services and API penetration testing is required
  • CISSP and an industry recognized web application pen testing certification (ex. OSWE, GWAPT) are required
  • Working knowledge of pen testing tools including but not limited to Metasploit, Burp Suite, Wireshark, Kali (or other pen testing distro) is required
  • Knowledge of database management systems such as MySQL, SQL Server, PostgreSQL, and Oracle is preferred
  • Advanced working knowledge of at least one of the following operating systems: Windows, Linux, MacOS is preferred
  • One or more of the following certifications are desired: CSSLP, CISM, GMOB
  • Travel percentage 20% domestic and/or international travel may be required

Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Primary Location
United States-New Jersey-New Brunswick-
Other Locations
North America-United States-Pennsylvania-Fort Washington, North America-United States-New Jersey-Raritan
Johnson & Johnson Services Inc. (6090)
Job Function
Information Security
Requisition ID

Associated topics: automation, performance test, prevent, quality assurance, quality assurance analyst, quality assurance engineer, software quality, software quality engineer, test, test engineer
Associated topics: automation, performance test, quality assurance, quality assurance analyst, quality assurance lead, software quality, software quality assurance, software quality engineer, test engineer, tester

* The salary listed in the header is an estimate based on salary data for similar jobs in the same area. Salary or compensation data found in the job description is accurate.

Launch your career - Upload your resume now!

Upload your resume

Loading some great jobs for you...