The Product Security and Services team within Johnson & Johnson s Information Security & Risk Management (ISRM) is recruiting for a Lead Penetration Tester responsible for supporting the J&J Enterprise Penetration Testing program. In this position, the preferred location is Fort Washington, PA or Raritan, NJ.
The Lead Penetration Tester will join the Johnson & Johnson Product Security and Services team, whose overall mission is to ensure enterprise systems and marketed products of the Johnson & Johnson Family of Companies are built on Cybersecurity best practices and Cybersecurity Risks are properly managed.
The main responsibility of this role is to help ensure software, hardware, and related components supporting systems and products of the J&J Family of Companies are protected from cyber-attacks. In this role, you will be a part of a growing team, and will be contributing to the development of the penetration testing security services and practices for Johnson & Johnson. Your responsibilities will include penetration testing, handling 3rd party partners, identifying and communicating key strategies and goals, partnering with internal organizations on process and policy enhancements, identifying communication plans and raising overall awareness of cybersecurity for platforms and capabilities. This is critical for patient safety and confidence in Johnson & Johnson products and for security of Johnson & Johnson enterprise systems.
Engages in Credo-based decision-making
Conduct penetration tests individually and/or as part of the team and create reports.
Identify and contribute to Pen testing services strategy and goals
Partner with internal organizations to enhance existing processes and policies
Define, create and communicate metrics to management
Partner with external organizations and industry groups to represent Johnson & Johnson
Provide security architecture guidance / review for enterprise systems and products
Assist in investigations of J&J security incidents by providing a technical evaluation / recreation of the compromise
Oversee 3rd party product penetration tests and perform internal product penetration tests as needed
Conduct technical research on new vulnerabilities / exploits / methods and help determine overall risk to J&J assets
Provide periodic training opportunities to Product Security Managers on technical security topics related to attack / defense of products
Evaluate or develop new tools / methods to assist in penetration testing.
A Bachelor s degree is preferred or equivalent experience preferably in computer science, risk management, security, or a related area.
A minimum of five (5) years of information security applications and systems experience is required
A minimum of three (3) years of experience with programming using at least one of the following: PHP, Perl, Python, ruby, bash, including scripting and editing existing code is required
A minimum of three (3) years of experience with mobile (IOS / Android) penetration testing is required
A minimum of three (3) years of experience with web services and API penetration testing is required
CISSP and an industry recognized web application pen testing certification (ex. OSWE, GWAPT) are required
Working knowledge of pen testing tools including but not limited to Metasploit, Burp Suite, Wireshark, Kali (or other pen testing distro) is required
Knowledge of database management systems such as MySQL, SQL Server, PostgreSQL, and Oracle is preferred
Advanced working knowledge of at least one of the following operating systems: Windows, Linux, MacOS is preferred
One or more of the following certifications are desired: CSSLP, CISM, GMOB
Travel percentage 20% domestic and/or international travel may be required
Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
Primary Location United States-New Jersey-New Brunswick- Other Locations North America-United States-Pennsylvania-Fort Washington, North America-United States-New Jersey-Raritan Organization Johnson & Johnson Services Inc. (6090) Job Function Information Security Requisition ID 235#######