Manager, Product Security DevSecOps

Johnson and Johnson is currently recruiting for a Manager, Product Security DevSecOps within the Johnson & Johnson Technology (JJT) organization.

At Johnson & Johnson, we believe health is everything.

Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated and cured, where treatments are smarter and less invasive and solutions are personal.

Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow and profoundly impact health for humanity.

Learn more at https://www.jnj.com/ .

The Manager, Product Security DevSecOps will be responsible for implementation of J&J's enterprise Product Security tooling for MedTech.

This includes identifying key strategy and goals, collaborating with internal organizations on existing process and policy enhancements, creating and communicating metrics to MedTech management, identifying communications plans and raising overall awareness of the capability.

Specific responsibilities include supporting MedTech business units throughout a new product's development phases, review product security requirements and recommend security design solutions, to ensure automation of security tooling inside of development pipelines.

Key Responsibilities:


* Design solutions to enable global cloud provisioning and migration


* Design and build software tools to enable self-service and no ops capabilities


* Guide teams working with Azure PaaS and Atlassian Services


* Guide team members working with Azure in problem solving and implementation


* Be a subject matter expert on Azure IaaS and PaaS services for the MedTech platform engineering team


* Work with tools such as Git, Azure DevOps, Artifactory, and other similar tooling


* Build and consume REST APIs


* Contribute to dev ops workflows through expert guidance and support for MedTech business unit security automation


* Applies ISRM product security policies and standards when performing all duties


* Anything a team member can do that contributes to enhanced systems reliability and availability is within scope.

Required:


* Bachelor's degree or equivalent work experience required


* 5 years of DevOps experience


* 2 years of DevSecOps Experience


* 2 years of software development experience


* Understanding of DevOps pipeline and CI/CD tools and ability to mentor and teach others complex CI/CD and application concepts


* Working knowledge of Waterfall, Agile, and primarily DevOps development methodologies


* Working knowledge of tools such as Git, Azure DevOps, Artifactory, and other similar tooling


* Experience with Agile methodologies

Preferred:


* Experience with SBOM Automation Tooling


* Familiarity with system and security design principles of medical device back-end software


* In-depth unders...