Associate Analyst, Enterprise Threat and Vulnerability Management Job

Company Name:
Johnson & Johnson Services Inc. (6090)
Raritan, NJ, US
Associate Analyst, Enterprise Threat and Vulnerability Management
Johnson & Johnson is actively recruiting for an Associate Analyst, Enterprise Threat and Vulnerability Management. This position will be based in Raritan, NJ.
Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 125 years. We embrace research and science -- bringing innovative ideas, products and services to advance the health and well-being of people. Employees of the Johnson & Johnson Family of Companies work with partners in health care to touch the lives of over a billion people every day, throughout the world.
With $71.3 billion in 2013 sales, Johnson & Johnson is the world's most comprehensive and broadly based manufacturer of health care products, as well as a provider of related services, for the consumer, pharmaceutical, and medical devices and diagnostics markets. The more than 250 Johnson & Johnson operating companies employ approximately 127,000 people in 60 countries throughout the world.
Thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to inclusion. Proud to be an equal opportunity employer.
Johnson & Johnson recognizes that information is a critical business asset and that our ability to manage, control and protect this asset will have a direct and significant impact on our success as a business. To meet this business imperative, Johnson & Johnson information assets, as well as the systems/applications used to store and transmit them, must be appropriately protected at all times. At the core, the approach to information security within Johnson & Johnson is to identify and put a value on information assets, identify vulnerabilities in information systems/applications and the threats to those systems, assess the degree of protective measures required and implement appropriate protective solutions.
The Associate Analyst, Enterprise Threat and Vulnerability Management is responsible for monitoring and responding to all threat and vulnerability information that could impact Johnson & Johnson? IT infrastructure/applications.
Assist in the Implementation and management of Cloud based Vulnerability Management tool; QualysGuard, across Johnson & Johnson Globally. Provide L2 support of QualysGuard in both web application and infrastructure domains. Coordinate and collaborate with business units and IT leadership to provide vulnerability scanning, threat assessments and remediation steps. Analyze, assess, and report data from scans to management in an effort to measure J&J? ability to address new and existing threats and vulnerabilities. Analyze threat intelligence, implement and utilize various security tools to respond to security threats and and reports information about new threats and vulnerabilities to appropriate parties. Reports performance goal results to management. Assist with security events/incidents, supporting incident response activities with Global Security Operations Center, SOC L2, Operations, and others ?as appropriate. Maintain knowledge of applicable Security Operations policies, regulations, and compliance documents specifically related to security. Continue to stay up-to-date on current security threats by monitoring intelligence feeds. Identify emerging threats that could have an adverse impact on the goals or operations of the enterprise. Create enterprise security documents (guidelines and procedures) pertaining to the operational management of the security monitoring infrastructure across multiple systems and applications within the controlled environment.Assist in the analysis of potential changes and new approaches to security, in consideration of costs, performance issues, risks, and business needs.
Associated Degree required. Bachelor? Degree preferred. Minimum of 1 year of experience in the information management, information technology, and/or information security fields with a proven track record of accomplishment is required. Strong technical background and experience in technical risk assessments and security exposure analyses of systems, networks and business applications is preferred. Experience with vulnerability management tools, QualysGuard preferred. Certifications such as the CompTIA Security + or SANS GIAC certifications are highly preferred. Understanding of the J&J enterprise and a detailed understanding of the J&J Information Asset Protection Policies is preferred. Ability to apply policies to the J&J IT infrastructure and operating company information security requirements required. Must be willing and able to assist with the strategic information security direction for J&J and present to management, recommend new policy requirements and recommend program management decisions on relevant information security programs preferred. Report on status of information security and recommend changes to improve overall information security posture preferred. Make independent and binding determinations of whether requirements are being met by Global Operations required. Identify and evaluate appropriate external service providers, recommend the establishment or revision of information security policies based on new technology or benchmarking input preferred. Ensure that information security programs are meeting stated objectives preferred.
Primary Location:
North America-United States-New Jersey-Raritan
Johnson & Johnson Services Inc. (6090)
Job Function:
Info Technology
Certain sites within the Johnson & Johnson Family of Companies participate in E-Verify as appropriate in accordance with Company guidelines and federal or state law. To learn more about the government sponsored program and to see a list of the sites that are currently enrolled, please click here.
Johnson and Johnson Family of Companies are equal opportunity employers, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, national origin, protected veteran status, or disability status, or any other characteristic protected by law.
EEO is the Law
EEO is the Law GINA Supplement

Don't Be Fooled

The fraudster will send a check to the victim who has accepted a job. The check can be for multiple reasons such as signing bonus, supplies, etc. The victim will be instructed to deposit the check and use the money for any of these reasons and then instructed to send the remaining funds to the fraudster. The check will bounce and the victim is left responsible.