Job Description - Lead Engineer OT Cyber Security Engineering (2406210464W)DescriptionLead, Operational Technology Cybersecurity EngineeringJohnson & Johnson is currently recruiting for a Senior Engineer Operational Technology Cyber Security within the Information Security and Risk Management (ISRM) organization.This position is based out Warsaw, Poland.Caring for the world, one person at a time, has inspired and united the people of Johnson & Johnson for over 135 years. We embrace research and science -- bringing innovative ideas, products, and services to advance the health and well-being of people.At Johnson & Johnson, we believe good health is the foundation of vibrant lives, thriving communities, and forward progress. That is why for more than 135 years, we have aimed to keep people well at every age and every stage of life. Today, as the world's largest and most broadly-based healthcare company, we are committed to using our reach and size for good. We strive to improve access and affordability, create healthier communities, and put a healthy mind, body, and environment within reach of everyone, everywhere. Every day, our more than 130,000 employees across the world are blending heart, science, and ingenuity to profoundly change the trajectory of health for humanity.Thriving on a diverse company culture, celebrating the uniqueness of our employees, and committed to inclusion, J&J is proud to be an equal opportunity employer.As a member of the Operational Technology Cybersecurity Engineering team, you will be supporting one or more of the global OT Security platforms, solutions, and services. Leading, developing, engineering, deploying, supporting, integrating, demonstrating, training, and tuning activities related to J&J's OT Security platforms, collaborating with Vulnerability Management, Security Monitoring, IT Network, and OT teams.This position will also partner with internal ISRM teams such as the Supply Chain security, Cyber Security Operations Center (CSOC), and other groups under the J&J Technology umbrella, including but not limited to End User, Server, and Network support.Key Responsibilities:Lead one or more global technologies in our OT Security Engineering team which offers global defense in depth security capabilities for IT/OT networks, controls, infrastructure, systems, and applications.Drive integrations and automation between different IT/OT technologies.Support OT Cybersecurity workflows, to assess risk, increase visibility and reduce impact of vulnerabilities across the OT environment.Test and validate security controls throughout the different phases of the Cyber Kill Chain, and the MITRE ATT&CK framework to prevent, detect, and respond.Generate innovative threat behavior analytics for discovering historical and emerging threats to OT networks and systems.Implement detection strategies based on internal and external intelligence reporting and vulnerability research.Perform administrative tasks associated with tuning, alerts, correlation rules, signatures, device configurations, patching, and upgrades.Establish and maintain relationships with the suppliers, vendors, and partners in the automation and OT security industry.Assists with security events/incidents, coordinating activities with the CSOC and others – as needed.QualificationsEducation:A bachelor's degree or equivalent experience in the information security or information technology sector.Experience and SkillsRequired:Hands-on scripting experience (e. g., Python, PowerShell, Bash).Operational Technology (OT) or Industrial Control Systems (ICS) cybersecurity experience.Solid grasp of information security principles, debugging, root cause analysis, and investigation skills.Demonstrable skill in the installation, configuration, and operation of security solutions and appliances in a sizable mixed Cloud environments (AWS, Azure, GCP).Experience with agile framework and process.Prior experience in leading complex implementations and demonstrating risk averse problem-solving skills.Must have a strong work ethic and communication (written and verbal), allowing them to connect with technical and non-technical audiences.Knowledge of common information security management frameworks such as NIST, OWASP, SANS, CIS.Familiar with the MITRE ATT&CK model and associated TTP.Experience working with virtual and global teams, including diverse groups of people with varied backgrounds and cultural experiences.Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.
#J-18808-Ljbffr