Senior Manager, Application Security - 2406161869W

　　Description

　　Senior Manager, Application Security

　　Johnson & Johnson is recruiting for an Information Security & Risk Management (ISRM) Application Security Senior Manager, located in Warsaw, Poland or Kraków, Poland. Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 130 years. We embrace research and science -- bringing innovative ideas, products, and services to advance the health and well-being of people. At Johnson & Johnson, we believe good health is the foundation of vibrant lives, thriving communities and forward progress. That’s why for more than 130 years, we have aimed to keep people well at every age and every stage of life. Today, as the world’s largest and most broadly-based healthcare company, we are committed to using our reach and size for good. We strive to improve access and affordability, create healthier communities, and put a healthy mind, body and environment within reach of everyone, everywhere. Every day, our more than 130,000 employees across the world are blending heart, science and ingenuity to profoundly change the trajectory of health for humanity. Thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to equity. Proud to be an equal opportunity employer.

　　The Application Security Senior Manager will be a member of an ISRM Application Security team which is responsible for Application Security strategy, technologies, and engineering. They will be responsible for implementing and maturing capabilities to ensure software is developed securely, and that applications and related services and communications are protected post deployment. They will own products related to Application Security Testing, API Security, Container Security, and Infrastructure as Code Security.

　　The Application Security Senior Manager will partner with Johnson & Johnson developer communities to shape practices related to DevSecOps, and to provide subject matter expertise related to securing code and applications. Additionally, as the most senior Information Security team member located in Poland, they will perform dotted-line supervisory duties in relation to onboarding, training coordination, team engagement, and culture-building.

　　Responsibilities:

　　Implement and mature Application Security capabilities (e.g., Application Security Testing, API Security, Container Security, Infrastructure as Code Security, etc.) with a focus on automation

　　Product Ownership (end to end)

　　Provide guidance and consultancy for dev teams

　　Refine the process for secure container usage

　　Ensure Infrastructure as Code automations and patterns are fit for purpose

　　Assess new patterns, methods and practices of software development as they arise for enterprise readiness and fitness for purpose

　　Participate in business planning to ensure cybersecurity capabilities are appropriately considered and reflected in roadmap

　　Connect with and report valuable metrics to senior leadership

　　Timely reporting of security incidents or significant security problems to appropriate personnel

　　Act as the main point of contact for security issues for their area of influence

　　Assist with managing and growing a global team

　　Qualifications

　　Qualifications

　　A Bachelor’s degree and a minimum of 8 years of progressive experience in the information security or information technology sector

　　Proficiency in English language

　　Experience with Product Ownership

　　Knowledge of common information security management frameworks such as NIST, OWASP, SANS, CIS

　　Deep understanding of the software development process in several languages and technologies (e.g., Javascript, PHP, Java, Python, C#, .net, C , Go, etc.)

　　Full comprehension of container orchestration methods and the opportunities to automate security practices within them

　　Deep understanding of the Open Source Software ecosystem including package managers, vulnerability assessment, and licensing risk

　　Experience with API Security

　　Superb communication and collaboration skills; able to network and influence various levels of the organization, cross sector, cross-functionally and globally

　　Innovative thinking and leadership with an ability to lead and empower cross-functional, interdisciplinary teams

　　Experience working in complex, fast-paced environments

　　Ability to drive to short timelines

　　Innate interest in people management, team building, and coaching

　　Strong external networking experience

　　Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

　　Primary Location Europe/Middle East/Africa-Poland-Mazowieckie-Warsaw

　　Organization Johnson & Johnson (Poland) Sp. z.o.o. (7815)

　　Job Function Infrastructure Engineering – Server/Data Center

　　Req ID: 2406161869W