Analyst Information Security

Johnson & Johnson is currently recruiting an Associate Analyst, Cyber Red Team to join the Information Security and Risk Management (ISRM) team to be based in Raritan, NJ or can work remotely in the USA. Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 130 years. We embrace research and science -- bringing innovative ideas, products, and services to advance the health and well-being of people. At Johnson & Johnson, we believe good health is the foundation of vibrant lives, thriving communities and forward progress. That’s why for more than 130 years, we have aimed to keep people well at every age and every stage of life. Today, as the world’s largest and most broadly-based healthcare company, we are committed to using our reach and size for good. We strive to improve access and affordability, create healthier communities, and put a healthy mind, body, and environment within reach of everyone, everywhere. Every day, our more than 130,000 employees across the world are blending heart, science, and ingenuity to profoundly change the trajectory of health for humanity. Thriving on a diverse company culture, celebrating the uniqueness of our employees, and committed to inclusion, J&J is proud to be an equal opportunity employer. The Associate Analyst, Cyber Red Team, will assist in research, development, and execution of real-world adversary emulations, including payload generation, vulnerability exploitation, and tools and software development. The Associate Analyst will be part of a team of security professionals focused on enabling business initiatives by assessing new and existing services, infrastructure, and applications to identify security control weaknesses. The Associate Analyst will assist Red Team operators in building and deploying end-to-end evaluations based on adversary tactics, techniques, and procedures (TTPs) to test and validate the implementation of deployed technology. They should be able to understand basic concepts such as networking, applications, and operating system functionality and learn advanced concepts such as application manipulation, exploit development, and stealthy operations. Key Responsibilities: Proactively research and identify network and system vulnerabilities and provide recommended countermeasures or mitigating controls to reduce risk to an acceptable and manageable level. Review results of network and application penetration tests to determine the severity of findings and ensure proper remediation is applied. Provide accurate and timely reporting of findings and advise on remediation and mitigation steps Convey complex technical security concepts to technical and non-technical audiences. Assist with the latest exploits, tactics, techniques, and procedures (TTP), vulnerability remediation, and Cloud security evaluations. Assist with ongoing security research against various products and infrastructure and apply that knowledge to security testing. Ability to perform the necessary threat research on enterprise systems/tools/technologies and convert that information into tooling that can be utilized in engagements Ability to identify tooling or system gaps in Red Team and build out the necessary systems/technologies or integrations to perform Red Team functions or duties. Strong analytical skills and attention to detail. Strong written and verbal communication skills with the ability to interact with technical teams and key client stakeholders. Qualifications 6+ months of relevant experience gathering requirements, understanding user needs, and collaborating with security teams is preferable; strong analytical, communication, and interpersonal skills are required. Knowledge of Windows, Linux, Unix, or any other major operating systems. Understanding of TCP/IP network protocols. Understanding and experience with various Active Directory attack techniques. Willingness to learn to evaluate security vulnerabilities, develop mitigation strategies, and implement remediation. Understanding of OWASP Top 10, CVSS, common classes of product security vulnerabilities, and attack/defense methodologies. Understanding of network security and popular attack vectors. Outstanding coordination, time management, facilitation, and organizational skills Desire to learn and grow in the identity and security space Travel percentage – up to 10% of national travel may be required. At Johnson & Johnson, we’re on a mission to change the trajectory of health for humanity. That starts by creating the world’s healthiest workforce. Through cutting-edge programs and policies, we empower the physical, mental, emotional and financial health of our employees and the ones they love. As such, candidates offered employment must show proof of COVID-19 vaccination or secure an approved accommodation prior to the commencement of employment to support the well-being of our employees, their families and the communities in which we live and work. For more information on how we support the whole health of our employees throughout their wellness, career and life journey, please visit www.careers.jnj.com. Johnson & Johnson Family of Companies are equal opportunity employers, and all qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, genetic information, national origin, protected veteran status, disability status, or any other characteristic protected by law. Primary Location United States-New Jersey-Raritan-1003 US HIghway 202 Organization Johnson & Johnson Services Inc. (6090) Job Function Info Technology Requisition ID 2206047984W