Manager - SOC Automations at Johnson & Johnson

Job Description

• This position may require up to 25% travel (domestic and international). 
• Remote work options may be considered on a case-by-case basis and if approved by the Company.
• Caring for the world, one person at a time has inspired and united the people of Johnson & Johnson for over 130 years. We embrace research and science -- bringing innovative ideas, products, and services to advance the health and well-being of people. At Johnson & Johnson, we believe good health is the foundation of vibrant lives, thriving communities and forward progress. That’s why for more than 130 years, we have aimed to keep people well at every age and every stage of life. Today, as the world’s largest and most broadly-based healthcare company, we are committed to using our reach and size for good. We strive to improve access and affordability, create healthier communities, and put a healthy mind, body and environment within reach of everyone, everywhere. Every day, our more than 130,000 employees across the world are blending heart, science and ingenuity to profoundly change the trajectory of health for humanity. Thriving on a diverse company culture, celebrating the uniqueness of our employees and committed to equity. Proud to be an equal opportunity employer.
• We are embarking on a major strategic transformation of our Cyber data analytics, automation and intelligence over the next 3 years. This is an exciting opportunity to be a member of our J&J Information Security and Risk Management (ISRM) organization who will work at the intersection of business strategy, human-centred design, and emerging technology platform/program delivery.
• The Cyber Data SOC Automation Manager will engineer critical cyber data automation solutions to more accurately detect, protect and respond to cyber vulnerabilities, threat or events. The candidate will perform hands-on the full engineering life cycle. It includes internal and external partner's engagement, architecture alignment, to shape the product vision / capability / technology evolution, to own and deliver the product projects and to ensure solid continuous Dev/OPS. The candidate will pay continuous attention to enhance the product delivered business value, user experience and capabilities while optimizing its full costs and technical reliability / simplicity.

This exciting and unique role is bridging 2 Key Domain Expertise’s:

• the cyber world with network security, end point security, app security, vulnerability DB, SIEM's, identity and authorization management.
• the data engineering/analytics/ automation world: ingesting and blending data from multiple systems and building advanced solutions to automate and enrich the ISRM and cyber tasks and data flows.

Specific Responsibilities

• Proactively engage with her/his internal key cyber security business & IT partners to empathize with their strategic, tactical and analytical needs, focusing on the following teams: Cyber Security Operations, Network Security, End Point Security, Identity and Access Management, IT Risk Management, Cyber Architecture & Vulnerability Assessments, Business Risk Management.
• Balance business value with technical feasibility while prioritizing features, optimizing cost and improving delivery efficiency
• Build and maintain ISRM data & SOAR automation, translating user stories from the backlog into working code, using modern design patterns and architectural principles
• Lead a global security automation program that focuses on the orchestration of security workflows that dramatically increases speed to value, reduces human error, and empowers CSOC members when performing security incident triage and resolution.
• Maintain and fix any issues related to the Cortex XSOAR platform to ensure minimal downtime, working with the vendor as necessary.
• Develop a wide gamut of Cortex XSOAR integrations and playbooks with security tools and services within Johnson & Johnson.
• Write code that is high quality, well documented, and efficient and is easy to maintain and update. Move code through environments and into production (e.g. Release Process).
• Drive testing and deployment of software solution, including ensuring automated testing to ensure solution quality
• Improve operational efficiency by developing additional automation tools and scripts (e.g., CI/CD automation)
• Build and operate infrastructure, toolset, and deployment pipelines
• Work closely with other Software Engineers and QAs to understand the system end-to-end
• Support product owner in defining stories and Lead Engineer in defining technical solutions
• Manage technical debt, including vulnerability scanning
• Provide ongoing solution support, incl. incident and problem management (L2+), root cause analysis, request fulfilment, security compliance, fault repair, resiliency testing, and observability

Qualifications
Required:

• A minimum of a Bachelor’s Degree in Computer Science is required, or equivalent years of experience in a comparable role with a demonstrable track record of successful experiences 
• A minimum of 6 years of Cyber security data engineering and SIEM experience is required, preferably in a large global organization with at least 2 years’ experience in Python and SQL coding. Experience must include architecture, engineering, and operational support of those solutions.
• Excellent hands-on, multi-functional skills in multiple technology areas such as servers, network, data center and applications
• Experience within highly regulated GxP or SOx environment
• Strong presence, influencing, collaboration, information-sharing and organizational skills
• Intermediate skills, verbal and written, in English communication
• Ability to work independently, in fast paced environment and prioritize in parallel while managing expectations. Curious and fast learner
• Exercise independent judgment, strong decision making and problem solving for key processes
• Must have a strong customer service orientation, eye for business value, and a bias for action.
• Great teammate, works with virtual, global teams – including diverse groups of people with varied backgrounds and cultural experiences
• experience in leading mid-sized technical IT projects end-to-end, influencing others without having supervisory responsibility
• Experience in a multi-platform, multi-vendor large enterprise
• A constant learner, look for new ways to implement features and functions that creates higher levels of customer satisfaction.

Preferred:

• An Advanced Degree in IT 
• Cyber certification: CISSP or CISM with deep expertise of network / server / db / app / user security, configuration and cyber related data points
• Solid experience in engineering SOAR / SIEM IT data products to mine, blend, process, and analyze very large volumes of structure, semi and unstructured data (gigabytes and terabytes) at high velocity
• Experience integrating with security tools and services through diverse APIs.
• Experience working with ServiceNow, both from a user and programmatic standpoint
• Hands-on experience with SIEMs and associated investigations and alerting within them is a plus.
• Experience in advanced SQL query development & database modelling is a plus.
• Agile Scrum / Product Owner / PMP certification is a plus.