Experienced Analyst, OT Cybersecurity Engineering

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at jnj.com.

As guided by Our Credo, Johnson & Johnson is responsible to our employees who work with us throughout the world. We provide an inclusive work environment where each person is considered as an individual. At Johnson & Johnson, we respect the diversity and dignity of our employees and recognize their merit.

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Security & Controls

Job Category:

Scientific/Technology

All Job Posting Locations:

São José dos Campos, São Paulo, Brazil

Job Description:

We are searching for the best talent for Experienced Analyst, Operational Technology Cybersecurity Engineering
 

Johnson & Johnson is currently recruiting for an Experienced Analyst Operational Technology Cyber Security within the Information Security and Risk Management (ISRM) organization.
 

This position is based out São José dos Campos, Brazil or Warsaw, Poland.

Caring for the world, one person at a time, has inspired and united the people of Johnson & Johnson for over 135 years. We embrace research and science -- bringing innovative ideas, products, and services to advance the health and well-being of people.
 

As a member of the Operational Technology Cybersecurity Engineering team, you will be supporting one or more of the global OT Security platforms, solutions, and services. Leading, developing, engineering, deploying, supporting, integrating, demonstrating, training, and tuning activities related to J&J's OT Security platforms, collaborating with Vulnerability Management, Security Monitoring, IT Network, and other OT teams.
 

This position will also partner with internal ISRM teams such as the Supply Chain security, Cyber Security Operations Center (CSOC), and other groups under the J&J Technology umbrella, including but not limited to End User, Server, and Network support.

Key Responsibilities:

• Lead one or more global technologies in our OT Security Engineering team which offers global defense in depth security capabilities for IT/OT networks, controls, infrastructure, systems, and applications.
• Drive integration and automation between different IT/OT technologies.
• Support OT Cybersecurity workflows, to assess risk, increase visibility and reduce impact of vulnerabilities across the OT environment.
• Test and validate security controls throughout the different phases of the Cyber Kill Chain, and the MITRE ATT&CK framework to prevent, detect, and respond.
• Generate innovative threat behavior analytics for discovering historical and emerging threats to OT networks and systems.
• Implement detection strategies based on internal and external intelligence reporting and vulnerability research.
• Perform administrative tasks associated with tuning, alerts, correlation rules, signatures, device configurations, patching, and upgrades.
• Establish and maintain relationships with the suppliers, vendors, and partners in the automation and OT security industry.
• Assists with security events/incidents, coordinating activities with the CSOC and others – as needed.

Qualifications

Education:

• A bachelor's degree or equivalent experience in the information security or information technology sector

Experience and Skills

Required:

• Hands-on scripting and automation skills (e.g., Python, PowerShell, Bash) for building integrations, automating workflows, and extending platform functionality.
• Operational Technology (OT) / (ICS) cybersecurity expertise, with practical experience securing endpoints, HMIs, and engineering workstations.
• Strong foundation in information security principles, with proven ability in debugging, root cause analysis, and forensic investigation in mixed IT/OT environments.
• Experience engineering, installing, configuring, and operating security solutions and appliances across large-scale, hybrid environments (AWS, Azure, GCP, on-prem).
• Ability to engineer, customize, and extend endpoint management and visibility platforms in OT environments, including developing integrations, automation, and product-level enhancements.
• Familiarity with agile frameworks and DevSecOps practices, with the ability to deliver iteratively while maintaining reliability in high-risk environments.
• Proven track record leading complex implementations, demonstrating risk-aware problem solving and balancing security with operational continuity.
• Strong communication skills (written and verbal), able to translate technical details into clear guidance for both technical and non-technical stakeholders.
• Knowledge of security frameworks and standards (NIST CSF, CIS Controls, OWASP, SANS) and ability to apply them pragmatically in OT contexts.
• Working knowledge of the MITRE ATT&CK framework, including OT-specific TTPs, and ability to map telemetry to adversary behaviors.
• Experience collaborating with distributed, global teams, working effectively across diverse cultural and technical backgrounds.

Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

Please note that this role is available across multiple countries and may be posted under different requisition numbers to comply with local requirements. While you are welcome to apply to any or all of the postings, we recommend focusing on the specific country(s) that align with your preferred location(s):
 

Sao Jose dos Campos [Brazil] - Requisition Number: [R-077603]

Sao Paulo [Brazil] - Requisition Number: [R-078700]
Warsaw [Poland] - Requisition Number: [R-078700]

Remember, whether you apply to one or all of these requisition numbers, your applications will be considered as a single submission.

 

 

Required Skills:

 

 

Preferred Skills:

Analytical Reasoning, Communication, Corrective and Preventive Action (CAPA), Industry Analysis, Information Security Auditing, Information Security Management System (ISMS), Information Technology (IT) Security Assessments, Information Technology Strategies, Mentorship, Process Oriented, Risk Assessments, Root Cause Analysis (RCA), Security Policies, Solution Architecture, Technologically Savvy, Vulnerability Assessments