Principal Engineer, Operational Technology Cybersecurity Engineering

At Johnson & Johnson, we believe health is everything. Our strength in healthcare innovation empowers us to build a world where complex diseases are prevented, treated, and cured, where treatments are smarter and less invasive, and solutions are personal. Through our expertise in Innovative Medicine and MedTech, we are uniquely positioned to innovate across the full spectrum of healthcare solutions today to deliver the breakthroughs of tomorrow, and profoundly impact health for humanity. Learn more at

Job Function:

Technology Enterprise Strategy & Security

Job Sub Function:

Security & Controls

Job Category:

Scientific/Technology

All Job Posting Locations:

São José dos Campos, São Paulo, Brazil, Warsaw, Masovian, Poland

Job Description:

Principal Engineer, Operational Technology Cybersecurity Engineering

Johnson & Johnson is currently recruiting for a Principal Engineer, Operational Technology Cyber Security within the Information Security and Risk Management (ISRM) organization.
This position is based out Warsaw, Poland or São José dos Campos, Brazil.

Caring for the world, one person at a time, has inspired and united the people of Johnson & Johnson for over 135 years. We embrace research and science—bringing innovative ideas, products, and services to advance the health and well-being of people.

At Johnson & Johnson, we believe good health is the foundation of vibrant lives, thriving communities, and forward progress. That is why for more than 135 years, we have aimed to keep people well at every age and every stage of life. Today, as the world's largest and most broadly based healthcare company, we are committed to using our reach and size for good. We strive to improve access and affordability, create healthier communities, and put a healthy mind, body, and environment within reach of everyone, everywhere. Every day, our more than 130,000 employees across the world are blending heart, science, and ingenuity to profoundly change the trajectory of health for humanity.

Thriving on a diverse company culture, celebrating the uniqueness of our employees, and committed to inclusion, J&J is proud to be an equal opportunity employer.

Role Summary

As a Principal Engineer in the OT Cybersecurity Engineering team, you will serve as a critical link between Enterprise Architecture and OT Service Delivery—designing, building, and evolving global OT security platforms that protect Johnson & Johnson's manufacturing and supply chain environments. You will engineer and customize endpoint management and visibility solutions, integrate them seamlessly with enterprise and OT systems, and drive automation that strengthens resilience across diverse, high‑risk environments. Acting as a technical leader, you will translate architectural vision into operational reality, guiding complex implementations and ensuring our OT security platforms deliver measurable impact at global scale.

Why Join Us

At Johnson & Johnson, you'll be part of a team that safeguards the technology powering life‑changing healthcare innovations. You'll work on cutting‑edge OT security platforms that protect manufacturing and supply chain operations worldwide. This is an opportunity to apply your engineering expertise in environments where security, reliability, and human impact intersect—helping ensure that medicines, devices, and products reach the people who need them most.

Key Responsibilities

• Lead one or more global technologies within the OT Security Engineering team, delivering defense‑in‑depth capabilities for IT/OT networks, controls, infrastructure, systems, and applications.

• Engineer, integrate, and automate workflows across IT and OT security platforms.

• Support OT cybersecurity processes to assess risk, increase visibility, and reduce the impact of vulnerabilities across the OT environment.

• Test and validate security controls across the Cyber Kill Chain and MITRE ATT&CK framework to strengthen prevention, detection, and response.

• Develop innovative threat behavior analytics to identify historical and emerging threats to OT networks and systems.

• Implement detection strategies informed by internal and external intelligence reporting and vulnerability research.

• Perform administrative tasks related to tuning, alerts, correlation rules, signatures, device configurations, patching, and upgrades.

• Establish and maintain strong relationships with suppliers, vendors, and partners in the automation and OT security industry.

• Assist with security events and incidents, coordinating activities with the SOC and other stakeholders as needed.

Qualifications

Education

• Bachelor's degree or equivalent experience in Information Security, Information Technology, or a related field.

Required Experience and Skills

• Hands‑on scripting and automation skills (e.g., Python, PowerShell, Bash) for building integrations, automating workflows, and extending platform functionality.

• Operational Technology (OT) / Industrial Control Systems (ICS) cybersecurity expertise, with practical experience securing endpoints, HMIs, and engineering workstations.

• Strong foundation in information security principles, with proven ability in debugging, root cause analysis, and forensic investigation in mixed IT/OT environments.

• Experience engineering, installing, configuring, and operating security solutions and appliances across large‑scale, hybrid environments (AWS, Azure, GCP, on‑premises).

• Ability to engineer, customize, and extend endpoint management and visibility platforms in OT environments, including developing integrations, automation, and product‑level enhancements.

• Familiarity with agile frameworks and DevSecOps practices, with the ability to deliver iteratively while maintaining reliability in high‑risk environments.

• Proven track record of leading complex implementations, demonstrating risk‑aware problem solving and balancing security with operational continuity.

• Strong communication skills (written and verbal), with the ability to translate technical details into clear guidance for both technical and non‑technical stakeholders.

• Knowledge of security frameworks and standards (NIST CSF, CIS Controls, OWASP, SANS) and ability to apply them pragmatically in OT contexts.

• Working knowledge of the MITRE ATT&CK framework, including OT‑specific TTPs, and ability to map telemetry to adversary behaviors.

• Experience collaborating with distributed, global teams, working effectively across diverse cultural and technical backgrounds.

Equal Opportunity Statement

Johnson & Johnson is an Affirmative Action and Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, age, national origin, or protected veteran status and will not be discriminated against on the basis of disability.

---