Job Description

Summary We are looking for a Lead Product Security Analyst, with a focus in vulnerability management and incident response capability. In this role you will work in a team to identify, risk rate, communicate and track product vulnerabilities and be a part of the product incident response team.

As a key member of a global and matrixed design team, Product Cyber-security Analyst is responsible for the analysis of controllers , systems, Cloud architectures for cyber security requirements. Conduct tests to verify Cyber security levels and recommend mitigation plans for products , systems during tendering, Project execution and product development stages. You will also be responsible for secure design of cloud and Customer facing Dashboards.

This position requires a clear understanding of OT System, cloud application architecture and conversant with all Cyber security requirements. This role requires strong cooperation with system and subsystem teams necessary for command and control of the systems involved. The architect should be comfortable making design decisions in a sometimes-uncertain context, crafting innovative solutions, and demonstrating rigorous and decisive leadership.



Roles and Responsibilities

As the Lead Cyber Security Engineer, you will:

• Lead reviews ,suggest architectural changes ,conduct tests to ensure systems ,controllers, and Cloud platform meet Cyber security requirements .
• Collaborate with a team of controls and system engineers developing operational software for various subsystems.
• Collaborate with system and subsystem leads to define and develop top level software requirements, architecture and designs.
• Facilitate decisions and bring teams together to design and document software architecture, modularity, and future-proofing
• Lead development of proofs-of-concept to prove out strategy and manage development and product risks.
• Spearhead software design reviews and ensure software adherence to standards / architecture principles.
• Champion testing and validation of critical architecture and interface requirements for real time controls system software as well as application tools.
• Own production of technical documentation for software architecture, design, verification plans.
• Lead and mentor software and development engineers.
• Contribute to multi-generation product and tool planning.
• Ensure all software developed is compliant to Cyber-security requirements.
• Be able to scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment.
• Engage in incident response methods lead incident response processes related to product cyber.
• Create and track meaningful metrics around product cyber risk and compensating controls.
• Create vulnerability and incident trend analysis to improve product design.
• Maintain cyber Bills of Material and conduct proactive vulnerability monitoring and assessment on cyber components.
• Engage and administer End Of Life processes for digital products.
• Consult, architect on security requirements and utilize best practices to meet them.
• Engage in application and domain-specific threat modeling and attack surface analysis/reduction.
• Help prepare reports at appropriate levels of confidentiality for stakeholders to view.
• Responding promptly and in detail to customer-sponsored penetration tests.
• Provides guidance on automated testing tools and techniques.
• Work with multiple team in di\xef\xac\x80erent location to deliver Cyber secure software to meet customer requirements.

Education Qualification

• Bachelor /Master Degree in computer science or relevant engineering or equivalent knowledge / experience with 10+ Years of Experience.
• Significant software development experience for Cloud based systems.
• Experience in Cyber security for controller, Systems in OT Space and in Cloud architectures.
• Familiar with penetration testing for controllers, Systems ,Web software\xe2\x80\x99s, CAPEC ,Ethical hacking.
• Work on Cyber security tools like Wireshark, NESSUS, Burp Suite
• Design and development skills using latest Java/Java EE technologies and open source frameworks including Spring, JSF, Hibernate, OpenJpa and EclipseLink.
• Experienced in di\xef\xac\x80erent phases of Software Development Life cycle (SDLC) including Design, Implementation and Testing during the development of software applications.
• Extensively worked on web technologies like JavaScript, jQuery, AJAX, JSON, AngularJS, Angular 6, NodeJs, Spring, Hibernate, Spring boot, MVC, RESTful Web Services, Flux, SOAP.
• Cloud platform experience :AWS
• Database RDBMS, MySQL NoSQL databases
• Software component : MS Visual Studio, MS O\xef\xac\x83ce, MS Visio, SVN, GitHub
• Linux and Windows OS
• Extensively worked on Software Con guration Management tools like Git.
• Hands on experience with Enterprise Application and Web Application servers like Tomcat, and WLP.

About Us

GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

Disclosure of your Gender or Sexual orientation is completely Voluntary and not mandatory.

Additional Information

Relocation Assistance Provided: Yes

General Electric