Job Description

Summary GE Digital is seeking a seasoned Senior Cyber Security Engineer capable of developing cutting-edge cyber security detection solutions. This role will also be a driving force behind the adoption of new detection technologies based on behavioral analytics and machine learning. This position is responsible for leading the development of enterprise platforms that enable the monitoring, automation, and orchestration of GE's network security platforms, including both physical and virtual IDS, and big-data analytics. The Senior Cyber Security Engineer will be expected to leverage open-source technology and industry standard programming languages to enhance cyber security operations. Success in this role will require delivery of engineering, software development, and build-automation projects in an agile environment.

GE Healthcare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.



Roles and Responsibilities

In this role, you will provide privacy and security technical expertise in support of the product team throughout product development, design change, and life-cycle management. Work with the stakeholder to support the product team with process expertise for the product cybersecurity standard and life-cycle management. Product cybersecurity development responsibilities:

Work with the stakeholders to deliver Product Cybersecurity Standard artifacts

Design input activities to identify, evaluate, roadmap, and drive cybersecurity and privacy features and enhancements within product development programs

Create cybersecurity artifacts for privacy and security risk assessments to engage in domain-specific product threat modeling, attack surface analysis, risk management and reduction

Coordinates with the stakeholders to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments

Lead product Security Technical Design Reviews

Along with the product team you will be responsible for the compliance to the Product Cybersecurity Standard

Stay current on healthcare privacy trends and regulatory environment (i.e. FDA (Food and Drug Administration), HIPAA (Health Insurance Portability and Accountability Act), GDPR (General Data Protection Regulation), etc.) to effectively communicate privacy awareness with the product team.

Participate as an SME to determine product vulnerability impact, investigation, and risk assessment

Responsible for product vulnerability mitigation and design change

Conduct Source code review and discuss with development teams in mitigating the issues and eliminating false positives.

Good to have experience in Rest API security testing and recommending best practices while opting for OAuth or OpenId Connect

Educational Qualification:

Bachelor's Degree in Computer Science or "STEM" Majors (Science, Technology, Engineering and Math) with Minimum 6+ Years of experience

Desired Characteristics:

Knowledge of security fundamentals like below (but not limited to)

CIA (Confidential, Integrity, Availability)

STRIDE (Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, Elevation of privileges)

Mandatory Minimum Security Requirements (MMSR)

Security Controls - Authentication, Authorization, etc..

Vulnerabilities - Causes and types, Zero-day vulnerability

Risks, Threats and Threat landscape

Common Cyber Attacks - Practical Strategies for Identification, Containment and Mitigation (DoS (Denial-of-Service), Malware attacks, Session attacks and MiM (Man in the middle attack), Phishing, XSS (Cross-site Scripting), SQL injection, etc..)

Defense in Depth

Knowledge of building a threat model for a product and analyzing the outcome

Knowledge of security testing like Penetration testing and analyze the report and product impacts

Hand-on knowledge on Secure Coding practice

Good to have

Certifications - OSCP (Offensive Security Certified Professional certification), CCSP (Certified Cloud Security Professional)

Languages - Preferable Java, Good to have Java with C++ experience

Proven experience in breaking the vulnerable boxes

Adaptable to learn new skills or technologies as per business needs

Inclusion and Diversity

GE Healthcare is an Equal Opportunity Employer where inclusion matters. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership - always with unyielding integrity.

Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you'd expect from an organization with global strength and scale, and you'll be surrounded by career opportunities in a culture that fosters care, collaboration and support.

#LI-IC1

Additional Information

Relocation Assistance Provided: No