Staff Cyber Security Engineer

Job Description Summary In this role you will be responsible to design, develop and maintain the Security posture of the enterprise level application/s. As a Cyber Security expert, you will need to work with various development process tools including threat modeling, compliance, test automation, and vulnerability technologies. You should be able to work with variety of operating systems mainly Unix and Linux based systems, programming tools, encryption, and security controls.

GE HealthCare is a leading global medical technology and digital solutions innovator. Our purpose is to create a world where healthcare has no limits. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world. Job Description

• Design, develop and maintain the Security posture of the enterprise level applications.
• Work with various development process tools including threat modeling, compliance, test automation, and vulnerability technologies.
• Provide technical and process expertise for Privacy & Security throughout activity life cycle.
• Conduct or support conduct of, security risk assessments, risk gap analyses and remediation plan development.
• Security Compliance maintenance and assurance
• Promote design-in of security to products, platforms, services, and processes.
• Manage the security vulnerabilities and risks across different applications including identifying, supporting application/system owners to manage risks and remediate vulnerabilities.
• Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (i.e., local computing environment, network and infrastructure, enclave boundary, and supporting infrastructure) and facilitate vulnerability mitigation.
• Develop and support conduct of training and awareness initiatives in the areas of privacy and security.
• Preparation of business cases for the implementation of control and compliance programs
• Support formulation of data security / privacy related proposal text and RFP response
• Managing adaptation and implementation of security and privacy programs in a complex, technology-oriented organization
• Identify business needs and/or customer sensitivities in the realms of security, risk, and compliance and develop solutions or services around those needs.
• Coach and mentor engineering / DevOps teams to evaluate security tools, develop proof-of-concepts, and integrate tools into the DevOps pipeline.
• Coach and mentor secure design, coding and testing initiatives.
• Manages the design, development, implementation, and operations of all security technologies for business units information security functions.
• Responsible for interpreting privacy and security regulatory guidelines from different countries and guiding the organization on implementation for meeting.
• Communicate in a concise and effective manner changes to be implemented to the organization.
• Create / Review documentation for conformance to a set of privacy and security requirements.

• Bachelor s Degree in Computer Science or STEM Majors (Science, Technology, Engineering and Math)

• 9+ years of development and security experience which includes application security, OS security, Vulnerability assessments / resolution.
• Desired Skills:
• Product/Information security experience in all phases of service/product development and deployment including architecture, design, development, testing and deployment.
• Experience in designing security solutions and threat modeling.
• Experience in Security tooling and scans such as NESSUS, STIGs
• Know-how of Healthcare domain, regulatory needs such as 510(K), HIPAA, GDPR.
• Exposure to DOD (Department of Defence), VA (Veterans Affairs) practices and processes
• Hands-on experience in review of Static Code Analysis reports and ability to discuss with development teams for true positives.
• Sound understanding of various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA).
• Experience and knowledge of penetration testing methodologies and tools.
• Conducting information security analyses, audits, and reviews
• Willingness to learn new technologies and work on security for varied products.
• Solid security expertise in Containers, Kubernetes, and so on.
• Should have experience in transforming DevOps to DevSecOps with exposure to tools, processes, governance.
• Should guide junior members in team Vulnerability Assessment, Tooling, Security Solutioning
• Mandatory to have at least one security certifications like OSCP/CCSP/CISSP Ideal candidate would have worked on the software development initially and then graduated in to either -Software/Lead/security assessments ensuring security in the product design
• Knowledge of information system architecture and security controls (e.g., firewall and border router configurations, wireless architectures, specialized appliances)
• Sound implementation Knowledge of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA), OAUTH authentication, 2FA.

• Experience in Java, Angular, C++ (Optional)
• Excellent communication skills and the ability to interface with Architects and technical leadership with confidence and clarity.
• Should be obsessed with code quality, code performance and tools usage.
• Experience with Unix / Linux based programming and system knowledge.
• Experience working on software projects in the Healthcare domain.
• Experience in Security practices, Vulnerability Assessment etc.