GE HealthCare Staff Cyber Security Architect 

India, Karnataka, Bengaluru 

131139262

Roles and Responsibilities

• Own development of cyber security artifacts including threat model and lead discussion on identifying mitigations.
• Assist the Engineering teams in triaging and identification of fix for detected product vulnerabilities.
• Interact with internal / external teams to co-ordinate security and privacy assessments which includes VAPT to determine compliance and security posture.
• Regularly monitor the cyber security vulnerabilities in the 3rd part libraries used in the product and ensure those vulnerabilities are addressed in a timely manner
• Respond to Cyber Security Inquiries for GE HealthCare and OEM Products
• Respond to customer complaints related to Cyber Security issues in the products
• Document security artifacts based on GE HealthCare Quality System
• Assess the security for software/Product architecture – guide the product architects to ensure security is built into at the design level itself.
• Verify that security and privacy requirements defined in the security plans, policies, and procedures are followed and protection measures are functioning as intended.
• Assist business units in the development and implementation of product security and Privacy practices including policies, standards, guidelines, and procedures.
• Assess SAST and DAST reports, analyse the findings and work with development teams to fix the findings
• Security Point of Contact for development teams to ensure GEHC SDLC principles are adhered

Desired Experience

• Bachelor’s degree in engineering
• Should have 7+ years of development and security experience which includes application security, mobile security, network security, OS security and Cloud Security.
• Product/Information security experience in all phases of service/product development and deployment including architecture, design, development, testing and deployment.
• Good understanding of AWS services, specifically related to security.
• Experience in designing security solutions.
• Strong knowledge of Microsoft STRIDE Threat Model tool and framework
• Hands-on experience in execution and review of Static & Dynamic Code Analysis reports and ability to discuss with development teams for true positives.
• Experience and knowledge of penetration testing methodologies and tools.
• Knowledge of information system architecture and security controls (e.g., firewall, specialized appliances)
• Sound understanding of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA), OAUTH authentication, 2FA
• Willingness to learn new technologies and work on security for varied products.
• Understanding of NIST 800-53, NIST CSF, ISO27001 standards

Preferred Skills

• Exposure to privacy requirements - HIPAA, GDPR, DPDP Act
• Excellent Cyber Security capabilities
• Strong knowledge of secure software development lifecycle and practices such as threat modelling, security reviews, penetration tests, and security incident response
• Understanding of security by design principles and architecture level security concepts
• Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
• Ability to relate cyber security incidents from cross-industries.
• Good to have security certifications like CompTIA Security+, CEH