Own development of cyber security artifacts including threat model and lead discussion on identifying mitigations.
Assist the Engineering teams in triaging and identification of fix for detected product vulnerabilities.
Interact with internal / external teams to co-ordinate security and privacy assessments which includes VAPT to determine compliance and security posture.
Regularly monitor the cyber security vulnerabilities in the 3rd part libraries used in the product and ensure those vulnerabilities are addressed in a timely manner
Respond to Cyber Security Inquiries for GE HealthCare and OEM Products
Respond to customer complaints related to Cyber Security issues in the products
Document security artifacts based on GE HealthCare Quality System
Assess the security for software/Product architecture – guide the product architects to ensure security is built into at the design level itself.
Verify that security and privacy requirements defined in the security plans, policies, and procedures are followed and protection measures are functioning as intended.
Assist business units in the development and implementation of product security and Privacy practices including policies, standards, guidelines, and procedures.
Assess SAST and DAST reports, analyse the findings and work with development teams to fix the findings
Security Point of Contact for development teams to ensure GEHC SDLC principles are adhered
Desired Experience
Bachelor’s degree in engineering
Should have 7+ years of development and security experience which includes application security, mobile security, network security, OS security and Cloud Security.
Product/Information security experience in all phases of service/product development and deployment including architecture, design, development, testing and deployment.
Good understanding of AWS services, specifically related to security.
Experience in designing security solutions.
Strong knowledge of Microsoft STRIDE Threat Model tool and framework
Hands-on experience in execution and review of Static & Dynamic Code Analysis reports and ability to discuss with development teams for true positives.
Experience and knowledge of penetration testing methodologies and tools.
Knowledge of information system architecture and security controls (e.g., firewall, specialized appliances)
Sound understanding of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA), OAUTH authentication, 2FA
Willingness to learn new technologies and work on security for varied products.
Understanding of NIST 800-53, NIST CSF, ISO27001 standards
Preferred Skills
Exposure to privacy requirements - HIPAA, GDPR, DPDP Act
Excellent Cyber Security capabilities
Strong knowledge of secure software development lifecycle and practices such as threat modelling, security reviews, penetration tests, and security incident response
Understanding of security by design principles and architecture level security concepts
Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
Ability to relate cyber security incidents from cross-industries.
Good to have security certifications like CompTIA Security+, CEH