המקום בו המומחים והחברות הטובות ביותר נפגשים
GE HealthCare Staff Product Security Analyst Hybrid United States, Wisconsin 307027739
01.09.2024
Responsibilities:
- Work with product managers, independent researchers, and in-house researchers to identify, rate, report and manage product vulnerabilities and incidents.
- Use threat modeling tools to identify security concerns within systems.
- Develop methods to implement security controls based on the system threat model.
- Develop approaches to address the implementation of Identity and Access Management (IdAM) solutions as part of enterprise security services including mobile devices.
- Consult with developers on security requirements and utilize common components to meet them.
- Ensure that issues identified are appropriately prioritized and addressed in future product releases.
- Have a complete understanding of the various interdependency and limitations as they refer to security controls within the system.
- Evaluate and recommend new and emerging security products and technologies.
- Scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment.
- Engage in incident response methods lead incident response processes related to product cyber.
- Create and track meaningful metrics around product cyber risk and compensating controls.
- Create vulnerability and incident trend analysis to improve product design.
- Maintain SBOMs and conduct proactive vulnerability monitoring and assessment on cyber components.
- Prepare reports at appropriate levels of confidentiality for stakeholders to view.
- Maintaining effective quality systems compliant with GE HealthCare Quality policies.
- Developing continuous improvement activities by driving the implementation of process and product quality improvement initiatives.
- Bachelor’s degree in Computer Science, Electrical Engineering, Biomedical Engineering, System Engineering or closely related discipline.
- Minimum of 6 years of engineering experience or equivalent in a related field.
- Understanding system design concepts and subsystem interactions and interfaces.
- Experience with networking, computers, and operating systems.
- Effective oral and written communication skills.
- Master’s degree in Computer Science, Electrical Engineering or other closely related fields.
- Experience working with Linux OS, Windows OS, and VM environments.
- Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance.
- Program and Project Management experience; expertise with Agile development teams.
- Experience with secure coding principles; code signing; secure boot.
- Experience with penetration testing and ethical hacking.
- Experience in Identity management and identity federation tools. (SAML, Oauth, SCIM, XACML).
- Experienced in developing web services (SOAP/REST).
- Knowledge of application risk identification and evaluation techniques.
- Knowledge of Cyber Security and full knowledge of multiple related engineering functions.
- Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment.
- Demonstrated problem solving ability and results orientation.
- Demonstrated technical leadership capability working on a product development team.
- Experience working on medical device programs.
- Self-starter, energizing, results oriented and able to multi-task.
- Strong desire to drive change and improvements in processes and designs.
- Excellent teamwork, coordination, and communication skills.
משרות נוספות שיכולות לעניין אותך
