Expoint - all jobs in one place

מציאת משרת הייטק בחברות הטובות ביותר מעולם לא הייתה קלה יותר

Limitless High-tech career opportunities - Expoint

GE HealthCare Staff Product Security Analyst 
India, Karnataka 
325349482

01.09.2024
Responsibilities
  • Assess the security for software/Product architecture – guide the product architects to ensure security is built into at the design level itself.
  • Own development of cyber security artifacts including threat model and lead discussion on identifying mitigations.
  • Assist the Engineering teams in triaging and identification of fix for detected product vulnerabilities.
  • Interact with internal / external team to co-ordinate security and privacy assessments which includes VAPT to determine compliance and security posture.
  • Assist business units in the development and implementation of product security and Privacy practices including policies, standards, guidelines, and procedures.
  • Verify that security and privacy requirements defined in the security plans, policies, and procedures are followed and protection measures are functioning as intended.
  • Guide the business unit in their management of the resolution of security audit or review findings.
  • Provide security risk management and security advice as well as advice on strategic direction relating to product and information security.
  • Assist with security incidents and review risk and impact of breaches to protected systems.
  • Review proposed services, engineering changes, and feature requests for security implications and needed security controls.
Qualifications/Requirements
  • Bachelor’s degree in engineering
  • 8+ years of development and security experience which includes application security, mobile security, network security, OS security and Cloud Security.
  • Experience in Rest Api, Kubernetes and container security assessments.
  • Product/Information security experience in all phases of service/product development and deployment including architecture, design, development, testing and deployment.
  • Good understanding of AWS services, specifically related to security.
  • Experience in designing security solutions.
  • Hands-on experience in execution and review of Static & Dynamic Code Analysis reports and ability to discuss with development teams for true positives.
  • Experience and knowledge of penetration testing methodologies and tools.
  • Conducting information security analyses, audits, and reviews
  • Experience in Automation of pen test scenarios using Python or any other languages is mandatory
  • Willingness to learn new technologies and work on security for varied products.
  • Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among project stakeholders
  • Sound security engineering knowledge (technical) so as to work collaboratively with the Tech Leads and software/products architects to ensure secure products.
  • Knowledge of information system architecture and security controls (e.g., firewall, specialized appliances)
  • Sound understanding of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA), OAUTH authentication, 2FA
Desired
  • AWS Solution Architect – Associate along with AWS Security Specialty certification.
  • Experience of Information security assessment in healthcare sector.
  • Experience with NIST 800-53, CIS/STIG benchmark audit.
  • Ideal candidate would have worked on the software development initially and then graduated in to either -S/W Lead/security assessments ensuring security in the product design.
  • Exposure to privacy requirements
  • Understanding of HI-TRUST and SOC2.
Preferred Skills:
  • Excellent Cyber Security capabilities
  • Strong knowledge of secure software development lifecycle and practices such as threat modelling, security reviews, penetration tests, and security incident response
  • Understanding of security by design principles and architecture level security concepts
  • Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
  • Ability to relate cyber security incidents from cross-industries.
  • Good to have security certifications like OSCP/CCSP/CISSP

total rewardsare designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support.