GE HealthCare Cyber Security Architect 

India, Karnataka 

351760536

Roles and Responsibilities

In this role, you will:

• Conduct security and privacy assessments which includes VAPT to determine compliance and security posture
• Assess the security for software/Product architecture – guide the product architects to ensure security is built into at the design level itself
• Assist business units in the development and implementation of product security and Privacy practices including policies, standards, guidelines, and procedures.
• Verify that security and privacy requirements defined in the security plans, policies, and procedures are followed and protection measures are functioning as intended.
• Guide the business unit in their management of the resolution of security audit or review findings.
• Provide security risk management and security advice as well as advice on strategic direction relating to product and information security.
• Assist with security incidents and review risk and impact of breaches to protected systems.
• Review proposed services, engineering changes, and feature requests for security implications and needed security controls.
• Work with the software architecture and development teams to ensure that the solutions are built with security and data privacy first
• Regularly monitor the cyber security vulnerabilities in the 3rd part libraries use and ensure those vulnerabilities are addressed in a timely manner
• Create and execute upon technology roadmaps in cooperation with external vendors and industry cybersecurity and data privacy standards

Role Competency:

• Bachelor's degree in engineering
• A minimum of 10 years of development and security experience which includes application security, mobile security, network security, OS security, Cloud Security, IoT Security
• Product/Information security experience in all phases of service/product development and deployment including architecture, design, development, testing and deployment.
• Experience in designing security solutions.
• Hands-on experience in execution and review of Static Code Analysis reports and ability to discuss with development teams for true positives.
• Sound understanding of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA).

• Experience and knowledge of penetration testing methodologies and tools.

• Conducting information security analyses, audits, and reviews
• Experience in Automation of pen test scenarios using Python or any other languages is mandatory
• Willingness to learn new technologies and work on security for varied products.

Preferred Experience

• Experience of Information security assessment in healthcare sector/ IoT / Embedded Security

• Experience with NIST 800-53, CIS/STIG benchmark audit

• Ideal candidate would have worked on the software development initially and then graduated in to either -S/W Lead/security assessments ensuring security in the product design

Preferred Skills:

• Excellent Cyber Security capabilities

• Strong knowledge of secure software development lifecycle and practices such as threat modelling, security reviews, penetration tests, and security incident response

• Understanding of security by design principles and architecture level security concepts

• Exposure to privacy requirements

• Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities

• Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among project stakeholders

• Sound security engineering knowledge (technical) so as to work collaboratively with the Tech Leads and software/products architects to ensure secure Products
• Knowledge of information system architecture and security controls (e.g., firewall and border router configurations, wireless architectures, specialized appliances)

• Sound implementation Knowledge of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA), OAUTH authentication, 2FA
• Ability to relate cyber security incidents from cross-industries.
• Experience in Rest Api, Kubernetes and container security assessments.
• Good to have security certifications like OSCP/CCSP/CISSP

Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support.