GE HealthCare Staff Product Security Engineer 

India, Karnataka 

133107018

3. Product cybersecurity development responsibilities:

• Assess the privacy and cybersecurity state of the product and define product roadmapfeatures/enhancementswith stakeholder approval

• Responsible for security architecture and coordination of product development for cybersecurity features and enhancements

• Assess product components and SBoM integrated into the product

• Perform defect management for cybersecurity issues

• Identify operational responsibilities and adherence to cloud standards for cloud- based products

• Responsible for Product and Security Manual and MDS2 documentation

4. In coordination with the PSL, own and deliver GEHC Product Cybersecurity Standard artifacts, which includes:

• Design input activities to identify, evaluate, roadmap, and drive cybersecurity and privacy features and enhancements within product development programs

• Create Design Engineering Privacy and Security (DEPS) artifacts for privacy and security risk assessments to engage in domain-specific product threat modeling, attack surface analysis, risk management and reduction

• Coordinates with the PSL to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments

• Lead product Security Technical Design Reviews

• Along with the product Lead System Designer (LSD), responsible for the GEHC Product Cybersecurity Standard compliance and other pertinent standards and process.

6. Work with the GEHC Product Security team and QARA on released product life-cycle, including:

• Participate in post-market product vulnerability monitoring

• Participate as an Subject Matter Expert to determine product vulnerability impact, investigation, and risk assessment.

• Responsible for product vulnerability mitigation and design change.

• Responsible for GEHC vulnerability tool update to ensure accurate customer communication.

8. Provide technical expertise on customer concerns, complaints, and CSO escalations.

9. Create/Maintain responsible product records within GEHC product cybersecurity tools.

10. Active involvement in DoD RMF submission process and maintenance.

• Bachelor’s degree in engineering

• 8+ years of development and security experience which includes application security, mobile security, network security, OS security and Cloud Security.

• Product/Information security experience in all phases of service/product development and deployment including architecture, design, development, testing and deployment.

• Experience in designing security solutions.

• Hands-on experience in execution and review of Static & Dynamic Code Analysis reports and ability to discuss with development teams for true positives.

• Strong knowledge of secure software development lifecycle and practices such as threat modelling, security reviews, penetration tests, and security incident response

• Experience and knowledge of penetration testing methodologies and tools.

• Conducting information security analyses, audits, and reviews

• Willingness to learn new technologies and work on security for varied products.

• Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among project stakeholders

• Sound security engineering knowledge (technical) so as to work collaboratively with the Tech Leads and software/products architects to ensure secure products.

• Knowledge of information system architecture and security controls (e.g., firewall, specialized appliances)

• Sound understanding of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA), OAUTH authentication, 2FA

Desired Characteristics:

• Good understanding of AWS services

• Experience in Rest Api, Kubernetes and container security assessments

• AWS Solution Architect – Associate certification.

• Experience of Information security assessment in healthcare sector.

• Exposure to privacy requirements

• Understanding of security by design principles and architecture level security concepts

• Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities

• Ability to relate cyber security incidents from cross-industries.

• Good to have security certifications like OSCP/CCSP/CISSP