Expoint - all jobs in one place

Finding the best job has never been easier

Limitless High-tech career opportunities - Expoint

GE HealthCare Staff Product Security Analyst Hybrid 
United States, Wisconsin 
307027739

01.09.2024
Responsibilities:
  • Work with product managers, independent researchers, and in-house researchers to identify, rate, report and manage product vulnerabilities and incidents.
  • Use threat modeling tools to identify security concerns within systems.
  • Develop methods to implement security controls based on the system threat model.
  • Develop approaches to address the implementation of Identity and Access Management (IdAM) solutions as part of enterprise security services including mobile devices.
  • Consult with developers on security requirements and utilize common components to meet them.
  • Ensure that issues identified are appropriately prioritized and addressed in future product releases.
  • Have a complete understanding of the various interdependency and limitations as they refer to security controls within the system.
  • Evaluate and recommend new and emerging security products and technologies.
  • Scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment.
  • Engage in incident response methods lead incident response processes related to product cyber.
  • Create and track meaningful metrics around product cyber risk and compensating controls.
  • Create vulnerability and incident trend analysis to improve product design.
  • Maintain SBOMs and conduct proactive vulnerability monitoring and assessment on cyber components.
  • Prepare reports at appropriate levels of confidentiality for stakeholders to view.
  • Maintaining effective quality systems compliant with GE HealthCare Quality policies.
  • Developing continuous improvement activities by driving the implementation of process and product quality improvement initiatives.
Qualifications/Requirements:
  • Bachelor’s degree in Computer Science, Electrical Engineering, Biomedical Engineering, System Engineering or closely related discipline.
  • Minimum of 6 years of engineering experience or equivalent in a related field.
  • Understanding system design concepts and subsystem interactions and interfaces.
  • Experience with networking, computers, and operating systems.
  • Effective oral and written communication skills.
Desired:
  • Master’s degree in Computer Science, Electrical Engineering or other closely related fields.
  • Experience working with Linux OS, Windows OS, and VM environments.
  • Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance.
  • Program and Project Management experience; expertise with Agile development teams.
  • Experience with secure coding principles; code signing; secure boot.
  • Experience with penetration testing and ethical hacking.
  • Experience in Identity management and identity federation tools. (SAML, Oauth, SCIM, XACML).
  • Experienced in developing web services (SOAP/REST).
  • Knowledge of application risk identification and evaluation techniques.
  • Knowledge of Cyber Security and full knowledge of multiple related engineering functions.
  • Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment.
  • Demonstrated problem solving ability and results orientation.
  • Demonstrated technical leadership capability working on a product development team.
  • Experience working on medical device programs.
  • Self-starter, energizing, results oriented and able to multi-task.
  • Strong desire to drive change and improvements in processes and designs.
  • Excellent teamwork, coordination, and communication skills.