GE HealthCare Staff Product Security Analyst 

India, Karnataka 

42759364

In this role, you will:

Roles and Responsibilities :

3. Product cybersecurity development responsibilities:

• Assess the privacy and cybersecurity state of the product and define product roadmapfeatures/enhancementswith stakeholder approval
• Responsible for security architecture and coordination of product development for cybersecurity features and enhancements
• Assess product components and SBoM integrated into the product
• Perform defect management for cybersecurity issues
• Identify operational responsibilities and adherence to cloud standards for cloud- based products
• Responsible for Product and Security Manual and MDS2 documentation

4. In coordination with the PSL, own and deliver GEHC Product Cybersecurity Standard artifacts, which includes:

• Design input activities to identify, evaluate, roadmap, and drive cybersecurity and privacy features and enhancements within product development programs
• Create Design Engineering Privacy and Security (DEPS) artifacts for privacy and security risk assessments to engage in domain-specific product threat modeling, attack surface analysis, risk management and reduction
• Coordinates with the PSL to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments
• Lead product Security Technical Design Reviews
• Along with the product LSD, responsible for the GEHC Product Cybersecurity Standard compliance and other pertinent standards and process.

6. Works with the GEHC Product Security team and QARA on released product life-cycle, including:

• Participate in post-market product vulnerability monitoring
• Participate as an Subject Matter Expertise to determine product vulnerability impact, investigation, and risk assessment.
• Responsible for product vulnerability mitigation and design change.
• Responsible for GEHC vulnerability tool update to ensure accurate customer communication.

8. Provide technical expertise on customer concerns, complaints, and CSO escalations.

9. Create/Maintain responsible product records within GEHC product cybersecurity tools.

10. Active involvement in DoD RMF submission process and maintenance.

Educational Qualifications:

• Bachelor's Degree in a relevant field (e.g. Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math)
• 3+ years of progressive experience as adevelopment/cybersecurityengineer or scientist/researcher working with a cybersecurity skill set.

Desired Characteristics:

• Sound technical and domain experience in at least two cybersecurity functional technology areas.
• Technical assessment (system/web application vulnerability assessment, penetration testing, white-box code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc.).

Inclusion and Diversity

Ourare designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support.