Sr. Staff Product Security Leader

Job Description Summary

Responsible for hunting, detecting and responding to digital security threats. Demonstrates technical leadership abilities and strong comprehension of malware, emerging threats and calculating risk.

Job Description

Roles and Responsibilities

You are a highly skilled security Engineer who enjoys security work and collaborating with product managers and developers to drive the successful adoption of innovative methods in developing secure applications.
In this role, you will:
• Drive tailored SDL practice into specific engineering
• Create and track meaningful metrics around product cyber risk and compensating controls
• Consult, architect on security requirements and utilize best practices to meet them
• Engage in application and domain-specific threat modeling and attack surface analysis/reduction
• Working with all scrum teams for security-focused design
• Identifying and ensuring resolution of possible technical implications of each release
• Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development
• Help prepare reports at appropriate levels of confidentiality for stakeholders to view
• Responding promptly and in detail to customer-sponsored penetration tests
• Promotes standards through workshops, knowledge shares, and code walk-throughs
• Promotes best practices and design patterns
• Provides guidance on automated testing tools and techniques

Education Qualification

Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math) with significant experience.

For roles in USA:Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math) with minimum years of experience8years

Desired CharacteristicsTechnical Expertise:
• Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance
• Program and Project Management experience; expertise with Agile development teams
• Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)
• Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)
• Experienced in developing web services (SOAP/REST)
• Must be available for on call for potential security response
• Knowledge of application risk identification and evaluation techniques
• Knowledge of Cyber Security and full knowledge of multiple related engineering functions
• Experience securing applications within cloud platforms such as AWS, Azure and alike.
• Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment

We will not sponsor individuals for employment visas, now or in the future, for this job opening.

We will not sponsor individuals for employment visas, now or in the future, for this job opening. For U.S. based positions only, the pay range for this position is $156,400.00-$234,600.00 Annual. It is not typical for an individual to be hired at or near the top of the pay range and compensation decisions are dependent on the facts and circumstances of each case. The specific compensation offered to a candidate may be influenced by a variety of factors including skills, qualifications, experience and location. In addition, this position may also be eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). GE HealthCare offers a competitive benefits package, including not but limited to medical, dental, vision, paid time off, a 401(k) plan with employee and company contribution opportunities, life, disability, and accident insurance, and tuition reimbursement.

While GE HealthCare does not currently require U.S. employees to be vaccinated against COVID-19, some GE HealthCare customers have vaccination mandates that may apply to certain GE HealthCare employees.