GE HealthCare

Staff Software Architect – Product Security

GE HealthCare

full-time

Posted on:

Origin:  • 🇺🇸 United States • Wisconsin

Visit company website
AI Apply
Manual Apply

Job Level

Lead

Tech Stack

AWSAzureChefCloudCyber SecurityJenkinsLinuxPythonSDLCTCP/IP

About the role

  • Technical ownership of product security feature deliverables
  • Gather and analyze data, develop architectural requirements and lead implementation
  • Work closely with cross-functional teams on requirements gathering and software design
  • Scope and participate in hardware and software penetration tests and vulnerability risk assessment
  • Engage in incident response methods and lead incident response related to product cyber
  • Create and track metrics around product cyber risk and compensating controls
  • Create vulnerability and incident trend analysis to improve product design
  • Maintain cyber Bill of Materials and perform proactive vulnerability monitoring and assessment
  • Engage and administer End of Life processes for digital products
  • Consult architects on security requirements and best practices
  • Perform application and domain-specific threat modeling and attack surface analysis/reduction
  • Respond to customer-sponsored penetration tests in detail and promptly
  • Provide guidance on automated testing tools and techniques
  • Discover and mitigate vulnerabilities in Critical Infrastructure/Key Resource domains
  • Develop and design innovative cybersecurity solutions for unique and complex technologies
  • Partner with government agencies, industry experts, and academia on cybersecurity efforts
  • Leverage research methodologies to advance GE HealthCare's cybersecurity practice
  • Assess and investigate specific threats for severity and impact and create detailed vulnerability reports
  • Create IPS/IDS rules or other mitigations to protect vulnerable systems
  • Interact with global teams to promote consistency across common software platforms
  • Gain mastery of the Ultrasound domain and contribute to software infrastructure development
  • Apply SDLC and methodologies (Lean/Agile/XP, CI), scalability, documentation, refactoring and testing techniques
  • Design, develop, implement, test and deploy subsystem/security solutions
  • Manage design evolution across multi-generation product releases
  • Perform design and code reviews and provide product security feedback

Requirements

  • Bachelor’s degree in computer science or STEM majors required
  • Minimum of 6 years of professional experience (cybersecurity domain preferred)
  • Cyber Security Certification in the Privacy, Security & Regulatory domain or related certification
  • Experience in object-oriented design methodology and programming languages such as C/C++
  • Hands-on experience in C++ on Windows a plus
  • Working knowledge of configuration management tools (Perforce, GIT, ClearCase)
  • Experience working with Windows API and application programming
  • Experience in software platform, advanced applications, UI design and/or systems engineering (healthcare/Ultrasound preferred)
  • Strong debugging skills
  • Experience with multicore and multi-threaded software design
  • Experience driving technical design reviews
  • Strong interpersonal, communication and influencing skills across organizational levels
  • Proven analytical and problem resolution skills
  • Demonstrated ability to work with and/or lead blended and global teams
  • Experience setting up and maintaining automation in CI/CD workflows a plus
  • Must be willing to work onsite at least 3 days a week in Wauwatosa/Waukesha, Wisconsin
  • We will not sponsor individuals for employment visas for this job opening
  • Willingness to complete drug screen (if applicable)
  • Desired: Familiarity with identifying, analyzing, and ethically exploiting vulnerabilities
  • Desired: Strong knowledge of TCP/IP networking and ability to use Wireshark
  • Desired: Hands-on experience with Windows and Linux systems
  • Desired: Programming skills in Python, C, C++, CUDA
  • Desired: Understanding of machine language, OS, APIs, libraries, runtimes, hardware/firmware/binary interactions
  • Desired: Familiarity with digital electronics, microcontrollers, SCADA/DCS exposure
  • Desired: Knowledge of cybersecurity frameworks (NIST 800-53, ISO 27001, IEC 62443)
  • Desired: Experience with secure coding, code signing, secure boot
  • Desired: Experience with penetration testing and ethical hacking
  • Desired: Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)
  • Desired: Knowledge of identity management and federation (SAML, Oauth, SCIM, XACML)
  • Desired: Experience securing cloud platforms (AWS, Azure)