Oversee security for GE HealthCare product, platforms, components, and cross-modality efforts.
Act as a security technical lead for development programs
Function as the main technical point of contact for product teams as relates to privacy and security, while also growing the security expertise of product teams
Build awareness of the importance of security in product management and technical teams
Conduct complete lifecycle security architecture and technical assessments for a wide range of products, including embedded devices, and enterprise software solutions
Engage in application and domain-specific threat modeling and attack surface analysis and reduction
Lead cross-functional projects and teams in establishing security development lifecycle practices within GE HealthCare products
Assess and prioritize risk for legacy devices and communicate residual risk to business leaders
Prepare reports at appropriate levels of confidentiality for stakeholders to view
Support privacy and security incident response activities such as investigations, corrective actions, and preventive actions
Work to understand customers privacy and security concerns and requirements
Respond promptly and in detail to customer queries and customer-sponsored penetration tests
Provide guidance on automated testing tools and techniques
Perform technical security assessments across the GE HealthCare product portfolio
Lead functional teams or projects with minimal resource requirements, risk, and/or complexity.
Communicate difficult concepts and influence others' options on particular topics.
Guide others to consider a different point of view.

Requirements

Bachelor's Degree in a relevant field (e.g. Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math)
7+ years full-time information security experience with emphasis on technical assessment (system/web application vulnerability assessment, penetration testing, white-box code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc.)
5+ years of experience with cybersecurity in product development
Certification in cybersecurity (CISSP preferred)
Healthcare domain and medical device experience
Experience with embedded devices, enterprise solutions, and mobile app development
Experience with many operating systems: Enterprise Linux, Embedded Linux, Windows, Windows Server, Windows Embedded.
Real-time OS
Experience with security configuration and communication of embedded devices
Experience securing wireless communications: WiFi, WMTS, MBAN, Bluetooth
Experience in a broad range of information security domains – security architecture, key and certificate management, security operations, fuzzing, penetration testing, SAAS/PAAS/IAAS/Cloud Security, Service-Oriented Architecture, Systems Management
Experience with Security Development Lifecycle processes such as Threat Modeling
Experience with a range of security tools: Nessus, Kali, Microsoft Threat Modeling Tool, etc.
Experience with NIST 800-53 and/or ISO/IEC 27000 series of security standards
Experience with OWASP, CVSS, FIPS 140-2 and 140-3, and DoD RMF
Project and program management experience
Organization and communication of complex information
An understanding of information security risk management

Benefits

medical
dental
vision
paid time off
a 401(k) plan with employee and company contribution opportunities
life, disability, and accident insurance
tuition reimbursement

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

information securitytechnical assessmentpenetration testingsecurity architecturevulnerability assessmentsecure system designidentity managementsecurity configurationembedded devicesmobile app development

Soft Skills

communicationleadershiporganizationinfluencerisk assessmentcustomer engagementteam collaborationproblem-solvingguidanceawareness building

Certifications

CISSP