Product Security Representative

GE Healthcare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.

The PSR is cybersecurity focal point for Edison for Enterprise team to drive secure development and maintenance of Edison Digital Health Platform (EDHP). The PSR is an experienced member of the product engineering team with influence to drive product privacy and cybersecurity features and enhancements. The PSR must have deep product knowledge to ensure the clinical functionality, expected operating environment, and interoperability to accurately determine a product’s privacy and security risks.

**Roles and Responsibilities**

**In this role, you will**
- Provide privacy and security technical expertise in support of the product team throughout product development, design change, and life-cycle management.
- Work with the Product Security Leader (PSL) to support the product team with process expertise for the GEHC Product Cybersecurity Standard and life-cycle management.
- Increase product security awareness within the development team
- Analyzing, tracking and following product related threat, vulnerabilities, security gaps and desired solution
- Maintain cyber security processes, monitoring systems/tools
- Support the development teams by security analyses and threat modelling
- Interact with worldwide engineering and product teams
- Assess the privacy and cybersecurity state of the product and define product roadmap features/enhancements with stakeholder approval
- Responsible for security architecture and coordination of product development for cybersecurity features and enhancements
- Assess product components and SBoM integrated into the product
- Perform defect management for cybersecurity issues
- Identify operational responsibilities and adherence to cloud standards for cloud
- based products
- Responsible for Product and Security Manual and MDS2 documentation
- In coordination with the PSL, own and deliver GEHC Product Cybersecurity Standard artifacts, which includes:

- Lead product Security Technical Design Reviews. Design input activities to identify, evaluate, roadmap, and drive cybersecurity and privacy features and enhancements within product development programs
- Create Design Engineering Privacy and Security (DEPS) artifacts for privacy and security risk assessments to engage in domain-specific product threat modeling, attack surface analysis, risk management and reduction
- Along with the product LSD, responsible for the GEHC Product Cybersecurity Standard compliance and other pertinent standards and process.
- Stay current on healthcare privacy trends and regulatory environment (i.e. FDA, HIPAA, GDPR, etc ) to effectively communicate privacy awareness with the product team.
- Works with the GEHC Product Security team and QARA on released product life-cycle, including:

- Participate in post-market product vulnerability monitoring
- Participate as an SME to determine product vulnerability impact, investigation, and risk assessment
- Responsible for product vulnerability mitigation and design change
- Responsible for GEHC vulnerability tool update to ensure accurate customer communication
- Address customer and Sales RFP privacy and security feedback/questions.
- Provide technical expertise on customer concerns, complaints, and CSO escalations.
- Create/Maintain responsible product records within GEHC product cybersecurity tools.
- Active involvement in DoD RMF submission process and maintenance.

**Quality Specific Goals**:

- Monitor a wide array of diverse information sources - ranging from open-source to classified materials - for potential threats to GE's personnel, infrastructure and operations
- An understanding of APT, Cyber Crime, and other associated actors
- Proven knowledge of typical adversary tactics, techniques, and procedures (TTPs)
- Background in collecting, analyzing, and interpreting data from various sources, detailing the results and preparing substantial analysis products
- Awareness of intelligence enrichment practices and threat hunting experience (PassiveDNS, Domain Registration pivoting, VirusTotal, etc.)
- Active participant in the Intelligence Community.
- Complete all required Quality and GEHC Product Cybersecurity Standard compliance training.
- Identify and report any quality, compliance, security, or privacy concerns and take immediate corrective action as required.
- Coordination with GEHC Product Security Team and product PSL.
- Understand healthcare industry cybersecurity trends and competitive landscape and the implications for your product.

**Qualifications**:

- Bachelor's Degree in a relevant field (e.g. Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math).
- S