Staff Product Security Engineer

As a Staff Product Security Engineer, you will be part of the Ultrasound Digital team with the vision of building and sustaining product competencies and customer orientation to provide timely patient care. We are looking for a person with strong technical acumen in Cyber security in the cloud and preferably a person who has knowledge / expertise in device security and traditional hospital on-premises architectures. He/she will provide Leadership on Cyber security by working both with the product teams and the Global teams and helps to draw out the strategy for Ultrasound Digital products.

GE HealthCare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.

Key Responsibilities:

• Assess the security for software/Product architecture – guide the product architects to ensure security is built into at the design level itself.
• Own development of cyber security artifacts including threat model and lead discussion on identifying mitigations.
• Assist the Engineering teams in triaging and identification of fix for detected product vulnerabilities.
• Interact with internal / external team to co-ordinate security and privacy assessments which includes VAPT to determine compliance and security posture.
• Assist business units in the development and implementation of product security and Privacy practices including policies, standards, guidelines, and procedures.
• Verify that security and privacy requirements defined in the security plans, policies, and procedures are followed and protection measures are functioning as intended.
• Guide the business unit in their management of the resolution of security audit or review findings.
• Provide security risk management and security advice as well as advice on strategic direction relating to product and information security.
• Assist with security incidents and review risk and impact of breaches to protected systems.
• Review proposed services, engineering changes, and feature requests for security implications and needed security controls.

Qualifications/Requirements:

• Bachelor's degree in engineering
• Should have 7+ years of development and security experience which includes application security, mobile security, network security, OS security and Cloud Security.
• Experience in Rest Api, Kubernetes and container security assessments.
• Product/Information security experience in all phases of service/product development and deployment including architecture, design, development, testing and deployment.
• Good understanding of AWS services, specifically related to security.
• Experience in designing security solutions.
• Hands-on experience in execution and review of Static & Dynamic Code Analysis reports and ability to discuss with development teams for true positives.
• Experience and knowledge of penetration testing methodologies and tools.
• Conducting information security analyses, audits, and reviews
• Experience in Automation of pen test scenarios using Python or any other languages is mandatory
• Willingness to learn new technologies and work on security for varied products.
• Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among project stakeholders
• Sound security engineering knowledge (technical) so as to work collaboratively with the Tech Leads and software/products architects to ensure secure products.
• Knowledge of information system architecture and security controls (e.g., firewall, specialized appliances)
• Sound understanding of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA), OAUTH authentication, 2FA

Desired Characteristics:

• AWS Solution Architect – Associate along with AWS Security Specialty certification.
• Experience of Information security assessment in healthcare sector.
• Experience with NIST 800-53, CIS/STIG benchmark audit.
• Ideal candidate would have worked on the software development initially and then graduated in to either -S/W Lead/security assessments ensuring security in the product design.
• Exposure to privacy requirements
• Understanding of HI-TRUST and SOC2.
• Excellent Cyber Security capabilities
• Strong knowledge of secure software development lifecycle and practices such as threat modelling, security reviews, penetration tests, and security incident response
• Understanding of security by design principles and architecture level security concepts
• Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
• Ability to relate cyber security incidents from cross-industries.
• Good to have security certifications like OSCP/CCSP/CISSP

Inclusion and Diversity

GE HealthCare is an Equal Opportunity Employer where inclusion matters. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership – always with unyielding integrity.

Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you'd expect from an organization with global strength and scale, and you'll be surrounded by career opportunities in a culture that fosters care, collaboration and support.

Disclaimer: GE HealthCare will never ask for payment to process documents, refer you to a third party to process applications or visas, or ask you to pay costs. Never send money to anyone suggesting they can provide employment with GE HealthCare.

Relocation Assistance Provided: Yes