Sr Product Security Analyst

**Job Description Summary****

As a key member of a global and matrixed design team, Sr Product Security Analyst is responsible for

-Cyber security analysis of controllers, Control systems.

-Lead the software and hardware penetration testing activates

-Work in Collaboration with development teams to improve SDLC process, OSS/SAST/DAST scans.

-Streamline SBOM generation.

-Lead the cyber security testing for GE Vernova Power Conversion products and analyze the reports and suggest remediation strategy.

-Identify Product vulnerabilities, rate and report to development team.

Job Description

Essential Responsibilities:

Lead reviews, suggest architectural changes, conduct tests to ensure systems, controllers, meet Cyber security requirements. Collaborates with a team of controls and system engineers developing operational software for various subsystems. The position requires a clear understanding of OT System, and conversant with all Cyber security requirements.

This role requires strong cooperation with system and subsystem teams necessary for command and control of the systems involved. The Security Analyst should be comfortable making design decisions in a sometimes-uncertain context, crafting innovative solutions, and demonstrating rigorous and decisive leadership. Work with multiple teams in dierent location to deliver Cyber secure software to meet customer requirements.

Roles and Responsibilities

You are a skilled Security Analyst who enjoys security work and is an expert in systems security, product / OT security and application security. In this role, you will be working with product managers, independent researchers, and in-house researchers to identify, rate, report and manage product vulnerabilities and incidents.

In this role, you will:

• Be responsible for providing technical leadership and defining, developing security within software in a fast-paced and agile development environment using the latest secure software development technologies and infrastructure.
• Work with Cyber Security Leaders and SMEs to understand product requirements.
• Hands on experience with penetration testing for software applications, Systems, Web Application, mobile application, controllers.
• Work on Cybersecurity tools like Wireshark, NESSUS and Burp Suite
• Experienced in different phases of Software Development Life cycle (SDLC) including Design, Implementation and Testing during the development of software applications.
• Assist security champions in completing Threat Modelling and Architecture Risk Analysis on product features.
• Perform Security Code Reviews, Vulnerability Analysis and research on application code.
• Coach and mentor developers to implement cryptography solutions securely (PKI, Code Signing, Stored Secrets, et cetera)
• Provide guidance and advice on writing secure code that meets standards and delivers desired functionality, using the technology selected for the project.
• Research new application security technologies and implement them to improve application security.
• Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development.
• Promote best practices based on OWASP Top 10, SANS Top 25, and the GE Vernova SDLC.

Education/Qualification

• Bachelor /master's degree in IT/computer science or relevant engineering or equivalent knowledge / experience with 8-10 Years of Experience
• Strong understanding of fundamentals in networking, ethical hacking, cryptography, penetration testing, vulnerability analysis, risk assessment, threat modelling, cybersecurity standards like ISO 27000 and ISA/IEC 62443.
• Database RDBMS, MySQL NoSQL databases
• Software component: MS Visual Studio, MS Office, MS Visio, GitHub
• Linux and Windows OS
• Hands on experience with Enterprise Application and Web Application servers like Tomcat, and WLP.
• Certifications like CEH, OSCP, PNPT will be an added advantage.