General Electric Madison , WI 53706
Principal Product Security Leader
Posted 9/21/2018 5:06:43 PM
Job Function: Digital Technology
Business Segment: Healthcare Digital Technology
Location(s): United States; Wisconsin; Milwaukee, Madison
GE Healthcare is looking for a Principal Product Security Leader to help design and implement the next generation of secure healthcare devices and solutions. This includes providing development teams and product owners with technical insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions.
The Principal Product Security Leader works across key GEHC design engineering teams to implement secure design and build practices and create innovative technical solutions to security challenges.
You will be working directly with product development teams assessing and assisting in the design, development, and implementation of security into solutions that interoperate from the body out to the cloud and back again. You will analyze system designs and implementations from a security perspective, and uncover subtle security issues that appear under unexpected threat scenarios. You will determine the likelihood of loss and the appropriate mitigations based on those unexpected threats and work with the product development teams as they design, implement and deploy those mitigations.
You will be a security evangelist providing thought leadership to the organization and helping to guide developers in secure coding practices. You will also assist in technical security assessments across all of GEHC.
You are a security leader who thrives on addressing real-world problems and is not averse to building security tools and processes when off-the-shelf solutions just don't fit. Most importantly, you are a savvy communicator and leader that can translate security risks to business terms in an accurate and compelling manner for both technical and non-technical stakeholders.
As a Principal Product Security Leader, you will:
Oversee security for Critical Care Solutions teams and products
Act as a security technical lead for development programs
Function as the main technical point of contact for product teams as relates to cybersecurity and privacy, while also growing the security expertise of product teams
Build awareness of the importance of security in product management and technical teams
Conduct complete lifecycle security architecture and technical assessments for a wide range of products, including embedded devices, enterprise software solutions, and mobile apps
Engage in application and domain-specific threat modeling and attack surface analysis and reduction
Lead cross-functional projects and teams in establishing security development lifecycle practices within healthcare products
Assess and prioritize risk for legacy devices and communicate residual risk to business leaders
Prepare reports at appropriate levels of confidentiality for stakeholders to view
Support Privacy and Security incident response activities pertinent to design engineering and secure development through investigations, corrective actions, and preventive actions
Work directly with customers to understand their Privacy and Security concerns and requirements
Produce product assessment results suitable for customers
Respond promptly and in detail to customer queries and customer-sponsored penetration tests
Provide guidance on automated testing tools and techniques
Perform technical security assessments across the GE Healthcare product portfolio
Bachelor's Degree in a relevant field (e.g. Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math)
Minimum 8 years full-time information security experience with emphasis on technical assessment (system/web application vulnerability assessment, penetration testing, white-box code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc.)
Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job
Must be willing to travel up to 20%
Must be willing to work out of a GE Healthcare office Location in Milwaukee or Madison, WI or a remote home office
3 5 years of experience with information security in product development
Certification in cybersecurity (CISSP preferred)
Healthcare domain and medical device experience
Experience with embedded devices, enterprise solutions, and mobile app development
Experience with many operating systems: Enterprise Linux, Embedded Linux, Android, iOS, Windows, Windows Server, Windows Embedded
Experience with security configuration and communication of embedded devices
Experience securing wireless communications: WiFi, WMTS, MBAN, Bluetooth
Experience with real-time network protocols, such as DDS (Data Distribution Service)
Experience in a broad range of information security domains security architecture, key and certificate management, security operations, fuzzing, penetration testing, SAAS/PAAS/IAAS/Cloud Security, Service-Oriented Architecture, Systems Management
Experience with Security Development Lifecycle processes such as Threat Modeling
Experience with a range of security tools: Nessus, Kali, Microsoft Threat Modeling Tool, fuzzers, etc.
Experience with NIST 800-53 and/or ISO/IEC 27000 series of security standards
Experience with OWASP, CVSS, FIPS 140-2, and DoD RMF
Project and program management experience
Organization and communication of complex information
An understanding of information security risk management exposure to risk concepts and models like FAIR, OCTAVE, etc
Seek, share and implement best practices with the other GE cybersecurity leaders and potentially external industry partners
Maintain the strategic roadmap for cybersecurity initiatives and measure program effectiveness.
Provide regular program updates to Product Security leadership, the GEHC CISO, and other stakeholders.
Establish and maintain relationships with stakeholders including CTOs, Service Leaders, Legal, and regional commercial leaders.
Work with engineering Product Security Representative and Cyber Security Product Security Leaders on product security solutions.
Aid in the development and enforcement of GE-wide policies & standards and assist technology teams with implementation.
Define technology security requirements and communicate to system owners through effective security programs and training.
GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
Locations: United States; Wisconsin; Milwaukee, Madison
GE will only employ those who are legally authorized to work in the United States for this opening.