GE Healthcare
Staff Product Security Analyst (Hybrid)
GE Healthcare, Waukesha, Wisconsin, United States, 53188
Job Description Summary
Join a dynamic team that’s transforming how Patient Monitoring at GE HealthCare is architected and delivered to our customers. As a Staff Product Security Analysis, you’ll be working on a new state-of-the-art solution that provides clinical intelligence at the point of need for caregivers. With a focus on defining cyber security and privacy requirements and analyzing security vulnerabilities of a new system, this position requires understanding of the system design, and requires strong analysis and problem-solving skills. Join the Monitoring Transformation at GE HealthCare!
Job Description
Responsibilities:
Work with product managers, independent researchers, and in-house researchers to identify, rate, report and manage product vulnerabilities and incidents.
Use threat modeling tools to identify security concerns within systems.
Develop methods to implement security controls based on the system threat model.
Develop approaches to address the implementation of Identity and Access Management (IdAM) solutions as part of enterprise security services including mobile devices.
Consult with developers on security requirements and utilize common components to meet them.
Ensure that issues identified are appropriately prioritized and addressed in future product releases.
Have a complete understanding of the various interdependency and limitations as they refer to security controls within the system.
Evaluate and recommend new and emerging security products and technologies.
Scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment.
Engage in incident response methods lead incident response processes related to product cyber.
Create and track meaningful metrics around product cyber risk and compensating controls.
Create vulnerability and incident trend analysis to improve product design.
Maintain SBOMs and conduct proactive vulnerability monitoring and assessment on cyber components.
Prepare reports at appropriate levels of confidentiality for stakeholders to view.
Maintaining effective quality systems compliant with GE HealthCare Quality policies.
Developing continuous improvement activities by driving the implementation of process and product quality improvement initiatives.
Qualifications/Requirements:
Bachelor’s degree in Computer Science, Electrical Engineering, Biomedical Engineering, System Engineering or closely related discipline.
Minimum of 6 years of engineering experience or equivalent in a related field.
Understanding system design concepts and subsystem interactions and interfaces.
Experience with networking, computers, and operating systems.
Effective oral and written communication skills.
Desired:
Master’s degree in Computer Science, Electrical Engineering or other closely related fields.
Experience working with Linux OS, Windows OS, and VM environments.
Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance.
Program and Project Management experience; expertise with Agile development teams.
Experience with secure coding principles; code signing; secure boot.
Experience with penetration testing and ethical hacking.
Experience in Identity management and identity federation tools. (SAML, Oauth, SCIM, XACML).
Experienced in developing web services (SOAP/REST).
Knowledge of application risk identification and evaluation techniques.
Knowledge of Cyber Security and full knowledge of multiple related engineering functions.
Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment.
Demonstrated problem solving ability and results orientation.
Demonstrated technical leadership capability working on a product development team.
Experience working on medical device programs.
Self-starter, energizing, results oriented and able to multi-task.
Strong desire to drive change and improvements in processes and designs.
Excellent teamwork, coordination, and communication skills.
#Onsite
#LI-CH-3
GE HealthCare offers a great work environment, professional development, challenging careers, and competitive compensation. GE HealthCare is an Equal Opportunity Employer (https://www.eeoc.gov/sites/default/files/2022-10/22-088_EEOC_KnowYourRights_10_20.pdf) . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
GE HealthCare will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).
While GE HealthCare does not currently require U.S. employees to be vaccinated against COVID-19, some GE HealthCare customers have vaccination mandates that may apply to certain GE HealthCare employees.
Relocation Assistance Provided: Yes
Join a dynamic team that’s transforming how Patient Monitoring at GE HealthCare is architected and delivered to our customers. As a Staff Product Security Analysis, you’ll be working on a new state-of-the-art solution that provides clinical intelligence at the point of need for caregivers. With a focus on defining cyber security and privacy requirements and analyzing security vulnerabilities of a new system, this position requires understanding of the system design, and requires strong analysis and problem-solving skills. Join the Monitoring Transformation at GE HealthCare!
Job Description
Responsibilities:
Work with product managers, independent researchers, and in-house researchers to identify, rate, report and manage product vulnerabilities and incidents.
Use threat modeling tools to identify security concerns within systems.
Develop methods to implement security controls based on the system threat model.
Develop approaches to address the implementation of Identity and Access Management (IdAM) solutions as part of enterprise security services including mobile devices.
Consult with developers on security requirements and utilize common components to meet them.
Ensure that issues identified are appropriately prioritized and addressed in future product releases.
Have a complete understanding of the various interdependency and limitations as they refer to security controls within the system.
Evaluate and recommend new and emerging security products and technologies.
Scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment.
Engage in incident response methods lead incident response processes related to product cyber.
Create and track meaningful metrics around product cyber risk and compensating controls.
Create vulnerability and incident trend analysis to improve product design.
Maintain SBOMs and conduct proactive vulnerability monitoring and assessment on cyber components.
Prepare reports at appropriate levels of confidentiality for stakeholders to view.
Maintaining effective quality systems compliant with GE HealthCare Quality policies.
Developing continuous improvement activities by driving the implementation of process and product quality improvement initiatives.
Qualifications/Requirements:
Bachelor’s degree in Computer Science, Electrical Engineering, Biomedical Engineering, System Engineering or closely related discipline.
Minimum of 6 years of engineering experience or equivalent in a related field.
Understanding system design concepts and subsystem interactions and interfaces.
Experience with networking, computers, and operating systems.
Effective oral and written communication skills.
Desired:
Master’s degree in Computer Science, Electrical Engineering or other closely related fields.
Experience working with Linux OS, Windows OS, and VM environments.
Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance.
Program and Project Management experience; expertise with Agile development teams.
Experience with secure coding principles; code signing; secure boot.
Experience with penetration testing and ethical hacking.
Experience in Identity management and identity federation tools. (SAML, Oauth, SCIM, XACML).
Experienced in developing web services (SOAP/REST).
Knowledge of application risk identification and evaluation techniques.
Knowledge of Cyber Security and full knowledge of multiple related engineering functions.
Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment.
Demonstrated problem solving ability and results orientation.
Demonstrated technical leadership capability working on a product development team.
Experience working on medical device programs.
Self-starter, energizing, results oriented and able to multi-task.
Strong desire to drive change and improvements in processes and designs.
Excellent teamwork, coordination, and communication skills.
#Onsite
#LI-CH-3
GE HealthCare offers a great work environment, professional development, challenging careers, and competitive compensation. GE HealthCare is an Equal Opportunity Employer (https://www.eeoc.gov/sites/default/files/2022-10/22-088_EEOC_KnowYourRights_10_20.pdf) . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
GE HealthCare will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).
While GE HealthCare does not currently require U.S. employees to be vaccinated against COVID-19, some GE HealthCare customers have vaccination mandates that may apply to certain GE HealthCare employees.
Relocation Assistance Provided: Yes