Job Description Summary

In this role you will be responsible to design, develop and maintain the Security posture of the enterprise level application/s. As a Cyber Security expert, you will need to work with various development process tools including threat modeling, compliance, test automation, and vulnerability technologies. You should be able to work with variety of operating systems, cloud containers, programming tools, encryption, and security controls for IaaS, PaaS, and Severless systems.

In this role, you are responsible for partnering and providing security advisory services to product managers and Senior Management to ensure that applications that we develop are secure and meet the healthcare objectives while remaining in compliance with the healthcare policies, procedures, and all related laws, rules and regulations.

GE HealthCare is a leading global medical technology and digital solutions innovator. Our purpose is to create a world where healthcare has no limits. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.

Job Description

Roles and Responsibilities

In this role, you will:

• Design, develop and maintain the Security posture of the enterprise level application/s

• Work with various development process tools including threat modeling, compliance, test automation, and vulnerability technologies

• Responsible for partnering and providing security advisory services to product managers and Senior Management to ensure that applications that we develop are secure and meet the healthcare objectives

• Provide technical and process expertise for Privacy & Security throughout activity life cycle.

• Conduct or support conduct of, security risk assessments, risk gap analyses and remediation plan development

• Security Compliance maintenance and assurance

• Promote design-in of security to products, platforms, services and processes

• Manage the security vulnerabilities and risks across different applications including identifying, supporting application/system owners to manage risks and remediate vulnerabilities

• Perform technical (evaluation of technology) and non-technical (evaluation of people and operations) risk and vulnerability assessments of relevant technology focus areas (i.e., local computing environment, network and infrastructure, enclave boundary, and supporting infrastructure) and facilitate vulnerability mitigation

• Develop and support conduct of training and awareness initiatives in the areas of privacy and security

• Preparation of business cases for the implementation of control and compliance programs

• Support formulation of data security / privacy related proposal text and RFP response

• Managing adaptation and implementation of security and privacy programs in a complex, technology-oriented organization

• Identify business needs and/or customer sensitivities in the realms of security, risk, and compliance and develop solutions or services around those needs

• Coach and mentor engineering / DevOps teams to evaluate security tools, develop proof-of-concepts, and integrate tools into the DevOps pipeline

• Coach and mentor secure design, coding and testing initiatives

• Manages the design, development, implementation, and operations of all security technologies for business unit's information security functions

• Responsible for interpreting privacy and security regulatory guidelines from different countries and guiding the organization on implementation for meeting

• Communicate in a concise and effective manner changes to be implemented to the organization

• Create / Review documentation for conformance to a set of privacy and security requirements

Qualification & Experience:

• Bachelor's Degree in Computer Science or “STEM” Majors (Science, Technology, Engineering and Math)

• 12+ years of development and security experience which includes application security, mobile security, network security, OS security, Cloud Security, IoT Security

Desired Skills:

• Product/Information security experience in all phases of service/product development and deployment including architecture, design, development, testing and deployment.

• Experience in designing security solutions and threat modeling

• Experience in Security tooling and ideation of tools which eases Pen Test/Product Security needs

• Hands-on experience in review of Static Code Analysis reports and ability to discuss with development teams for true positives.

• Hands-on experience in review of Software Component Analysis reports and ability to discuss with development teams for true positives.

• Sound understanding of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA).

• Experience and knowledge of penetration testing methodologies and tools.

• Conducting information security analyses, audits, and reviews

• Experience in Automation of pen test scenarios using Python or any other languages.

• Willingness to learn new technologies and work on security for varied products.

• Experience with Mitre and NIST Frameworks

• Solid security expertise in Containers, Kubernetes, Cloud Native Solutions and should be able to guide team in security solutioning and Pen Testing

• Should have experience in transforming DevOps to DevSecOps with exposure to tools, processes, governance

• Should guide junior members in team in Pen Testing, Vulnerability Assessment, Tooling, Security Solutioning

• Mandatory to have atleast one security certifications like OSCP/CCSP/CISSP

• Experience of Information security assessment in healthcare sector/ IoT / Embedded Security

• Experience with NIST 800-53, CIS/STIG OS and container benchmarks

• Ideal candidate would have worked on the software development initially and then graduated in to either -Software/Lead/security assessments ensuring security in the product design

• Knowledge of information system architecture and security controls (e.g., firewall and border router configurations, wireless architectures, specialized appliances)

• Sound implementation Knowledge of Cryptography, various Encryption Algorithms, Public key Infrastructure (PKI) and Certificate Authority (CA), OAUTH authentication, 2FA

Inclusion and Diversity

GE Healthcare is an Equal Opportunity Employer where inclusion matters. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership – always with unyielding integrity.

Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support

#LI-RS1

#Hybrid

Additional Information

Relocation Assistance Provided: Yes