Principal Product Security Leader

About The Position

Requirements

• Bachelor's Degree in a relevant field (e.g. Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math)
• 7+ years full-time information security experience with emphasis on technical assessment (system/web application vulnerability assessment, penetration testing, white-box code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc.)

Nice To Haves

• 5+ years of experience with cybersecurity in product development
• Certification in cybersecurity (CISSP preferred)
• Healthcare domain and medical device experience
• Experience with embedded devices, enterprise solutions, and mobile app development
• Experience with many operating systems: Enterprise Linux, Embedded Linux, Windows, Windows Server, Windows Embedded. Real-time OS
• Experience with security configuration and communication of embedded devices
• Experience securing wireless communications: WiFi, WMTS, MBAN, Bluetooth
• Experience in a broad range of information security domains – security architecture, key and certificate management, security operations, fuzzing, penetration testing, SAAS/PAAS/IAAS/Cloud Security, Service-Oriented Architecture, Systems Management
• Experience with Security Development Lifecycle processes such as Threat Modeling
• Experience with a range of security tools: Nessus, Kali, Microsoft Threat Modeling Tool, etc.
• Experience with NIST 800-53 and/or ISO/IEC 27000 series of security standards
• Experience with OWASP, CVSS, FIPS 140-2 and 140-3, and DoD RMF
• Project and program management experience
• Organization and communication of complex information
• An understanding of information security risk management

Responsibilities

• Oversee security for GE HealthCare product, platforms, components, and cross-modality efforts.
• Act as a security technical lead for development programs
• Function as the main technical point of contact for product teams as relates to privacy and security, while also growing the security expertise of product teams
• Build awareness of the importance of security in product management and technical teams
• Conduct complete lifecycle security architecture and technical assessments for a wide range of products, including embedded devices, and enterprise software solutions
• Engage in application and domain-specific threat modeling and attack surface analysis and reduction
• Lead cross-functional projects and teams in establishing security development lifecycle practices within GE HealthCare products
• Assess and prioritize risk for legacy devices and communicate residual risk to business leaders
• Prepare reports at appropriate levels of confidentiality for stakeholders to view
• Support privacy and security incident response activities such as investigations, corrective actions, and preventive actions
• Work to understand customers privacy and security concerns and requirements
• Respond promptly and in detail to customer queries and customer-sponsored penetration tests
• Provide guidance on automated testing tools and techniques
• Perform technical security assessments across the GE HealthCare product portfolio
• Lead functional teams or projects with minimal resource requirements, risk, and/or complexity. Communicate difficult concepts and influence others' options on particular topics. Guide others to consider a different point of view.