Job Description Summary

As a Product Security Analyst you will be collaborating with development teams to complete security testing and tool development for our GEHC products. You will be responsible for Performing VAPT for thick and thin clients webservices embedded devices and cloud. Conducting Compliance/Benchmark assessments using DISA Stigs/CIS Benchmarks .Review Test and Suggest best practices for Cryptography PKI (web and nonweb perspective). Conducting Source code review and discuss with development teams in mitigating the issues and eliminating false positives.

GE Healthcare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition turn ideas into worldchanging realities and join an organization where every voice makes a difference and every difference builds a healthier world.

Job Description

Roles and Responsibilities

You are a skilled Analyst who enjoys security work and is an expert in systems security product / OT security and application security.

In this role you will:

Work with product managers independent researchers and inhouse researchers to identify rate report and manage product vulnerabilities and incidents.
Be responsible for providing technical leadership and defining developing and evolving security within software in a fastpaced and agile development environment using the latest secure software development technologies and infrastructure.
Work with Cyber Security Leaders and SMEs to understand product requirements
Translate security requirements / vision into a prioritized list of user stories completing work according to required timelines and quality standards
Assist security champions in completing Threat Modeling and Architecture Risk Analysis on product features
Perform Security Code Reviews Vulnerability Analysis and research on application code
Coach and mentor developers to implement cryptography solutions securely (PKI Code Signing Stored Secrets et cetera)
Engage subject matter experts in successful transfer of complex domain knowledge
Apply principles of Secure SDLC and methodologies like Lean/Agile/XP CI Software and Product Security
Provide guidance and advice on writing secure code that meets standards and delivers desired functionality using the technology selected for the project
Understand application security methodologies and frameworks
Leverage GE Digitals tailored Secure SDL practice into specific engineering engagements
Research new application security technologies and implement them to improve application security.
Maintaining a backlog of securityrelated tools that will improve the maintainability and security of our code and the pace of development
Promote best practices based on OWASP SANS Top 25 and the GE Digital SDL.

Write fuzz scenarios to see the break network protocol suites such as TCP/IP IPv6 UDP TLS DTLS

Ability to automate attack scenarios to avoid repetitive work.

Good to have experience in Bluetooth/Wifi or any radio based attacks.

Good to have experience in Rest API security testing and recommending best practices while opting for OAuth or OpenId connect

Having experience working on IoT platform will be beneficial.

Required Skills

Professional expertise with Kali Linux Metasploit Meterpreter.

Handson experience in Windows/Linux and network security.

Execute Scans using tools such as Nessus Burp Fortify/Coverity Splunk etc.

Education Qualification

Bachelors Degree in Computer Science or STEM Majors (Science Technology Engineering and Math) with a minimum of 3 years of experience in systems security product / OT security and application security.

Desired Characteristics

Certifications OSCP CCSP.

Languages C/C/Java/Python/Ruby

Proven experience in breaking the vulnerable boxes.

Adaptable to learn new skills or technologies as per business needs.

Detailed working knowledge of two modern programming languages such as java python or ruby
Good written and oral communication skills and successful security consulting background.
At least 2 years of security consulting involvement with development team(s) that delivered softwarebased services
Experience in developing secure applications
A high energy and a resultoriented attitude/approach with an understanding of release timelines and the need to enable development teams not slow them down
Experience with Security Development Lifecycle processes such as Threat Modeling desired
Contribute to and lead discussions and communications within the team and outside including customers and other business units
Excellent knowledge of Object Oriented Analysis and Design Software Design Patterns and coding principles
Handson Experience with developing clouddeployed applications that utilize oath 2
Handson experience with developing RESTful web services
Mobile Architecture experience designing developing and integrating solutions.
Experience with penetration testing tools ability to replicate security defects uncovered by groups such as GEs red team
Good understanding of security tools and technologies to facilitate secure development

Inclusion and Diversity

GE Healthcare is an Equal Opportunity Employer where inclusion matters. Employment decisions are made without regard to race color religion national or ethnic origin sex sexual orientation gender identity or expression age disability protected veteran status or other characteristics protected by law.

We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus and drive ownership always with unyielding integrity.

Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into worldchanging realities. Our salary and benefits are everything youd expect from an organization with global strength and scale and youll be surrounded by career opportunities in a culture that fosters care collaboration and support.

#LIAM11

#Hybrid

Additional Information