Job Description Summary

As a Staff Product Security Analyst you will be part of the GE HealthCare DCAR team with the vision of building and sustaining product competencies and customer orientation to provide timely patient care. We are looking for a person with strong technical acumen in Privacy and Cyber Security. The individual should have strong understanding of Security frameworks such as NIST 80053 NIST CSF ISO27001 and associated controls. He/she will provide Leadership on Cyber security by working both with the product teams and the Global teams and helps to address Cyber Security Problems. The individual will work with the Engineering teams to implement the security controls to safeguard GE HealthCare products.

Job Description

Roles and Responsibilities

• Own development of cyber security artifacts including threat model and lead discussion on identifying mitigations.
• Assist the Engineering teams in triaging and identification of fix for detected product vulnerabilities.
• Interact with internal / external teams to coordinate security and privacy assessments which includes VAPT to determine compliance and security posture.
• Regularly monitor the cyber security vulnerabilities in the 3rd part libraries used in the product and ensure those vulnerabilities are addressed in a timely manner
• Respond to Cyber Security Inquiries for GE HealthCare and OEM Products
• Respond to customer complaints related to Cyber Security issues in the products
• Document security artifacts based on GE HealthCare Quality System
• Assess the security for software/Product architecture guide the product architects to ensure security is built into at the design level itself.
• Verify that security and privacy requirements defined in the security plans policies and procedures are followed and protection measures are functioning as intended.
• Assist business units in the development and implementation of product security and Privacy practices including policies standards guidelines and procedures.
• Assess SAST and DAST reports analyse the findings and work with development teams to fix the findings
• Security Point of Contact for development teams to ensure GEHC SDLC principles are adhered

Desired Experience

• Bachelors degree in engineering
• Should have 7 years of development and security experience which includes application security mobile security network security OS security and Cloud Security.
• Product/Information security experience in all phases of service/product development and deployment including architecture design development testing and deployment.
• Good understanding of AWS services specifically related to security.
• Experience in designing security solutions.
• Strong knowledge of Microsoft STRIDE Threat Model tool and framework
• Handson experience in execution and review of Static & Dynamic Code Analysis reports and ability to discuss with development teams for true positives.
• Experience and knowledge of penetration testing methodologies and tools.
• Knowledge of information system architecture and security controls (e.g. firewall specialized appliances)
• Sound understanding of Cryptography various Encryption Algorithms Public key Infrastructure (PKI) and Certificate Authority (CA) OAUTH authentication 2FA
• Willingness to learn new technologies and work on security for varied products.
• Understanding of NIST 80053 NIST CSF ISO27001 standards

Preferred Skills

• Exposure to privacy requirements HIPAA GDPR DPDP Act
• Excellent Cyber Security capabilities
• Strong knowledge of secure software development lifecycle and practices such as threat modelling security reviews penetration tests and security incident response
• Understanding of security by design principles and architecture level security concepts
• Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
• Ability to relate cyber security incidents from crossindustries.
• Good to have security certifications like CompTIA Security CEH

Inclusion and Diversity :

GE Healthcare is an Equal Opportunity Employer where inclusion matters. Employment decisions are made without regard to race color religion national or ethnic origin sex sexual orientation gender identity or expression age disability protected veteran status or other characteristics protected by law. We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus and drive ownership always with unyielding integrity. Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into worldchanging realities. Our salary and benefits are everything youd expect from an organization with global strength and scale and youll be surrounded by career opportunities in a culture that fosters care collaboration and support. #L1Hybrid

Additional Information