Senior Product Security Architect
Senior Product Security Architect
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
$ 111200 - 185400
1 Vacancy
Job Description
Job Description Summary
GE Vernova is seeking a highly skilled and experienced Senior Cyber Security Architect to join the Product Security team focusing on the Wind portfolio of products. This role is responsible for conducting in-depth cyber security assessments of wind farm design and architecture at both the product and component levels. This include leading these assessments in accordance with GE Vernovas Secure Development Lifecycle (SDL) process aligned with IECand reviewing applicable requirements outlined in IECand IECstandards. The role involves collaboration with various subsystem teams to identify relevant products and execute these assessments.This position reports to Winds Product Security Leader who oversees Winds Product Security Team. The Product Security Team drives a product cyber security strategy aimed at meeting applicable standards and regulations while leading the industry towards more fundamentally secure wind farms.
Job Description
Essential Responsibilities
- Perform security assessments following the defined engineering processes to discovery design flaws vulnerabilities weaknesses and missing security controls and support the secure implementation of security features.
- Lead and conduct comprehensive cybersecurity assessments of wind turbine components SCADA systems Wind Farm software and digital service platforms in accordance with IECand IECstandards.
- Document security assessments with sufficient detail to underwrite the cyber security reviews.
- Represent the cyber security team in applicable design reviews and contribute for cyber security related milestones deliverables and/or tasks.
- Identify and document security vulnerabilities risks and non-conformities within products and systems.
- Develop recommendations for effective security controls and mitigation strategies to address identified risks.
- Collaborate closely with product development engineering and R&D teams to integrate security by design principles throughout the product lifecycle.
- Provide expert guidance on the interpretation and application of IEC 62443 series of standards (specifically IECand IEC) during the requirements definition and design phases.
- Perform threat modeling and risk assessments for new and existing products and features.
- Evaluate the security posture of industrial protocols commonly used in wind farms and other industrial control environments (e.g. Modbus TCP DNP3 OPC UA IEC 61850).
- Stay current with emerging product cyber security regulations standards threats vulnerabilities and technologies relevant to Wind and industrial control systems in general.
- Contribute to the development and improvement of internal product security processes and guidelines.
- Propose recommendation and facilitate discussion on high level wind-farm level security improvements that can be driven across subsystems.
- Work with product management and development teams to set the technical cyber security roadmap.
- Work with development teams to guide and ensure consistent adoption of the technologies including security solutions (e.g. Antivirus).
- Together with the product teams ensure the security features and architecture is aligned with the evolving cyber security regulations within the industry.
- Review customer facing documentation to align it with security best practices and the as-designed security requirements.
- Contribute to the development and improvement of internal product security processes and guidelines including hardening guides.
- Support incident response activities related to product security vulnerabilities.
Required Qualifications
- Bachelors Degree from an accredited university in Engineering Computer Science Cybersecurity Information Technology or related field. Alternative acceptable experience will be considered on a case-by-case basis.
- Minimum 8 years of experience in cybersecurity with at least 3 years focused on industrial control systems (ICS) operational technology (OT) or product security.
Desired Characteristics
- Demonstrable in-depth knowledge and practical experience with the IEC 62443 series of standards specifically:
- IEC(Technical security requirements for IACS components)
- IEC(Security risk assessment and system design)
- (Secure product development lifecycle requirements)
- Strong knowledge of cyber security best practices and frameworks (e.g. NIST CSF OWASP top 10).
- Strong understanding of industrial communication protocols used in power generation wind farms SCADA systems and other industrial environments (e.g. Modbus DNP3 OPC DA AE UA IEC 61850).
- Demonstrated experience with Microsoft Windows and/or Linux operating systems including access and identity management system hardening & device control and patch management.
- Demonstrated knowledge and understanding cybersecurity solutions (e.g. Firewalls antivirus security incident and event management systems intrusion detection systems intrusion prevention systems) including experience providing installation/configuration recommendations.
- Knowledge of logging best practices.
- Experience using cyber security vulnerability tools (e.g. Dynamic Application Security Testing (DAST) Static Application Security Testing (SAST) or other weakness / vulnerability scanning tools).
- Familiarity with Industrial Automation and Control Systems products and components including PLCs SCADA and DCS.
- Ability to work independently and collaboratively as necessary with a cross-functional team.
- Working knowledge of electrical power industry technology preferably Renewables or Wind.
- Strong oral and written communication skills. Demonstrated ability to analyze and resolve problems.
- Demonstrated ability to lead document plan market and execute security assessments. Established project management skills.
- Masters degree in a relevant field.
- Wind Turbine product knowledge and/or SCADA product/cyber security knowledge.
- Knowledge and understanding of network cyber security practices.
- Familiarity with containerization technologies (Docker Kubernetes) and associated security best practices.
- Cyber security certification (ex. GICSP CEH CCNA CISSP).
- Experience with cloud security principles and practices.
- Experience with secure coding practices in any language.
- Experience with penetration testing and vulnerability assessment tools for OT environments.
- Familiarity with functional safety standards (e.g. IEC 61508) as they intersect with cybersecurity.
The salary range for this position is $111200 - $185400 USD Annual. The specific salary offered to a candidate may be influenced by a variety of factors including the candidates experience their education and the work location. In addition this position is eligible for a performance bonus/variable incentive compensation. This posting is expected to close on August 15th or thereafter.
*The Company pays a geographic differential of 110% 120% or 130% of salary in certain areas.
Healthcare benefits include medical dental vision and prescription drug coverage; access to a Health Coach a 24/7 nurse-based resource; and access to the Employee Assistance Program providing 24/7 confidential assessment counseling and referral services. Retirement benefits include the GE Retirement Savings Plan a tax-advantaged 401(k) savings opportunity with company matching contributions and company retirement contributions as well as access to Fidelity resources and planning consultants. Other benefits include tuition assistance adoption assistance paid parental leave disability insurance life insurance and paid time-off for vacation or illness.
General Electric Company Ropcor Inc. their successors and in some cases their affiliates each sponsor certain employee benefit plans or programs (i.e. is a Sponsor). Each Sponsor reserves the right to terminate amend suspend replace or modify its benefit plans and programs at any time and for any reason in its sole discretion. No individual has a vested right to any benefit under a Sponsors welfare benefit plan or program. This document does not create a contract of employment with any individual.
GE Vernova offers a great work environment professional development challenging careers and competitive compensation. GE Vernova is anEqual Opportunity Employer. Employment decisions are made without regard to race color religion national or ethnic origin sex sexual orientation gender identity or expression age disability protected veteran status or other characteristics protected by law.
GE Vernova will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).
Relocation Assistance Provided: Yes
Required Experience:
Senior IC
Employment Type
Full-Time
