Job Description Summary

Job Description

Job Description

Roles and Responsibilities:

1. Provide privacy and security technical expertise in support of the product team throughout product development design change and life- cycle management.

2. Work with the Product Security Leader (PSL) to support the product team with process expertise for the GE HealthCare-GEHC Product Cybersecurity Standard and life-cycle management.

3. Product cybersecurity development responsibilities:

Assess the privacy and cybersecurity state of the product and define product roadmap features/enhancements with stakeholder approval

Responsible for security architecture and coordination of product development for cybersecurity features and enhancements

Own/create Threat models Security Risk Assessment Privacy Impact Assessment and other required Product Security / DEPS deliverables for PCS Service Technology products/platforms

Assess product components and SBoM integrated into the product

Perform defect management for cybersecurity issues

Identify operational responsibilities and adherence to cloud standards for cloud- based products

Responsible for Product and Security Manual and MDS2 documentation

4. In coordination with the PSL own and deliver GEHC Product Cybersecurity Standard artifacts which includes:

Design input activities to identify evaluate roadmap and drive cybersecurity and privacy features and enhancements within product development programs

Create Design Engineering Privacy and Security (DEPS) artifacts for privacy and security risk assessments to engage in domain-specific product threat modeling attack surface analysis risk management and reduction

Coordinates with the PSL to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments

Lead product Security Technical Design Reviews

Along with the product Lead System Designer (LSD) responsible for the GEHC Product Cybersecurity Standard compliance and other pertinent standards and process.

5. Stay current on healthcare privacy trends and regulatory environment (i.e. FDA HIPAA GDPR etc.) to effectively communicate privacy awareness with the product team.

6. Work with the GEHC Product Security team and QARA on released product life-cycle including:

Participate in post-market product vulnerability monitoring

Participate as a Subject Matter Expert to determine product vulnerability impact investigation and risk assessment.

Responsible for product vulnerability mitigation and design change.

Responsible for GEHC vulnerability tool update to ensure accurate customer communication.

7. Address customer and Sales RFP privacy and security feedback/questions.

8. Provide technical expertise on customer concerns complaints and CSO escalations.

9. Create/Maintain responsible product records within GEHC product cybersecurity tools.

10. Active involvement in DoD RMF submission process and maintenance.

Required Qualifications:

Bachelors degree in engineering

8 years of development and security experience which includes application security mobile security network security OS security and Cloud Security.

Product/Information security experience in all phases of service/product development and deployment including architecture design development testing and deployment.

Experience in designing security solutions.

Hands-on experience in execution and review of Static & Dynamic Code Analysis reports and ability to discuss with development teams for true positives.

Strong knowledge of secure software development lifecycle and practices such as threat modelling security reviews penetration tests and security incident response

Experience and knowledge of penetration testing methodologies and tools.

Conducting information security analyses audits and reviews

Willingness to learn new technologies and work on security for varied products.

Strong interpersonal skills with the ability to facilitate diverse groups help negotiate priorities and resolve conflicts among project stakeholders

Sound security engineering knowledge (technical) so as to work collaboratively with the Tech Leads and software/products architects to ensure secure products.

Knowledge of information system architecture and security controls (e.g. firewall specialized appliances)

Sound understanding of Cryptography various Encryption Algorithms Code Signing Public key Infrastructure (PKI) and Certificate Authority (CA) OAUTH authentication 2FA

Desired Characteristics:

Hands on Experience with AWS services; AWS Solution Architect Associate certification.

Experience in Rest API Kubernetes and container security assessments

Experience of Information security assessment in healthcare sector.

Exposure to privacy requirements

Understanding of security by design principles and architecture level security concepts

Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities

Ability to relate cyber security incidents from cross-industries.

Good to have security certifications like OSCP/CCSP/CISSP

Additional Information