Staff Product Security Analyst (Hybrid)

GE Healthcare - Milwaukee, WI

posted 2 months ago

Full-time - Mid Level
Milwaukee, WI
Chemical Manufacturing

About the position

Join a dynamic team that's transforming how Patient Monitoring at GE HealthCare is architected and delivered to our customers. As a Staff Product Security Analyst, you'll be working on a new state-of-the-art solution that provides clinical intelligence at the point of need for caregivers. This position requires a strong focus on defining cyber security and privacy requirements, as well as analyzing security vulnerabilities of a new system. A comprehensive understanding of system design is essential, along with strong analysis and problem-solving skills. You will be an integral part of the Monitoring Transformation at GE HealthCare, contributing to the development of innovative solutions that enhance patient care and safety. In this role, you will collaborate with product managers, independent researchers, and in-house researchers to identify, rate, report, and manage product vulnerabilities and incidents. You will utilize threat modeling tools to identify security concerns within systems and develop methods to implement security controls based on the system threat model. Additionally, you will be responsible for developing approaches to address the implementation of Identity and Access Management (IdAM) solutions as part of enterprise security services, including mobile devices. Your expertise will guide developers on security requirements and ensure that identified issues are prioritized and addressed in future product releases. You will also evaluate and recommend new and emerging security products and technologies, scope and participate in hardware and software penetration tests, and engage in incident response methods. Your role will involve creating and tracking meaningful metrics around product cyber risk and compensating controls, as well as preparing reports at appropriate levels of confidentiality for stakeholders. Maintaining effective quality systems compliant with GE HealthCare Quality policies and driving continuous improvement activities will also be key aspects of your responsibilities.

Responsibilities

  • Work with product managers, independent researchers, and in-house researchers to identify, rate, report and manage product vulnerabilities and incidents.
  • Use threat modeling tools to identify security concerns within systems.
  • Develop methods to implement security controls based on the system threat model.
  • Develop approaches to address the implementation of Identity and Access Management (IdAM) solutions as part of enterprise security services including mobile devices.
  • Consult with developers on security requirements and utilize common components to meet them.
  • Ensure that issues identified are appropriately prioritized and addressed in future product releases.
  • Have a complete understanding of the various interdependency and limitations as they refer to security controls within the system.
  • Evaluate and recommend new and emerging security products and technologies.
  • Scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment.
  • Engage in incident response methods lead incident response processes related to product cyber.
  • Create and track meaningful metrics around product cyber risk and compensating controls.
  • Create vulnerability and incident trend analysis to improve product design.
  • Maintain SBOMs and conduct proactive vulnerability monitoring and assessment on cyber components.
  • Prepare reports at appropriate levels of confidentiality for stakeholders to view.
  • Maintain effective quality systems compliant with GE HealthCare Quality policies.
  • Develop continuous improvement activities by driving the implementation of process and product quality improvement initiatives.

Requirements

  • Bachelor's degree in Computer Science, Electrical Engineering, Biomedical Engineering, System Engineering or closely related discipline.
  • Minimum of 6 years of engineering experience or equivalent in a related field.
  • Understanding system design concepts and subsystem interactions and interfaces.
  • Experience with networking, computers, and operating systems.
  • Effective oral and written communication skills.

Nice-to-haves

  • Master's degree in Computer Science, Electrical Engineering or other closely related fields.
  • Experience working with Linux OS, Windows OS, and VM environments.
  • Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance.
  • Program and Project Management experience; expertise with Agile development teams.
  • Experience with secure coding principles; code signing; secure boot.
  • Experience with penetration testing and ethical hacking.
  • Experience in Identity management and identity federation tools. (SAML, Oauth, SCIM, XACML).
  • Experienced in developing web services (SOAP/REST).
  • Knowledge of application risk identification and evaluation techniques.
  • Knowledge of Cyber Security and full knowledge of multiple related engineering functions.
  • Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment.
  • Demonstrated problem solving ability and results orientation.
  • Demonstrated technical leadership capability working on a product development team.
  • Experience working on medical device programs.

Benefits

  • Health insurance
  • Relocation assistance

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service