Staff Product Security Analyst (Hybrid)

GE Healthcare - Milwaukee, WI

posted 2 months ago

Full-time - Mid Level
Milwaukee, WI
Chemical Manufacturing

About the position

Join a dynamic team that's transforming how Patient Monitoring at GE HealthCare is architected and delivered to our customers. As a Staff Product Security Analyst, you'll be working on a new state-of-the-art solution that provides clinical intelligence at the point of need for caregivers. This position focuses on defining cyber security and privacy requirements and analyzing security vulnerabilities of a new system. It requires a deep understanding of system design and strong analysis and problem-solving skills. You will be an integral part of the Monitoring Transformation at GE HealthCare, contributing to the security and integrity of our products and services. In this role, you will collaborate with product managers, independent researchers, and in-house researchers to identify, rate, report, and manage product vulnerabilities and incidents. You will utilize threat modeling tools to identify security concerns within systems and develop methods to implement security controls based on the system threat model. Additionally, you will consult with developers on security requirements and ensure that issues identified are appropriately prioritized and addressed in future product releases. Your responsibilities will also include evaluating and recommending new and emerging security products and technologies, scoping and participating in hardware and software penetration tests, and engaging in incident response methods. You will create and track meaningful metrics around product cyber risk and compensating controls, as well as maintain Software Bill of Materials (SBOMs) and conduct proactive vulnerability monitoring and assessment on cyber components. Reporting at appropriate levels of confidentiality for stakeholders will be essential, as will maintaining effective quality systems compliant with GE HealthCare Quality policies. You will also drive continuous improvement activities by implementing process and product quality improvement initiatives.

Responsibilities

  • Work with product managers, independent researchers, and in-house researchers to identify, rate, report and manage product vulnerabilities and incidents.
  • Use threat modeling tools to identify security concerns within systems.
  • Develop methods to implement security controls based on the system threat model.
  • Develop approaches to address the implementation of Identity and Access Management (IdAM) solutions as part of enterprise security services including mobile devices.
  • Consult with developers on security requirements and utilize common components to meet them.
  • Ensure that issues identified are appropriately prioritized and addressed in future product releases.
  • Have a complete understanding of the various interdependency and limitations as they refer to security controls within the system.
  • Evaluate and recommend new and emerging security products and technologies.
  • Scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment.
  • Engage in incident response methods lead incident response processes related to product cyber.
  • Create and track meaningful metrics around product cyber risk and compensating controls.
  • Create vulnerability and incident trend analysis to improve product design.
  • Maintain SBOMs and conduct proactive vulnerability monitoring and assessment on cyber components.
  • Prepare reports at appropriate levels of confidentiality for stakeholders to view.
  • Maintain effective quality systems compliant with GE HealthCare Quality policies.
  • Develop continuous improvement activities by driving the implementation of process and product quality improvement initiatives.

Requirements

  • Bachelor's degree in Computer Science, Electrical Engineering, Biomedical Engineering, System Engineering or closely related discipline.
  • Minimum of 6 years of engineering experience or equivalent in a related field.
  • Understanding system design concepts and subsystem interactions and interfaces.
  • Experience with networking, computers, and operating systems.
  • Effective oral and written communication skills.

Nice-to-haves

  • Master's degree in Computer Science, Electrical Engineering or other closely related fields.
  • Experience working with Linux OS, Windows OS, and VM environments.
  • Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance.
  • Program and Project Management experience; expertise with Agile development teams.
  • Experience with secure coding principles; code signing; secure boot.
  • Experience with penetration testing and ethical hacking.
  • Experience in Identity management and identity federation tools. (SAML, Oauth, SCIM, XACML).
  • Experienced in developing web services (SOAP/REST).
  • Knowledge of application risk identification and evaluation techniques.
  • Knowledge of Cyber Security and full knowledge of multiple related engineering functions.
  • Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment.
  • Demonstrated problem solving ability and results orientation.
  • Demonstrated technical leadership capability working on a product development team.
  • Experience working on medical device programs.
  • Self-starter, energizing, results oriented and able to multi-task.
  • Strong desire to drive change and improvements in processes and designs.
  • Excellent teamwork, coordination, and communication skills.

Benefits

  • Relocation Assistance Provided

Tools

Career Hubs

Guides

Company

© 2024 Teal Labs, Inc
Privacy PolicyTerms of Service