Location(s): United States; Michigan, Ohio, Virginia; Glen Allen, Detroit, Cincinnati
About Us: GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.
At GE Digital, we are creating technology and solutions to enable social, mobile, analytical and cloud capabilities for the Industrial Internet. The Industrial Internet is an open, global network that connects people, data and machines. It’s about making infrastructure more intelligent and advancing the industries critical to the world we live in. At GE, we believe it’s about the future of industry—energy, healthcare, transportation, manufacturing. It’s about making the world work better. GE is transforming itself to become the world's premier digital industrial company, executing critical outcomes for our customers. Explore how you can drive greater asset reliability, lower operating costs, reduce risk and accelerate operational performance with our Predix platform and software solutions. GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
Role Summary: We are looking for an Sr. Product Security Analyst, with a focus on software development and operational technology (OT) solutions. In this role you will partner across GE to drive improved Software/Systems Development Lifecycle capabilities. You will also engage with manufacturing experts to design, build, and measure success of security controls in OT environments like factories and labs.
Essential Responsibilities: You are a highly technical security professional who enjoys challenging problems and has a very strong background in systems security, application security, and operational technology. In this role, you will be building relationships and providing support to product security and manufacturing teams across all GE businesses.
Develop approaches to address the implementation of software and OT security solutions
Consult development teams on security requirements and utilize common components to meet them
Be able to scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment
Create and track meaningful metrics around product cyber risk and compensating controls
Create vulnerability and incident trend analysis to improve product design
Maintain cyber Bills of Material and conduct proactive vulnerability monitoring and assessment on cyber components
Engage and administer End Of Life processes for digital products
Engage in application and domain-specific threat modeling and attack surface analysis/reduction
Help prepare reports at appropriate levels of confidentiality for stakeholders to view
Provides guidance on automated testing tools and techniques
Maintain documentation of design patterns/recipes for common security requirements
Ensure that issues identified are appropriately prioritized and addressed in future product releases
Have a complete understanding of the various system interdependencies and limitations
Architect, design, implement, support, and evaluate security focused tools
Evaluate and recommend new and emerging security products and technologies
BS degree or higher in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math)
Minimum of 4 years IT experience, preferably within Software Security or OT/Product Security
Minimum of 2 years IT experience with operating in a secure SDLC
Must be willing to work from an office in Glen Allen, Detroit, Cincinnati, or another business hub location ,
Legal authorization to work in the U.S. is required.We will not sponsor individuals for employment visas, now or in the future, for this job.
Demonstrated understanding of technical and business strategy application to future architecture direction
Contribute to and lead discussions and communications within the team and outside, including customers and other business units
Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance
Program and Project Management experience; expertise with Agile development teams
Experience with secure coding principles; code signing; secure boot and knowledge of CI/CD and automation tools (Chef, Git, Jenkins)
Experience with penetration testing and ethical hacking
Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)
Knowledge of application risk identification and evaluation techniques
Knowledge of Cyber Security and full knowledge of multiple related engineering functions
Experience securing applications within cloud platforms such as AWS, Azure etc including microservices and serverless architectures
Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment
Locations: United States; Michigan, Ohio, Virginia; Glen Allen, Detroit, Cincinnati
We are in the process of transitioning to an improved job application system and in the interim we are operating with two systems. Have your Job ID ready (from the email you received when you applied) to log in and check your application status.
Click the appropriate button. If you don't know your job ID, you can still check your status: use both buttons.