About Us: GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.
Role Summary: We are looking for an Sr. Product Security Analyst, with a focus on software development and operational technology (OT) solutions. In this role, you will partner across GE to drive improved Software/Systems Development Lifecycle capabilities. You will also engage with manufacturing experts to design, build, and measure success of security controls in OT environments like factories and labs.
Essential Responsibilities: You are a highly technical security professional who enjoys challenging problems and has a very strong background in systems security, application security, and operational technology. In this role, you will be building relationships and providing support to product security and manufacturing teams across all GE businesses. • Enable & support JFWTC IT Security leader on building infrastructure & capabilities for the Product Cyber security lab.
• Support JFWTC IT Security Leader & GRC PSL on all Product Cyber security requirements of 11 businesses located at JFWTC. Scope of work includes businesses of GRC, Aviation, Transportation, Oil & Gas, Power, Digital, Intelligent Platforms, Renewable Energy, Energy Connections, Corporate & Wipro GE Healthcare.
• Provide subject matter expertise for security testing, security architecture review – knowledge of available testing tools, architecture references.
• Execute Product cyber security projects at JFWTC based on global requirement from business PSLs.
• Enable regional / Global teams on OT / lab specific initiatives.
• Driving execution against the GE Product Security Policy and Implementation.
• Support GRC PSL & IT Security Leader on piloting new products like Edge to cloud & promote GE offerings of Predix, Wurldtech, MFA, SAST, DAST etc.
• Secure Development Lifecycle (Educating staff at JFWTC, defining scope of SDLC for projects across the businesses, helping to walk each project through its SDLC requirements following scope, providing cost estimates for SDLC work, alignment with GRC PSL).
• Be able to scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment.
• Engage in application and domain-specific threat modeling and attack surface analysis/reduction.
Qualifications/Requirements: BS degree or higher in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) Degree requirements may be replaced with significant professional experience Minimum of 5 years IT experience, preferably within Software Security or OT/Product Security Minimum of 3 years IT experience with operating in a secure SDLC #DTR
Desired Characteristics: • Demonstrated understanding of technical and business strategy application to future architecture direction • Contribute to and lead discussions and communications within the team and outside, including customers and other business units • Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance • Program and Project Management experience; expertise with Agile development teams • Experience with secure coding principles; code signing; secure boot and knowledge of CI/CD and automation tools (Chef, Git, Jenkins) • Experience with SDLC, Secure code review & penetration testing • Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML) • Knowledge of application risk identification and evaluation techniques • Knowledge of Cyber Security and full knowledge of multiple related engineering functions • Experience securing applications within cloud platforms such as AWS, Azure etc including microservices and server less architectures • Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment
We are in the process of transitioning to an improved job application system and in the interim we are operating with two systems. Have your Job ID ready (from the email you received when you applied) to log in and check your application status.
Click the appropriate button. If you don't know your job ID, you can still check your status: use both buttons.