Location(s): United States; Michigan, Ohio, Virginia; Glen Allen, Cincinnati, Van Buren
About Us: GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.
At GE Digital, we are creating technology and solutions to enable social, mobile, analytical and cloud capabilities for the Industrial Internet. The Industrial Internet is an open, global network that connects people, data and machines. It’s about making infrastructure more intelligent and advancing the industries critical to the world we live in. At GE, we believe it’s about the future of industry—energy, healthcare, transportation, manufacturing. It’s about making the world work better. GE is transforming itself to become the world's premier digital industrial company, executing critical outcomes for our customers. Explore how you can drive greater asset reliability, lower operating costs, reduce risk and accelerate operational performance with our Predix platform and software solutions. GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
Role Summary: We are looking for a Staff Product Security Analyst to work with teams comprised of Software Engineers, Quality Engineers, User Interaction Design Engineers, Infrastructure/Platform team, and the Product Owners to identify inherent cyber security risks and to develop and track controls to reduce risk within GE’s products. This role will blend strong technical expertise and program management skills.
You are a skilled security Engineer who enjoys security work and collaborating with product managers and developers to drive the successful adoption of innovative methods in developing secure applications.
Responsible for serving as key technical subject matter expert on PSIRT to work with global development teams to understand risk associated with vulnerabilities and define remediation activities
Responsible for supporting the replication, organizing, tracking, and reporting of vulnerabilities and work with global development teams to identify and categorize threats and risk to their security posture
Must be available for on call for potential security response
Evaluate emerging technologies / tools to detect, mitigate, triage, and remediate product security defects
Responsible for development and review of comprehensive technical product write-ups in coordination with stakeholders
Interface with fellow team members, colleagues on the GE security teams, business partners, management, vendors, and external parties for best practice and integration purposes patch validation activities
Engage in application and domain-specific threat modeling and attack surface analysis/reduction
Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development
Promotes best practices and design patterns
Provides guidance on automated testing tools and techniques
Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math). In lieu of degree, 5 years experience in cyber security, cyber intelligence or relevant military experience is acceptable.
Minimum of 5 years Operational Technology (OT) experience or Cyber Security experience
Eligibility Requirements: (Country Specific)
Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job
Must be willing to travel up to 15%
Must be willing to work out of an office located in Cincinnati, Ohio or Glen Allen, Virginia
Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance
Program and Project Management experience; expertise with Agile development teams
Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)
Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)
Knowledge of application risk identification and evaluation techniques
Knowledge of Cyber Security and full knowledge of multiple related engineering functions
Experience securing applications within cloud platforms such as AWS, Azure and alike.
Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment
Locations: United States; Michigan, Ohio, Virginia; Glen Allen, Cincinnati, Van Buren
We are in the process of transitioning to an improved job application system and in the interim we are operating with two systems. Have your Job ID ready (from the email you received when you applied) to log in and check your application status.
Click the appropriate button. If you don't know your job ID, you can still check your status: use both buttons.