Business Segment: Digital Predix Products & Technology
Location(s): Russian Federation; Moscow
About Us: GE (NYSE: GE) is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. GE is organized around a global exchange of knowledge, the "GE Store," through which each business shares and accesses the same technology, markets, structure and intellect. Each invention further fuels innovation and application across our industrial sectors. With people, services, technology and scale, GE delivers better outcomes for customers by speaking the language of industry. www.ge.com
Business Overview: GE Digital is the team behind Predix, the world's first cloud-based industrial operating system, empowering millions of businesses to run smarter and improve people's lives. We build the software that transforms the way people connect with their data, devices and machines. www.ge.com/digital/
Predix is a GE’s cloud platform for the Industrial Internet. It is a Platform-as-a-Service (PaaS) for developing, deploying, and monetizing Industrial Internet applications. Predix powers advanced industrial applications for power generation and distribution, oil and gas, mining, healthcare, manufacturing, transportation, aviation, intelligent infrastructure, and more. www.predix.io
Role Summary: The Principal Product Security Leader will own project management, design, delivery, and drive implementation of security and compliance controls for securing GE Digital (Predix) initiatives. Specifically, this role will involve the development and implementation of a comprehensive roadmap of the security and compliance controls for enterprise software solutions essential to external customers on Predix.
Essential Responsibilities: In this role, you will:
• Lead and execute delivery and implementation of key security & compliance controls for securing Predix initiatives according to both GE Digital standards and Russian legislation requirements • Work in partnership with the Predix development squads to ensure that cyber security is embedded in the software development process • Drive tailored SDL practice into specific engineering • Consult architect on security requirements and utilize best practices to meet them • Engage in application and domain-specific threat modeling and attack surface analysis/reduction • Working with all scrum teams for security-focused design • Identifying and ensuring resolution of possible technical implications of each release • Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development • Help prepare reports at appropriate levels of confidentiality for stakeholders to view • Responding to customer-facing departments about Predix security posture • Responding promptly and in detail to customer-sponsored penetration tests • Promotes standards through workshops, knowledge shares, and code walk-throughs • Promotes best practices and design patterns • Provides guidance on automated testing tools and techniques • Securely on-board external developer applications and third party services as part of the overall Predix ecosystem
Qualifications/Requirements: • Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) and/or a minimum of 4 years of equivalent experience • A minimum of 4 years of experience in security development life cycle • At least 4 years of experience involvement with development team(s) that delivered software based services • Fluent in both Russian and English languages
Technical Expertise: • Object Oriented Design and principles • Ability to write high quality code • Knowledge of CI/CD and automation tools (Chef, Git, Jenkins) • Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML) • Experienced in developing web services (SOAP/REST) • Experience securing applications within cloud platforms such as AWS, Azure and alike. • Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment
Desired Characteristics: • 2+ of project management experience in developing RESTful micro-service based applications; PMP certified (preferred) • 3+ years of hands-on experience with Agile (Scrum or XP) and test & behavior driven development, continuous integration and version control (GitHub); Certified Agile scrum master preferred • Understanding of requirements management and user story development (Rally or similar tool) • Working knowledge of security services including PKI, TLS, authentication services, fine grained access control, and network security services • Knowledge of application risk identification and evaluation techniques • Evaluate different products in security space and recommend and implement most optimal solutions • Hands-on experience with analyzing threat reports, vulnerability reports and drive towards implementing them • Experience with secure architectures, identity and access management principles, application security, encryption technologies, DNS, SOA, database and web applications
Successful candidates will be employed under local employment conditions and must already satisfy local employment/work permit and residency regulations.
We are in the process of transitioning to an improved job application system and in the interim we are operating with two systems. Have your Job ID ready (from the email you received when you applied) to log in and check your application status.
Click the appropriate button. If you don't know your job ID, you can still check your status: use both buttons.