Business Segment: Digital Predix Products & Technology
Location(s): United States; California; San Ramon
About Us: GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry. GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
Role Summary: We are looking for a smart, security-minded, enthusiastic and friendly cyber security engineer with consulting skills who can work collaboratively with development teams to complete design and SDL work for customer-facing GE Digital products. The particular focus of this role will be APM and Predix product features. The match for this role is a software security expert who provides thought leadership in building industrial class security solutions.
Essential Responsibilities: You are a skilled Analyst who enjoys security work and is an expert in systems security, product / OT security and application security. In this role, you will be working with product managers, independent researchers, and in-house researchers to identify, rate, report and manage product vulnerabilities and incidents.
In this role, you will:
Be responsible for providing technical leadership and defining, developing, and evolving security within software in a fast-paced and agile development environment using the latest secure software development technologies and infrastructure.
Shape and directly contribute to the development of static code analysis security checkers integrated with SonarQube. Java programming experience required.
Translate security requirements / vision into a prioritized list of user stories, completing work according to required timelines and quality standards
Assist security champions in completing Threat Modeling and Architecture Risk Analysis on product features
Perform Security Code Reviews, Vulnerability Analysis and research on application code
Coach and mentor developers to implement cryptography solutions securely (PKI, Code Signing, Stored Secrets, et cetera)
Engage subject matter experts in successful transfer of complex domain knowledge
Apply principles of Secure SDLC and methodologies like Lean/Agile/XP, CI, Software and Product Security
Provide guidance and advice on writing secure code that meets standards and delivers desired functionality, using the technology selected for the project
Understand application security methodologies and frameworks
Leverage GE Digital’s tailored Secure SDL practice into specific engineering engagements
Research new application security technologies and implement them to improve application security.
Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development
Promote best practices based on OWASP, SANS Top 25, and the GE Digital SDL.
BS degree or higher in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math)
A minimum of 2 years of relevant experience
Legal authorization to work in the U.S. is required. GE may agree to sponsor an individual for an employment visa now or in the future if there is a shortage of individuals with particular skills.
Must be willing to travel (10%)
Must be willing to work out of an office located in San Ramon, CA
Detailed working knowledge of two modern programming languages, including java.
Strong written and oral communication skills and successful security consulting background.
At least 2 years of security consulting involvement with development team(s) that delivered software-based services
Experience in developing secure applications
A high energy and a result-oriented attitude/approach, with an understanding of release timelines and the need to enable development teams, not slow them down
Experience with Security Development Lifecycle processes such as Threat Modeling desired
Contribute to and lead discussions and communications within the team and outside, including customers and other business units
Strong knowledge of Object Oriented Analysis and Design, Software Design Patterns and coding principles
Hands-on Experience with developing cloud-deployed applications that utilize oath 2
Hands-on experience with developing RESTful web services
Mobile Architecture experience, designing, developing, and integrating solutions.
Experience with penetration testing tools, ability to replicate security defects uncovered by groups such as GE’s red team
Good understanding of security tools and technologies to facilitate secure development #DTR
We are in the process of transitioning to an improved job application system and in the interim we are operating with two systems. Have your Job ID ready (from the email you received when you applied) to log in and check your application status.
Click the appropriate button. If you don't know your job ID, you can still check your status: use both buttons.