United States onlyJob Description Summary
The Principal Product Security Leader helps to design and implement the next generation of secure healthcare devices and solutions. This includes providing product teams and owners with technical insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions.You will work with GE HealthCare product teams to implement secure design and build practices and create innovative technical solutions to privacy and security challenges. You will be a security evangelist providing thought leadership to the organization and helping to guide developers in secure coding practices. You will also assist in technical security assessments across all of GEHC. There is moderate autonomy within the role. High levels of operational judgment are required to achieve the outcomes required.
GE HealthCare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.
Job Description
Roles and Responsibilities
Oversee security for GE HealthCare product, platforms, components, and cross-modality efforts.
Act as a security technical lead for development programs
Function as the main technical point of contact for product teams as relates to privacy and security, while also growing the security expertise of product teams
Build awareness of the importance of security in product management and technical teams
Conduct complete lifecycle security architecture and technical assessments for a wide range of products, including embedded devices, and enterprise software solutions
Engage in application and domain-specific threat modeling and attack surface analysis and reduction
Lead cross-functional projects and teams in establishing security development lifecycle practices within GE HealthCare products
Assess and prioritize risk for legacy devices and communicate residual risk to business leaders
Prepare reports at appropriate levels of confidentiality for stakeholders to view
Support privacy and security incident response activities such as investigations, corrective actions, and preventive actions
Work to understand customers privacy and security concerns and requirements
Respond promptly and in detail to customer queries and customer-sponsored penetration tests
Provide guidance on automated testing tools and techniques
Perform technical security assessments across the GE HealthCare product portfolio
Lead functional teams or projects with minimal resource requirements, risk, and/or complexity. Communicate difficult concepts and influence others' options on particular topics. Guide others to consider a different point of view.
Qualifications
Bachelor's Degree in a relevant field (e.g. Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math)
7+ years full-time information security experience with emphasis on technical assessment (system/web application vulnerability assessment, penetration testing, white-box code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc.)
Desired Characteristics
5+ years of experience with cybersecurity in product development
Certification in cybersecurity (CISSP preferred)
Healthcare domain and medical device experience
Experience with embedded devices, enterprise solutions, and mobile app development
Experience with many operating systems: Enterprise Linux, Embedded Linux, Windows, Windows Server, Windows Embedded. Real-time OS
Experience with security configuration and communication of embedded devices
Experience securing wireless communications: WiFi, WMTS, MBAN, Bluetooth
Experience in a broad range of information security domains – security architecture, key and certificate management, security operations, fuzzing, penetration testing, SAAS/PAAS/IAAS/Cloud Security, Service-Oriented Architecture, Systems Management
Experience with Security Development Lifecycle processes such as Threat Modeling
Experience with a range of security tools: Nessus, Kali, Microsoft Threat Modeling Tool, etc.
Experience with NIST 800-53 and/or ISO/IEC 27000 series of security standards
Experience with OWASP, CVSS, FIPS 140-2 and 140-3, and DoD RMF
Project and program management experience
Organization and communication of complex information
An understanding of information security risk management
We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership –always with unyielding integrity.
Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration, and support.
For U.S. based positions only, the pay range for this position is $164,000.00-$246,000.00 Annual. It is not typical for an individual to be hired at or near the top of the pay range and compensation decisions are dependent on the facts and circumstances of each case. The specific compensation offered to a candidate may be influenced by a variety of factors including skills, qualifications, experience and location. In addition, this position may also be eligible to earn performance based incentive compensation, which may include cash bonus(es) and/or long term incentives (LTI). GE HealthCare offers a competitive benefits package, including not but limited to medical, dental, vision, paid time off, a 401(k) plan with employee and company contribution opportunities, life, disability, and accident insurance, and tuition reimbursement.Additional Information
GE HealthCare offers a great work environment, professional development, challenging careers, and competitive compensation. GE HealthCare is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
GE HealthCare will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).
While GE HealthCare does not currently require U.S. employees to be vaccinated against COVID-19, some GE HealthCare customers have vaccination mandates that may apply to certain GE HealthCare employees.
Relocation Assistance Provided: No
CA, GB + 1 more
AU, CA + 4 more
Hungary only