Apply on Employer Site

GE HealthCare · 2 weeks ago

Sr. Staff Product Security Engineer

Bellevue, WA

Full-time

Onsite

Senior Level, Lead/Staff

$156K/yr - $235K/yr

8+ years exp

GE HealthCare is focused on digital security, and they are seeking a Sr. Staff Product Security Engineer responsible for hunting, detecting, and responding to digital security threats. The role involves collaborating with product managers and developers to ensure the successful adoption of secure application development practices.

AppsHealth CareHealth DiagnosticsHome ImprovementHome RenovationInternetMedical

Growth Opportunities

No H1B

Responsibilities

Drive tailored SDL practice into specific engineering

Create and track meaningful metrics around product cyber risk and compensating controls

Consult, architect on security requirements and utilize best practices to meet them

Engage in application and domain-specific threat modeling and attack surface analysis/reduction

Working with all scrum teams for security-focused design

Identifying and ensuring resolution of possible technical implications of each release

Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development

Help prepare reports at appropriate levels of confidentiality for stakeholders to view

Responding promptly and in detail to customer-sponsored penetration tests

Promotes standards through workshops, knowledge shares, and code walk-throughs

Promotes best practices and design patterns

Provides guidance on automated testing tools and techniques

Qualification

Cyber security frameworkCI/CDAutomation toolsIdentity managementCloud security AWSCloud security AzureWeb services developmentApplication risk evaluationAgile project managementTechnical leadershipCollaboration skillsCommunication skills

Required

Bachelor's Degree in Computer Science or 'STEM' Majors (Science, Technology, Engineering and Math) with significant experience

For roles in USA: Bachelor's Degree in Computer Science or 'STEM' Majors (Science, Technology, Engineering and Math) with minimum years of experience 8 years

Must be available for on call for potential security response

Preferred

Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance

Program and Project Management experience; expertise with Agile development teams

Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)

Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)

Experienced in developing web services (SOAP/REST)

Knowledge of application risk identification and evaluation techniques

Knowledge of Cyber Security and full knowledge of multiple related engineering functions

Experience securing applications within cloud platforms such as AWS, Azure and alike

Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment

Benefits

Medical

Dental

Vision

Paid time off

A 401(k) plan with employee and company contribution opportunities

Life

Disability, and accident insurance

Tuition reimbursement

Company

GE HealthCare

Glassdoor4.2

GE Healthcare provides a wide range of medical technologies and services to healthcare providers and researchers. It is a sub-organization of General Electric.

Founded in 1892

Chicago, Illinois, USA

10001+ employees