This job has closed.

GE HealthCare · 4 months ago

Staff Cyber Security Engineer

Waukesha

Full-time

Onsite

Senior Level, Lead/Staff

4+ years exp

GE HealthCare is a leading global medical technology and digital solutions innovator. This role focuses on vulnerability management and incident response, requiring collaboration with cross-functional teams to identify risks and track product vulnerabilities.

AppsHealth CareHealth DiagnosticsHome ImprovementHome RenovationInternetMedical

Growth Opportunities

No H1B

Responsibilities

Technical ownership of product security feature deliverables, with the ability to gather and analyze data, develop architectural requirements and lead implementation efforts

Work closely with cross-functional teams in requirements gathering and software design Roles and Responsibilities

Scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment

Engage in incident response methods, lead incident response processes related to product cyber

Create and track meaningful metrics around product cyber risk and compensating controls

Create vulnerability and incident trend analysis to improve product design

Maintain cyber Bills of Material and conduct proactive vulnerability monitoring and assessment on cyber components

Engage and administer End of Life processes for digital products

Consult architects on security requirements and utilize best practices to meet requirements

Engage in application and domain-specific threat modeling and attack surface analysis/reduction

Respond promptly and in detail to customer-sponsored penetration tests

Provide guidance on automated testing tools and techniques

Discover and mitigate vulnerabilities in sensitive Critical Infrastructure/ Key Resource Domains (CI/KR)

Develop and design innovative cyber security solutions for unique and complex technologies

Work in partnership with government agencies, leading industry experts, and academia

Leverage traditional and non-traditional research methodologies to advance GE HealthCare's overall Cybersecurity practice

Assess and investigate specific threats in terms of severity and impact

Create detailed reports on vulnerabilities, bugs, and design flaws

Create IPS/IDS rules or other mitigations to protect vulnerable systems

Interact with global teams to promote consistency and maximize synergies across common software platforms

Able to join the team and gain mastery of the Ultrasound domain and contribute towards the development Software Infrastructure

Drive world-class quality in the development and support of products

Apply principles of SDLC and methodologies like Lean/Agile/XP, CI, Software and Product Security, Scalability, Documentation Practices, refactoring and Testing Techniques

Understand performance parameters and assess application performance

Proactively share information across the team, to the right audience with the appropriate level of detail and timeliness

Design, develop, implement, test and deploy subsystem/security solutions and apply in-depth knowledge of product related technologies, technology platforms, architectures, engineering design principles and advancements

In collaboration with principal engineers/architects and execution leaders, assist in the analysis, design and development of the product roadmap

Manage design evolution across multi-generation product releases

Perform design and code reviews, and provide feedback on product security

Qualification

Cyber SecurityVulnerability ManagementIncident ResponseC/C++ ProgrammingConfiguration ManagementWindows APICI/CD AutomationPenetration TestingTCP/IP NetworkingAnalytical SkillsInterpersonal SkillsAttention to DetailAdaptability

Required

Bachelor's degree in computer science or “STEM” Majors (Science, Technology, Engineering and Math) with minimum of 4 years of professional experience including Cyber Security

Certification in the Privacy, Security & Regulatory domain or related certification

Experience in object-oriented design methodology and various programming languages such as C/C++. Hands-on experience in C++ on Windows a plus

Working knowledge in configuration management tools such as Perforce, GIT, ClearCase, etc

Experience working with Windows API and application programming

Experience in software platform, advanced applications, user-interface design and/or systems engineering especially in the healthcare domain –preferably Ultrasound

Good skills in knowing how to debug software issues

Experience with multicore and multi-threaded software design and computing environment

Experience driving technical design reviews

Strong interpersonal skills, including creativity and curiosity with ability to effectively communicate, and influence across all organizational levels

Proven analytical and problem resolution skills

Demonstrated ability to work with and/or lead blended teams, including global teams

Experience setting up and maintaining automation in CI/CD workflow pipelines a plus

Preferred

Familiarity with identifying, analyzing, and ethically exploiting the various classes of vulnerabilities that affect executable code

Strong knowledge of TCP/IP networking. Ability to use Wireshark to capture and analyze network traffic

Hands-on experience working with Windows and Linux based systems

Programming skills in one or more languages (we develop using Python, C, C++, CUDA, and others)

Ability to understand machine language, operating systems, common APIs, libraries, and runtime environments and how they interact with hardware, firmware, and binary code

Familiarity with digital electronics and microcontrollers. Exposure to SCADA/DCS systems or industrial technologies

Business Acumen: Able to translate vulnerability information into business risks relevant to our customers

Attention to detail with initiative to explore alternate technology and approaches to solving problems

Good understanding of workflow in the healthcare industry

Knowledge of ultrasound or demonstrated experience with development of medical device software

Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance

Experience with secure coding principles; code signing and secure boot

Experience with penetration testing and ethical hacking

Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)

Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)

Knowledge of application risk identification and evaluation techniques, and knowledge of Cyber Security and related engineering functions

Experience securing applications within cloud platforms such as AWS, Azure, etc

Must be willing to work onsite at least 3 days a week in Wauwatosa/Waukesha, Wisconsin

Self-starter, energizing, results oriented and able to multi-task; tenacious and organized

Ability to foresee obstacles, identify workarounds, leverage resources, rally teammates

Ability to influence and build consensus with other scrum teams and leadership

Demonstrates adaptability and openness to change, effectively navigating ambiguity and responding to evolving information, circumstances, and priorities

Exhibits clear and strategic thinking, translating complex strategies into actionable steps. Makes timely, informed decisions and communicates priorities with clarity and precision

Benefits

Great work environment

Professional development

Challenging careers

Competitive compensation

Company

GE HealthCare

Glassdoor4.2

GE Healthcare provides a wide range of medical technologies and services to healthcare providers and researchers. It is a sub-organization of General Electric.

Founded in 1892

Chicago, Illinois, USA

10001+ employees