Staff Product Security Engineer

Job Description

SummaryAs a Staff Product Security Engineer within PCS Service Technology Team, you will be the cybersecurity focal point for secure product development and maintenance of released products.We are looking for a person with strong technical acumen in Cyber security, preferably a person who has knowledge/expertise in device security, traditional hospital on-premises architectures, and Cloud. You will provide leadership on Cyber security by working with the product teams and the Global teams and help define the cybersecurity strategy for PCS Service Technology solutions/products.GE Healthcare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.Roles and Responsibilities:

1. Provide privacy and security technical expertise in support of the product team throughout product development, design change, and life-cycle management.
2. Work with the Product Security Leader (PSL) to support the product team with process expertise for the GE HealthCare-GEHC Product Cybersecurity Standard and life-cycle management.
3. Product cybersecurity development responsibilities:
   • Assess the privacy and cybersecurity state of the product and define product roadmap features/enhancements with stakeholder approval.
   • Responsible for security architecture and coordination of product development for cybersecurity features and enhancements.
   • Assess product components and SBoM integrated into the product.
   • Perform defect management for cybersecurity issues.
   • Identify operational responsibilities and adherence to cloud standards for cloud-based products.
   • Responsible for Product and Security Manual and MDS2 documentation.
4. In coordination with the PSL, own and deliver GEHC Product Cybersecurity Standard artifacts, which includes:
   • Design input activities to identify, evaluate, roadmap, and drive cybersecurity and privacy features and enhancements within product development programs.
   • Create Design Engineering Privacy and Security (DEPS) artifacts for privacy and security risk assessments to engage in domain-specific product threat modeling, attack surface analysis, risk management, and reduction.
   • Coordinate with the PSL to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments.
   • Lead product Security Technical Design Reviews.
   • Along with the product Lead System Designer (LSD), responsible for the GEHC Product Cybersecurity Standard compliance and other pertinent standards and processes.
5. Stay current on healthcare privacy trends and regulatory environment (i.e. FDA, HIPAA, GDPR, etc.) to effectively communicate privacy awareness with the product team.
6. Work with the GEHC Product Security team and QARA on released product life-cycle, including:
   • Participate in post-market product vulnerability monitoring.
   • Participate as a Subject Matter Expert to determine product vulnerability impact, investigation, and risk assessment.
   • Responsible for product vulnerability mitigation and design change.
   • Responsible for GEHC vulnerability tool update to ensure accurate customer communication.
7. Address customer and Sales RFP privacy and security feedback/questions.
8. Provide technical expertise on customer concerns, complaints, and CSO escalations.
9. Create/Maintain responsible product records within GEHC product cybersecurity tools.
10. Active involvement in DoD RMF submission process and maintenance.

Required Qualifications:

• Bachelors degree in engineering.
• 8 years of development and security experience which includes application security, mobile security, network security, OS security, and Cloud Security.
• Product/Information security experience in all phases of service/product development and deployment including architecture, design, development, testing, and deployment.
• Experience in designing security solutions.
• Hands-on experience in execution and review of Static & Dynamic Code Analysis reports and ability to discuss with development teams for true positives.
• Strong knowledge of secure software development lifecycle and practices such as threat modelling, security reviews, penetration tests, and security incident response.
• Experience and knowledge of penetration testing methodologies and tools.
• Conducting information security analyses, audits, and reviews.
• Willingness to learn new technologies and work on security for varied products.
• Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among project stakeholders.
• Sound security engineering knowledge (technical) to work collaboratively with the Tech Leads and software/products architects to ensure secure products.
• Knowledge of information system architecture and security controls (e.g., firewall, specialized appliances).
• Sound understanding of Cryptography, various Encryption Algorithms, Public Key Infrastructure (PKI) and Certificate Authority (CA), OAUTH authentication, 2FA.

Desired Characteristics:

• Good understanding of AWS services.
• Experience in Rest API, Kubernetes, and container security assessments.
• AWS Solution Architect Associate certification.
• Experience of Information security assessment in the healthcare sector.
• Exposure to privacy requirements.
• Understanding of security by design principles and architecture-level security concepts.
• Up-to-date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities.
• Ability to relate cyber security incidents from cross-industries.
• Good to have security certifications like OSCP/CCSP/CISSP.

#LI-Hybrid#LI-MP2#EveryRoleIsVitalAdditional InformationRelocation Assistance Provided: YesLocations: Bengaluru, Karnataka, India, 560066

Keyskills :
cybersecurity expertise secure product development security architecture design vulnerability management compliance standards knowledgecloud security cryptography application security cissp mobile security penetration testing cyber security