General Electric Sr Cyber Security Engineer - Product Security in San Francisco, California

About Us:

GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.

GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer at http://www.ge.com/sites/default/files/15-000845%20EEO%20combined.pdf . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

Role Summary:

We are looking for a Sr Cyber Security Engineer - Product Security to work with teams comprised of Software Engineers, Quality Engineers, User Interaction Design Engineers, Infrastructure/Platform team, and the Product Owners to help lead the technical insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions.

Essential Responsibilities:

You will be a security evangelist providing thought leadership & helping guide developers in secure coding principles and engineers in secure implementation of technology stack in a cloud environment. You are a highly skilled security Engineer who enjoys security work and collaborating with product managers, engineers, and developers to drive the successful adoption of innovative methods in implementing robust cloud controls and developing secure applications.

In this role, you will:

  • Drive tailored SDL practice into specific engineering

  • Consult architect on security requirements and utilize best practices to meet them

  • Engage in application, platform and domain-specific threat modeling and attack surface analysis/reduction

  • Working with all scrum teams for security-focused design

  • Engineer Security solutions for cloud and embedded products, and the planning and implementation of risk mitigating security solutions

  • Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development

  • Implement security control across the technology stack to meet security and compliance requirements for IaaS, Paas, and SaaS

  • Help prepare reports at appropriate levels of confidentiality for stakeholders to view

  • Responding to customer-facing departments about Predix security posture

  • Responding promptly and in detail to customer-sponsored penetration tests

  • Promotes best practices, design patterns, standards through workshops, knowledge sharing, and code walk-throughs

  • Build automation around testing tools and techniques

  • Tailor communication to a variety of audiences and perspectives, and anticipates issues to prevent conflict

  • Securely on-board external developer applications and third party services as part of the overall Predix ecosystem

Qualifications/Requirements:

Basic Qualifications:

  • Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) OR a minimum of 4 years of equivalent experience

  • A minimum of 4 years of experience in secure system/software development life cycle for IaaS, PaaS and SaaS.

  • GE Leadership Program Graduates will get credit towards relevant work experience, commensurate to the program they have completed

Eligibility Requirements:

  • Legal authorization to work in the U.S. is required. GE may agree to sponsor an individual for an employment visa now or in the future if there is a shortage of individuals with particular skills.

  • Must be willing to travel (10-15%)

  • Must be willing to work out of an office located in San Ramon, CA

Desired Characteristics:

Technical Expertise:

  • Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)

  • Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)

  • Experienced in developing web services (SOAP/REST) and web applications (Java, Spring Core, Spring MVC, Spring Security)

  • Knowledge of application risk identification and evaluation techniques

  • Experience in securing cloud infrastructure such as AWS, Azure and alike (i.e., inspection, logging, WAF, VM)

  • Experience in deployment of cloud controls for infrastructure, platform, and applications (IaaS/SaaS/PaaS), specifically within AWS, Azure and GCP

Business Acumen:

  • Excellent written and verbal communication skills

  • Work with Cyber Security Champions and SMEs to understand product requirements & vision and align them with Cyber Security imperatives

Leadership:

  • Foster a collaborative and cooperative team environment, encouraging input and participation from all members

  • Work on a global team and knowledgeable about Cloud regulatory compliance and standards

Personal Attributes:

  • Contribute to and lead discussions and communications within the team and outside, including customers and other business units

  • Strong work ethics and a desire to overachieve using good judgment, negotiation/influence skills, and analytical skills

#DTR

Locations: United States; California; San Ramon

GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer at http://www1.eeoc.gov/employers/upload/eeocselfprint_poster.pdf . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditional upon the successful completion‚Äč of a background investigation and drug screen.