General Electric Sr Cyber Security Engineer - Product Security in San Ramon, California
GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer at http://www.ge.com/sites/default/files/15-000845%20EEO%20combined.pdf . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
We are looking for a Sr Cyber Security Engineer - Product Security to work with teams comprised of Software Engineers, Quality Engineers, User Interaction Design Engineers, Infrastructure/Platform team, and the Product Owners to help lead the technical insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions.
You will be a security evangelist providing thought leadership & helping guide developers in secure coding principles and engineers in secure implementation of technology stack in a cloud environment. You are a highly skilled security Engineer who enjoys security work and collaborating with product managers, engineers, and developers to drive the successful adoption of innovative methods in implementing robust cloud controls and developing secure applications.
In this role, you will:
Drive tailored SDL practice into specific engineering
Consult architect on security requirements and utilize best practices to meet them
Engage in application, platform and domain-specific threat modeling and attack surface analysis/reduction
Working with all scrum teams for security-focused design
Engineer Security solutions for cloud and embedded products, and the planning and implementation of risk mitigating security solutions
Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development
Implement security control across the technology stack to meet security and compliance requirements for IaaS, Paas, and SaaS
Help prepare reports at appropriate levels of confidentiality for stakeholders to view
Responding to customer-facing departments about Predix security posture
Responding promptly and in detail to customer-sponsored penetration tests
Promotes best practices, design patterns, standards through workshops, knowledge sharing, and code walk-throughs
Build automation around testing tools and techniques
Tailor communication to a variety of audiences and perspectives, and anticipates issues to prevent conflict
Securely on-board external developer applications and third party services as part of the overall Predix ecosystem
Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) OR a minimum of 4 years of equivalent experience
A minimum of 4 years of experience in secure system/software development life cycle for IaaS, PaaS and SaaS.
GE Leadership Program Graduates will get credit towards relevant work experience, commensurate to the program they have completed
Legal authorization to work in the U.S. is required. GE may agree to sponsor an individual for an employment visa now or in the future if there is a shortage of individuals with particular skills.
Must be willing to travel (10-15%)
Must be willing to work out of an office located in San Ramon, CA
Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)
Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)
Experienced in developing web services (SOAP/REST) and web applications (Java, Spring Core, Spring MVC, Spring Security)
Knowledge of application risk identification and evaluation techniques
Experience in securing cloud infrastructure such as AWS, Azure and alike (i.e., inspection, logging, WAF, VM)
Experience in deployment of cloud controls for infrastructure, platform, and applications (IaaS/SaaS/PaaS), specifically within AWS, Azure and GCP
Excellent written and verbal communication skills
Work with Cyber Security Champions and SMEs to understand product requirements & vision and align them with Cyber Security imperatives
Foster a collaborative and cooperative team environment, encouraging input and participation from all members
Work on a global team and knowledgeable about Cloud regulatory compliance and standards
Contribute to and lead discussions and communications within the team and outside, including customers and other business units
Strong work ethics and a desire to overachieve using good judgment, negotiation/influence skills, and analytical skills
Locations: United States; California; San Ramon
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer at http://www1.eeoc.gov/employers/upload/eeocselfprint_poster.pdf . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditional upon the successful completion of a background investigation and drug screen.