General Electric Sr Staff Product Security Leader in San Ramon, Michigan

About Us:

GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.

GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer at http://www.ge.com/sites/default/files/15-000845%20EEO%20combined.pdf . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

Role Summary:

The Sr. Staff Product Security Leader will collaborate with development teams around the world to drive threat modeling exercises, lead security-focused architecture and code reviews, oversee security tests, and validate security designs across numerous Aviation products, which include embedded and web-based products and services. You will be a developer security evangelist and will provide thought leadership & help guide developers in secure coding practices.

Essential Responsibilities:

In this role, you will:

  • Coach product development teams on secure design principles, development practices, and application hardening.

  • Perform Threat Modeling and Architecture Risk Analysis on software products.

  • Perform Security Code Reviews, Vulnerability Analysis and research on application code.

  • Coach and mentor developers to write and implement cryptography (PKI, Code Signing, etc)

  • Guide developers to write secure code and implement secure engineering practices.

  • Provide response for security related incidents reported for software products.

  • Engage subject matter experts in successful transfer of complex domain knowledge

  • Provide guidance and advise on writing secure code that meets standards and delivers desired functionality using the technology selected for the project.

  • Audit and exploit applications and systems under development to expose vulnerabilities, and demonstrate possible fixes. Analyze and validate completed security improvements and CVE patches.

Qualifications/Requirements:

Basic Qualification

  • Bachelor’s degree in computer engineering or in a STEM major (SCIENCE, TECHNOLOGY, ENGINEERING, OR MATH).

  • Minimum of 7 years of professional experience with web-based and/or embedded systems and applications.Eligibility Requirements

  • Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job. Desired Characteristics:

  • Highly skilled security Engineer who enjoys security work and collaborating with product managers and developers to drive the successful adoption of innovative methods in developing secure applications.

  • Proficiency in at least one programming language (Java, Node.JS, Python, or C/C++)

  • Experience conducting static code reviews and applying security auditing and/or penetration testing principles and tools.

  • Working knowledge ofOWASP Web/API vulnerabilities (CSRF, XSS, SQLI, etc.) and compensatingcontrols.

  • Experience securing applications within cloud platforms suchas AWS, Azure, CloudFoundry, etc

  • Knowledge of secure architecture and design principles

  • Knowledge of Risk Controls frameworks and procedures (NIST800-53, DFARS, etc.).

  • Knowledge of API security architecture common authentication technologies (OAuth2, Spring Security, HMAC, WS-Security, WS-Trust, or XACML)preferred.

  • Solid understanding of computer architecture, especially the hardware components, Software stack and protocols.

  • Experience in security technologies like TXT, TPM, TrustZone etc. This could overlap with experience in embedded systems.

  • Solid understanding of applied cryptography fundamentals (Encryption, Authentication, Symmetric Cryptography, Asymmetric Cryptography etc)#DTR Locations: United States; Michigan; Grand Rapids, EvendaleGE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer at http://www1.eeoc.gov/employers/upload/eeocselfprint_poster.pdf . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditional upon the successful completion​ of a background investigation and drug screen.