General Electric Staff Cyber Security Architect in Bengaluru, India
Job Description Summary
GE Healthcare Performance Intelligence Analytics is looking for a Privacy and Security Representative who leads definition and implementation of security and privacy standards across PIA (Privacy Impact Assessment) products while also working closely with a larger architecture group to drive product security roadmap and industry best practices. This is a highly influential technical leadership role cutting across product lines to create and drive the security strategy of our business. As a key member of technical staff, you will interact with all functions to drive a new vision of security and privacy solutions.
GE Healthcare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.
Roles and Responsibilities
GE Healthcare have devised a Design Engineering Privacy and Security Procedure to ensure compliance to the special cybersecurity needs of the Healthcare industry across the continuum of the Secure Development Life Cycle.
In close collaboration with the Product and Program Management Office and Cybersecurity Architect, you will be responsible to:
Serve as the Product Security Representative (PSR) for the various PIA products
Demonstrate good working knowledge in the following cybersecurity domains like identity and access management, audit, data encryption in transit or at rest, etc.
Collaborate with various product development teams to develop threat models
Develop mitigations/resolutions to vulnerabilities assessed, in conjunction with the development teams
Collaborate with various modality product development teams to identify vulnerabilities and needed mitigations and ensure these requirements are added to the roadmaps of the PIA products
Demonstrate good understanding of security principles and drive secure development practices within the development teams
Produce evaluation reports of the cybersecurity assessment and assess adequacy of mandated remediation
Fulfill governing processes designed to ensure traceability of cybersecurity compliance and vitality of our products
Collaborate with development teams to provide end-users/customers with security information specific to their product
Collaborate with program and development teams and GEHC central security organization to ensure design inputs for product security and privacy controls are thought through and implemented.
Analyze design and develop a roadmap and implementation plan based upon a current vs. future state in a cohesive architecture viewpoint.
Drive submission/certification to internal/external certification bodies (E.g. FDA, US DoD) as appropriate for medical devices. Create needed artifacts to support compliance for product security compliance (DEPS) assessments, FDA 510k submissions, US DoD RMF submissions etc.
Supporting Privacy/Security incident response activities pertinent to design engineering, through investigations, corrections, corrective actions, and preventive actions.
Drive or Participate in all Privacy & Security related Technical Design Reviews as needed for design engineering activities.
Collaborate with peers in other GEHC modalities and GEHC central security organization to share best practices and drive re-use.
The ideal applicant will have at least 15 years of experience in the IT industry, including performing vulnerability assessment, penetration testing, security audits, undertaking incident handling processes, etc.
B.Tech./M.Tech./Equivalent in Cybersecurity or related Computer Science backgrounds
Proven expertise across a range of operating systems and environments, such as MS Windows, Linux, Embedded OS
Hands on experience with standard security tools and products like Microsoft Thread Modeling Tool, Nessus, Black Duck, Nmap, Metasploit, Kali Linux, Wireshark, etc.
Hands on experience with OWASP Top 10, threat modeling, secure communication, cryptographic algorithms, certificates, PKI, key management
Hands on experience across the Secure Development Lifecycle and testing.
Proven professional expertise in a similar-role
Industry-recognized certification such as SSCP, CEH etc.
Experience in cloud stacks like AWS, and also native and container orchestration stacks like Kubernetes, DockerSwarm, OpenShift etc.
Excellent conceptual, problem-solving and oral/written communication skills
High passion and energy and the ability to influence and energize others
Demonstrated ability to work on projects concurrently and work with teams globally
Demonstrated ability to deliver high quality results in a timely fashion while working on multiple projects concurrently
Inclusion and Diversity
GE Healthcare is an Equal Opportunity Employer where inclusion matters. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support.
Relocation Assistance Provided: Yes