General Electric Cyber Security Researcher in Herzliya, Israel
Job Description Summary
The GE Digital Cyber Lab is responsible for researching and securing the company's crown jewels systems, including 3d printers of airplanes, wind turbines, power plants, electrical grids, medical devices, critical infrastructures, industrial clouds, predictive analytics systems, and much more. Join our team and conduct cyber research of a varied tech stack in a work environment that emphasizes continuous self-development.
Position Title Cyber Security Researcher
GE’s Cybersecurity Research Lab develops and applies technical expertise to protect critical GE products from a broad spectrum of evolving cyber-enabled risks and threats. The ideal candidate shall demonstrate a thorough understanding of cyber security attack techniques and mitigation methods in the application and infrastructure levels. The candidate must also demonstrate experience with developing and designing security solutions.
Essential duties include (but are not limited to) the following:
Conducting security researches and penetration testing on a wide array of products and technologies (both low-level and applicative).
Working with other research team members on discovery and exploitation.
Discovering and mitigating vulnerabilities in sensitive critical infrastructures.
Working in partnership with government agencies, leading industry experts, and academic institutes.
Cyber security professional with a minimum of 3 years of cyber security research experience.
Must possess strong verbal and written communication skills in English.
Have a broad understanding of the cyber security domain and common related technologies and tools.
Have excellent understanding and hands-on experience with identifying and exploiting common security vulnerabilities, including OWASP-Top-10.
Be able to assess web applications, with emphasis on RESTful APIs.
Have good understanding of network infrastructure and protocols.
Be able to understand complex code and writing scripts.
Have a bachelor's degree in Computer Sciences or a related field – An advantage.
Participated in the past in CTF events – An advantage.
Has hands-on experience with assessing and exploiting of at least one of the following domains:
Private/public cloud and micro-service architectures (IaaS, PaaS and SaaS)
Mobile infrastructure and applications (iOS/Android)
Linux Kernel, containers, container runtime, and orchestrators
Low-level systems and reverse engineering, with emphasis on exploitation
The SDLC process with emphasis on threat modeling of complex systems
Infrastructure and network communication analysis
Research of proprietary protocols.
Have a pro-active work ethic with a “can-do” attitude
Be reliable and responsible
Passionate about cyber security
Versatile, fast learner, and highly resourceful
Have the ability to work independently and as a part of a team.
The job is open to men and women equally
Relocation Assistance Provided: No