General Electric Sr Staff Product Security Leader in San Francisco, California

Role Summary:

We are looking for a Sr. Staff Product Security Leader to work with teams comprised of Software Engineers, Quality Engineers, User Interaction Design Engineers, Infrastructure/Platform team, and the Product Owners to help lead the technical insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions.

Essential Responsibilities:

You will be a security evangelist providing thought leadership & helping guide developers in secure coding principles and engineers in secure implementation of technology stack in a cloud environment. You are a highly skilled security Engineer who enjoys security work and collaborating with product managers, engineers, and developers to drive the successful adoption of innovative methods in implementing robust cloud controls and developing secure applications.

In this role, you will:

  • Drive tailored SDL practice into specific engineering

  • Consult architect on security requirements and utilize best practices to meet them

  • Engage in application, platform and domain-specific threat modeling and attack surface analysis/reduction

  • Working with all scrum teams for security-focused design

  • Engineer Security solutions for cloud and embedded products, and the planning and implementation of risk mitigating security solutions

  • Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development

  • Implement security control across the technology stack to meet security and compliance requirements for IaaS, Paas, and SaaS

  • Help prepare reports at appropriate levels of confidentiality for stakeholders to view

  • Responding to customer-facing departments about Predix security posture

  • Responding promptly and in detail to customer-sponsored penetration tests

  • Promotes best practices, design patterns, standards through workshops, knowledge sharing, and code walk-throughs

  • Build automation around testing tools and techniques

  • Tailor communication to a variety of audiences and perspectives, and anticipates issues to prevent conflict

  • Securely on-board external developer applications and third party services as part of the overall Predix ecosystem Qualifications/Requirements: Basic Qualifications:

  • Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) and/or a minimum of 4 years of equivalent experience

  • A minimum of 8 years of experience in security development life cycle for IaaS, PaaS and SaaS.Eligibility Requirements: (Country Specific)

  • Legal authorization to work in the U.S. is required. GE may agree to sponsor an individual for an employment visa now or in the future if there is a shortage of individuals with particular skills.

  • Any offer of employment is conditioned upon the successful completion of a background investigation and drug screen

  • Must be willing to travel

  • Must be willing to work out of an office located in San Ramon CA Desired Characteristics: Technical Expertise:

  • Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)

  • Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)

  • Experienced in developing web services (SOAP/REST) and web applications (Java, Spring Core, Spring MVC, Spring Security)

  • Knowledge of application risk identification and evaluation techniques

  • Experience in securing cloud infrastructure such as AWS, Azure and alike (i.e., inspection, logging, WAF, VM)

  • Experience in deployment of cloud controls for infrastructure, platform, and applications (IaaS/SaaS/PaaS), specifically within AWS, Azure and GCPBusiness Acumen:

  • Excellent written and verbal communication skills

  • Work with Cyber Security Champions and SMEs to understand product requirements & vision and align them with Cyber Security imperativesLeadership:

  • Foster a collaborative and cooperative team environment, encouraging input and participation from all members

  • Work on a global team and knowledgeable about Cloud regulatory compliance and standardsPersonal Attributes:

  • Contribute to and lead discussions and communications within the team and outside, including customers and other business units

  • Strong work ethics and a desire to overachieve using good judgment, negotiation/influence skills, and analytical skills#DTR About Us: GE (NYSE:GE) drives the world forward by tackling its biggest challenges. By combining world-class engineering with software and analytics, GE helps the world work more efficiently, reliably, and safely. GE people are global, diverse and dedicated, operating with the highest integrity and passion to fulfill GE’s mission and deliver for our customers. www.ge.com GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer at http://www.ge.com/sites/default/files/15-000845%20EEO%20combined.pdf . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. Locations: United States; California; San RamonGE will only employ those who are legally authorized to work in the United States for this opening.