Staff Product Security Representative
Bengaluru HEALTHCARE (JFWTC) IN
GE HealthCare
GE HealthCare provides digital infrastructure, data analytics & decision support tools helps in diagnosis, treatment and monitoring of patientsGE HealthCare is a leading global medical technology and digital solutions innovator. Our purpose is to create a world where healthcare has no limits. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.Job Description
Summary
The Product Security Engineer is a product team’s cybersecurity focal point for secure product development and maintenance of released product. The Product Security Engineer is an experienced member of the product engineering team with influence to drive product privacy and cybersecurity features and enhancements. The Product Security Engineer must have deep product knowledge to ensure the clinical functionality, expected operating environment, and interoperability to accurately determine a product’s privacy and security risks.
GE HealthCare is a leading global medical technology and digital solutions innovator. Our purpose is to create a world where healthcare has no limits. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.
Essential Responsibilities:
GE Healthcare have devised a Design Engineering Privacy and Security Procedure to ensure compliance to the special cybersecurity needs of the Healthcare industry across the continuum of the Secure Development Life Cycle.
Roles and Responsibilities:
1.Provide privacy and security technical expertise in support of the product
team throughout product development, design change, and life-cycle
management.
2. Work with the Product Security Leader (PSL) to support the product team
with process expertise for the GE HealthCare-GEHC Product Cybersecurity
Standard and life-cycle management.
3.Product cybersecurity development responsibilities:
Assess the privacy and cybersecurity state of the product and define product roadmap features/enhancements with stakeholder approval.
Responsible for security architecture and coordination of product development for cybersecurity features and enhancements
Assess product components and SBoM integrated into the product
Perform defect management for cybersecurity issues
Identify operational responsibilities and adherence to cloud standards for cloud- based products.
Responsible for Product and Security Manual and MDS2 documentation.
4. In coordination with the PSL, own and deliver GEHC Product Cybersecurity
Standard artifacts, which includes:
Design input activities to identify, evaluate, roadmap, and drive cybersecurity and privacy features and enhancements within product development programs
Create Design Engineering Privacy and Security (DEPS) artifacts for privacy and security risk assessments to engage in domain-specific product threat modeling, attack surface analysis, risk management and reduction
Coordinates with the PSL to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments
Lead product Security Technical Design Reviews
Along with the product LSD, responsible for the GEHC Product Cybersecurity Standard compliance and other pertinent standards and process.
5 .Stay current on healthcare privacy trends and regulatory environment (i.e.
FDA, HIPAA, GDPR, etc…) to effectively communicate privacy awareness with
the product team.
6.Works with the GEHC Product Security team and QARA on
released product life-cycle, including:
Participate in post-market product vulnerability monitoring
Participate as an Subject Matter Expertise to determine product vulnerability impact, investigation, and risk assessment.
Responsible for product vulnerability mitigation and design change.
Responsible for GEHC vulnerability tool update to ensure accurate customer communication.
7.Address customer and Sales RFP privacy and security feedback/questions. 8. 8. Provide technical expertise on customer concerns, complaints, and CSO escalations.
9. Create/Maintain responsible product records within GEHC product cyberse
curity tools.
10.Active involvement in DoD RMF submission process and maintenance.
Educational Qualifications:
Bachelor's Degree in a relevant field (e.g. Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math)
3+ years of progressive experience as a development/cybersecurity engineer or scientist/researcher working with a cybersecurity skill set.
Desired Characteristics:
- Sound technical and domain experience in at least two cybersecurity functional technology areas.
- Technical assessment (system/web application vulnerability assessment, penetration testing, white-box code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc.).
Inclusion and Diversity
GE Healthcare is an Equal Opportunity Employer where inclusion matters. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership – always with unyielding integrity.
Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support.
Additional InformationRelocation Assistance Provided: No
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Cloud Code analysis Compliance Computer Science DoD DoD RMF GDPR HIPAA Malware Monitoring Pentesting Privacy Product security RFPs Risk assessment Risk management RMF SBOM STEM Vulnerability scans
Perks/benefits: Career development Relocation support Transparency
More jobs like this
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Product Security Engineer jobs
- Open Cloud Security Architect jobs
- Open Security Operations Engineer jobs
- Open Information Security Specialist jobs
- Open Information Security Officer jobs
- Open Principal Security Engineer jobs
- Open Senior Cyber Security Engineer jobs
- Open Senior Product Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Chief Information Security Officer jobs
- Open IT Security Engineer jobs
- Open Senior Penetration Tester jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Security Specialist jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Senior Network Security Engineer jobs
- Open Security Consultant jobs
- Open Cybersecurity Consultant jobs
- Open IT Security Analyst jobs
- Open Security Operations Analyst jobs
- Open Senior Information Security Analyst jobs
- Open Manager Pentest H/F jobs
- Open Information System Security Officer jobs
- Open Senior Information Security Engineer jobs
- Open Agile-related jobs
- Open Risk assessment-related jobs
- Open SOC-related jobs
- Open Network security-related jobs
- Open Analytics-related jobs
- Open CISA-related jobs
- Open ISO 27001-related jobs
- Open GCP-related jobs
- Open IAM-related jobs
- Open Application security-related jobs
- Open Pentesting-related jobs
- Open Vulnerability management-related jobs
- Open Threat intelligence-related jobs
- Open DevOps-related jobs
- Open DoD-related jobs
- Open Security Clearance-related jobs
- Open APIs-related jobs
- Open CEH-related jobs
- Open Security assessment-related jobs
- Open SaaS-related jobs
- Open Malware-related jobs
- Open Kubernetes-related jobs
- Open EDR-related jobs
- Open Java-related jobs
- Open DevSecOps-related jobs