The Staff Software Architect - Product Security at GE HealthCare focuses on vulnerability management and incident response within the General Imaging Ultrasound team. This role involves technical ownership of product security features and collaboration with cross-functional teams to enhance cybersecurity practices.
Job Description Summary The Staff Software Architect - Product Security position is a key role within General Imaging (GI) Ultrasound with a focus on vulnerability management and incident response capability. In this role you will work in a team to identify risks and communicate and track product vulnerabilities. GE HealthCare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world. Job Description Responsibilities Duties include (but are not limited to): • Technical ownership of product security feature deliverables, with the ability to gather and analyze data, develop architectural requirements and lead implementation efforts • Work closely with cross-functional teams in requirements gathering and software design Roles and Responsibilities • Scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment • Engage in incident response methods, lead incident response processes related to product cyber • Create and track meaningful metrics around product cyber risk and compensating controls • Create vulnerability and incident trend analysis to improve product design • Maintain cyber Bills of Material and conduct proactive vulnerability monitoring and assessment on cyber components • Engage and administer End of Life processes for digital products • Consult architects on security requirements and utilize best practices to meet requirements • Engage in application and domain-specific threat modeling and attack surface analysis/reduction • Respond promptly and in detail to customer-sponsored penetration tests • Provide guidance on automated testing tools and techniques • Discover and mitigate vulnerabilities in sensitive Critical Infrastructure/ Key Resource Domains (CI/KR) • Develop and design innovative cyber security solutions for unique and complex technologies • Work in partnership with government agencies, leading industry experts, and academia • Leverage traditional and non-traditional research methodologies to advance GE HealthCare's overall Cybersecurity practice • Assess and investigate specific threats in terms of severity and impact • Create detailed reports on vulnerabilities, bugs, and design flaws • Create IPS/IDS rules or other mitigations to protect vulnerable systems • Interact with global teams to promote consistency and maximize synergies across common software platforms • Able to join the team and gain mastery of the Ultrasound domain and contribute towards the development Software Infrastructure • Drive world-class quality in the development and support of products • Apply principles of SDLC and methodologies like Lean/Agile/XP, CI, Software and Product Security, Scalability, Documentation Practices, refactoring and Testing Techniques • Understand performance parameters and assess application performance • Proactively share information across the team, to the right audience with the appropriate level of detail and timeliness • Design, develop, implement, test and deploy subsystem/security solutions and apply in-depth knowledge of product related technologies, technology platforms, architectures, engineering design principles and advancements • In collaboration with principal engineers/architects and execution leaders, assist in the analysis, design and development of the product roadmap • Manage design evolution across multi-generation product releases • Perform design and code reviews, and provide feedback on product security Required Qualifications • Bachelor's degree in computer science or "STEM" Majors (Science, Technology, Engineering and Math) with minimum of 6 years of professional experience including Cyber Security • Certification in the Privacy, Security & Regulatory domain or related certification • Experience in object-oriented design methodology and various programming languages such as C/C++. Hands-on experience in C++ on Windows a plus. • Working knowledge in configuration management tools such as Perforce, GIT, ClearCase, etc... • Experience working with Windows API and application programming • Experience in software platform, advanced applications, user-interface design and/or systems engineering especially in the healthcare domain -preferably Ultrasound • Good skills in knowing how to debug software issues • Experience with multicore and multi-threaded software design and computing environment • Experience driving technical design reviews • Strong interpersonal skills, including creativity and curiosity with ability to effectively communicate, and influence across all organizational levels • Proven analytical and problem resolution skills • Demonstrated ability to work with and/or lead blended teams, including global teams • Experience setting up and maintaining automation in CI/CD workflow pipelines a plus Desired Characteristics Technical Expertise: • Familiarity with identifying, analyzing, and ethically exploiting the various classes of vulnerabilities that affect executable code • Strong knowledge of TCP/IP networking. Ability to use Wireshark to capture and analyze network traffic • Hands-on experience working with Windows and Linux based systems • Programming skills in one or more languages (we develop using Python, C, C++, CUDA, and others) • Ability to understand machine language, operating systems, common APIs, libraries, and runtime environments and how they interact with hardware, firmware, and binary code • Familiarity with digital electronics and microcontrollers. Exposure to SCADA/DCS systems or industrial technologies • Business Acumen: Able to translate vulnerability information into business risks relevant to our customers • Attention to detail with initiative to explore alternate technology and approaches to solving problems • Good understanding of workflow in the healthcare industry • Knowledge of ultrasound or demonstrated experience with development of medical device software • Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance • Experience with secure coding principles; code signing and secure boot • Experience with penetration testing and ethical hacking • Knowledge of CI/CD and automation tools (Chef, Git, Jenkins) • Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML) • Knowledge of application risk identification and evaluation techniques, and knowledge of Cyber Security and related engineering functions • Experience securing applications within cloud platforms such as AWS, Azure, etc. • Must be willing to work onsite at least 3 days a week in Wauwatosa/Waukesha, Wisconsin • Self-starter, energizing, results oriented and able to multi-task; tenacious and organized • Ability to foresee obstacles, identify workarounds, leverage resources, rally teammates • Ability to influence and build consensus with other scrum teams and leadership • Demonstrates adaptability and openness to change, effectively navigating ambiguity and responding to evolving information, circumstances, and priorities • Exhibits clear and strategic thinking, translating complex strategies into actionable steps. Makes timely, informed decisions and communicates priorities with clarity and precision We will not sponsor individuals for employment visas, now or in the future, for this job opening. Additional Information GE HealthCare offers a great work environment, professional development, challenging careers, and competitive compensation. GE HealthCare is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law. GE HealthCare will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable). While GE HealthCare does not currently require U.S. employees to be vaccinated against COVID-19, some GE HealthCare customers have vaccination mandates that may apply to certain GE HealthCare employees. Relocation Assistance Provided: No
The Manager, Product Security DevSecOps at Johnson & Johnson is responsible for implementing enterprise Product Security tooling for MedTech, ensuring security automation within development pipelines. This role requires collaboration with internal teams and expertise in Azure services.
The Manager, Product Security DevSecOps at Johnson & Johnson will oversee the implementation of enterprise Product Security tooling for MedTech, focusing on enhancing security automation within development pipelines. This role requires collaboration with various teams to ensure security requirements are met during product development.
The Staff Software Architect - Product Security at GE HealthCare focuses on vulnerability management and incident response within the General Imaging Ultrasound team. This role involves technical ownership of product security features and collaboration with cross-functional teams to enhance cybersecurity practices.
The Staff Software Engineer - Product Security at GE HealthCare focuses on vulnerability management and incident response within the Ultrasound division. This role involves collaborating with cross-functional teams to enhance product security and mitigate risks.
The Sr Principal Product Security Architect at Dematic will lead the technical strategy for product security, ensuring robust security measures across all products. This role involves collaboration with various teams to enhance security practices and compliance.
GE Healthcare is seeking a Staff Cyber Security Engineer to focus on vulnerability management and incident response within the General Imaging Ultrasound team. This role involves technical ownership of product security features and collaboration with cross-functional teams.
The Manager, Product Security DevSecOps at Johnson & Johnson is responsible for implementing enterprise Product Security tooling for MedTech, ensuring security automation within development pipelines. This role requires collaboration with internal teams and expertise in Azure services.
The Manager, Product Security DevSecOps at Johnson & Johnson will oversee the implementation of enterprise Product Security tooling for MedTech, focusing on enhancing security automation within development pipelines. This role requires collaboration with various teams to ensure security requirements are met during product development.
The Staff Software Architect - Product Security at GE HealthCare focuses on vulnerability management and incident response within the General Imaging Ultrasound team. This role involves technical ownership of product security features and collaboration with cross-functional teams to enhance cybersecurity practices.
The Staff Software Engineer - Product Security at GE HealthCare focuses on vulnerability management and incident response within the Ultrasound division. This role involves collaborating with cross-functional teams to enhance product security and mitigate risks.
The Sr Principal Product Security Architect at Dematic will lead the technical strategy for product security, ensuring robust security measures across all products. This role involves collaboration with various teams to enhance security practices and compliance.
GE Healthcare is seeking a Staff Cyber Security Engineer to focus on vulnerability management and incident response within the General Imaging Ultrasound team. This role involves technical ownership of product security features and collaboration with cross-functional teams.
The Manager, Product Security DevSecOps at Johnson & Johnson is responsible for implementing enterprise Product Security tooling for MedTech, ensuring security automation within development pipelines. This role requires collaboration with internal teams and expertise in Azure services.
The Manager, Product Security DevSecOps at Johnson & Johnson will oversee the implementation of enterprise Product Security tooling for MedTech, focusing on enhancing security automation within development pipelines. This role requires collaboration with various teams to ensure security requirements are met during product development.
The Staff Software Architect - Product Security at GE HealthCare focuses on vulnerability management and incident response within the General Imaging Ultrasound team. This role involves technical ownership of product security features and collaboration with cross-functional teams to enhance cybersecurity practices.