Senior Product Security Analyst Ge
Redmond, WA

Job Description

Role Summary:We are looking for a Sr Product Security Analyst, with a focus in vulnerability management and incident response capability. In this role you will work in a team to identify, risk rate, communicate and track product vulnerabilities and be a part of the product incident response team.

Essential Responsibilities:

Be able to scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment

Engage in incident response methods lead incident response processes related to product cyber

Create and track meaningful metrics around product cyber risk and compensating controls

Create vulnerability and incident trend analysis to improve product design

Maintain cyber Bills of Material and conduct proactive vulnerability monitoring and assessment on cyber components

Engage and administer End Of Life processes for digital products

Consult, architect on security requirements and utilize best practices to meet them

Engage in application and domain-specific threat modeling and attack surface analysis/reduction

Help prepare reports at appropriate levels of confidentiality for stakeholders to view

Responding promptly and in detail to customer-sponsored penetration tests

Provides guidance on automated testing tools and techniques

Qualifications/Requirements:

Basic Qualifications:

Bachelor's Degree in Computer Science or STEM majors (Science, Technology, Engineering, and Math) with a minimum of 4 years experience

Eligibility Requirements:

Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job

Desired Characteristics:

Bachelor's Degree from an accredited institution in Information Security

Experience in progressive cuber security development experience - ideally in the power industry

Industry recognized software security certification (CSSLP, CISSP, CySa+, etc.)

Experience with accepted industry cyber security standards (NERC CIP, NIST 800-53, ISO 27001, etc.) implementation and governance

Experience implementing DevSecOps environments

Program and Project Management experience

expertise with Agile development teams

Experience with secure coding principles; code signing; secure boot

Experience with penetration testing and ethical hacking

Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)

Ability to work independently

Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)

Experienced in developing web services (SOAP/REST)

Must be available for on call for potential security response

Knowledge of application risk identification and evaluation techniques

Knowledge of Cyber Security and full knowledge of multiple related engineering functions

Experience securing applications within cloud platforms such as AWS or Azure

Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment

#DTR

About Us:GE (NYSE:GE) drives the world forward by tackling its biggest challenges. By combining world-class engineering with software and analytics, GE helps the world work more efficiently, reliably, and safely. GE people are global, diverse and dedicated, operating with the highest integrity and passion to fulfill GE's mission and deliver for our customers. www.ge.com

GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, gender (including pregnancy), sexual orientation, gender identity or expression, age, disability, veteran status or any other characteristics protected by law.

Additional Eligibility Qualifications:GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditioned upon the successful completion of a drug screen (as applicable).Additional Locations:United States;Washington, Wisconsin;Redmond, open to remote in Wisconsin;