Staff Product Security Engineer - PCS
GE HealthCare
This listing was originally posted on GE HealthCare's careers page. Formulate is an equal opportunity job aggregator and is not involved in the hiring process. Where salary information is estimated, it is derived from BLS industry benchmarks and may differ from actual compensation.
Upgrade to Pro to access the AI-generated 'Read before applying' briefing and other premium pharma intelligence.
Upgrade to Pro — $25/moJob Description
Roles and Responsibilities:
1. Provide privacy and security technical expertise in support of the product team throughout product development, design change, and life- cycle management.
2. Work with the Product Security Leader (PSL) to support the product team with process expertise for the GE HealthCare-GEHC Product Cybersecurity Standard and life-cycle management.
3. Product cybersecurity development responsibilities:
• Assess the privacy and cybersecurity state of the product and define product roadmap features/enhancements with stakeholder approval
• Responsible for security architecture and coordination of product development for cybersecurity features and enhancements
• Own/create Threat models, Security Risk Assessment, Privacy Impact Assessment and other required Product Security / DEPS deliverables for PCS Service Technology products/platforms
• Assess product components and SBoM integrated into the product
• Perform defect management for cybersecurity issues
• Identify operational responsibilities and adherence to cloud standards for cloud- based products
• Responsible for Product and Security Manual and MDS2 documentation
4. In coordination with the PSL, own and deliver GEHC Product Cybersecurity Standard artifacts, which includes:
• Design input activities to identify, evaluate, roadmap, and drive cybersecurity and privacy features and enhancements within product development programs
• Create Design Engineering Privacy and Security (DEPS) artifacts for privacy and security risk assessments to engage in domain-specific product threat modeling, attack surface analysis, risk management and reduction
• Coordinates with the PSL to support the product team in scheduling and performing vulnerability scans and cybersecurity assessments
• Lead product Security Technical Design Reviews
• Along with the product Lead System Designer (LSD), responsible for the GEHC Product Cybersecurity Standard compliance and other pertinent standards and process.
5. Stay current on healthcare privacy trends and regulatory environment (i.e. FDA, HIPAA, GDPR, etc.) to effectively communicate privacy awareness with the product team.
6. Work with the GEHC Product Security team and QARA on released product life-cycle, including:
• Participate in post-market product vulnerability monitoring
• Participate as a Subject Matter Expert to determine product vulnerability impact, investigation, and risk assessment.
• Responsible for product vulnerability mitigation and design change.
• Responsible for GEHC vulnerability tool update to ensure accurate customer communication.
7. Address customer and Sales RFP privacy and security feedback/questions.
8. Provide technical expertise on customer concerns, complaints, and CSO escalations.
9. Create/Maintain responsible product records within GEHC product cybersecurity tools.
10. Active involvement in DoD RMF submission process and maintenance.
Required Qualifications:
• Bachelor’s degree in engineering
• 8+ years of development and security experience which includes application security, mobile security, network security, OS security and Cloud Security.
• Product/Information security experience in all phases of service/product development and deployment including architecture, design, development, testing and deployment.
• Experience in designing security solutions.
• Hands-on experience in execution and review of Static & Dynamic Code Analysis reports and ability to discuss with development teams for true positives.
• Strong knowledge of secure software development lifecycle and practices such as threat modelling, security reviews, penetration tests, and security incident response
• Experience and knowledge of penetration testing methodologies and tools.
• Conducting information security analyses, audits, and reviews
• Willingness to learn new technologies and work on security for varied products.
• Strong interpersonal skills with the ability to facilitate diverse groups, help negotiate priorities, and resolve conflicts among project stakeholders
• Sound security engineering knowledge (technical) so as to work collaboratively with the Tech Leads and software/products architects to ensure secure products.
• Knowledge of information system architecture and security controls (e.g., firewall, specialized appliances)
• Sound understanding of Cryptography, various Encryption Algorithms, Code Signing, Public key Infrastructure (PKI) and Certificate Authority (CA), OAUTH authentication, 2FA
Desired Characteristics:
• Hands on Experience with AWS services; AWS Solution Architect – Associate certification.
• Experience in Rest API, Kubernetes and container security assessments
• Experience of Information security assessment in healthcare sector.
• Exposure to privacy requirements
• Understanding of security by design principles and architecture level security concepts
• Up to date knowledge of current and emerging security threats and techniques for exploiting security vulnerabilities
• Ability to relate cyber security incidents from cross-industries.
• Good to have security certifications like OSCP/CCSP/CISSP
Relocation Assistance Provided: Yes
Explore related positions you might be interested in
We'll notify you when matching roles are posted.
Interviewed at GE HealthCare?
Help others prepare — share your experience anonymously.
Upgrade to Pro to access AI interview prep brief and other premium pharma intelligence.
Upgrade to Pro — $25/mo