Job Description Summary

The Principal Product Security Leader helps to design and implement the next generation of secure healthcare devices and solutions. This includes providing development teams and product owners with technical insight and industry perspective in the creation, delivery, and integration of complex and comprehensive security solutions. The Principal Product Security Leader works across key GEHC design engineering teams to implement secure design and build practices and create innovative technical solutions to security challenges. You will be a security evangelist providing thought leadership to the organization and helping to guide developers in secure coding practices. You will also assist in technical security assessments across all of GEHC. There is moderate autonomy within the role. High levels of operational judgment are required to achieve the outcomes required.

At GE Healthcare, our machine, our software, our solutions, our services, and our people make a genuine difference to medical professional, and patients all over the world. That’s because we never lose sight of what healthcare really needs—the human touch.

Job Description

Roles and Responsibilities

• Oversee security for GEHC platforms, cross-modality efforts, connectivity products, and digital programs
• Act as a security technical lead for development programs
• Function as the main technical point of contact for product teams as relates to cybersecurity and privacy, while also growing the security expertise of product teams
• Build awareness of the importance of security in product management and technical teams
• Conduct complete lifecycle security architecture and technical assessments for a wide range of products, including embedded devices, enterprise software solutions, and mobile apps
• Engage in application and domain-specific threat modeling and attack surface analysis and reduction
• Lead cross-functional projects and teams in establishing security development lifecycle practices within healthcare products
• Assess and prioritize risk for legacy devices and communicate residual risk to business leaders
• Prepare reports at appropriate levels of confidentiality for stakeholders to view
• Support Privacy and Security incident response activities pertinent to design engineering and secure development through investigations, corrective actions, and preventive actions
• Work directly with customers to understand their Privacy and Security concerns and requirements
• Produce product assessment results suitable for customers
• Respond promptly and in detail to customer queries and customer-sponsored penetration tests
• Provide guidance on automated testing tools and techniques
• Perform technical security assessments across the GE Healthcare product portfolio
• Lead functional teams or projects with minimal resource requirements, risk, and/or complexity. Communicate difficult concepts and influence others' options on particular topics. Guide others to consider a different point of view.

Required Qualifications

• Bachelor's Degree in a relevant field (e.g. Computer Engineering, Computer Science, Information Security) or in a STEM major (Science, Technology, Engineering, or Math)
• 7 years full-time information security experience with emphasis on technical assessment (system/web application vulnerability assessment, penetration testing, white-box code analysis, etc.) and security architecture (design of security controls, secure system design, understanding of identity and authentication management, etc.)
• Must be willing to work out of a GE Healthcare office location or a remote home office

Desired Characteristics

• 5+ years of experience with information security in product development
• Certification in cybersecurity (CISSP preferred)
• Healthcare domain and medical device experience
• Experience with embedded devices, enterprise solutions, and mobile app development
• Experience with many operating systems: Enterprise Linux, Embedded Linux, Android, iOS, Windows, Windows Server, Windows Embedded. Real-time OS
• Experience with security configuration and communication of embedded devices
• Experience securing wireless communications: WiFi, WMTS, MBAN, Bluetooth
• Experience in a broad range of information security domains – security architecture, key and certificate management, security operations, fuzzing, penetration testing, SAAS/PAAS/IAAS/Cloud Security, Service-Oriented Architecture, Systems Management
• Experience with Security Development Lifecycle processes such as Threat Modeling
• Experience with a range of security tools: Nessus, Kali, Microsoft Threat Modeling Tool, etc.
• Experience with NIST 800-53 and/or ISO/IEC 27000 series of security standards
• Experience with OWASP, CVSS, FIPS 140-2 and 140-3, and DoD RMF
• Project and program management experience
• Organization and communication of complex information
• An understanding of information security risk management – exposure to risk concepts and models like FAIR, OCTAVE, etc.

While GE Healthcare does not currently require U.S. employees to be vaccinated against COVID-19, some GE Healthcare customers have vaccination mandates that may apply to certain GE Healthcare employees.

The salary range for this position is $152,000.00 - $228,000.00. The specific salary rate offered to a candidate may be influenced by a variety of factors including the candidate’s experience, their education, and the work location. In addition, this position is eligible for a performance bonus. Available benefits include health, welfare, retirement and paid leave.

We expect all employees to live and breathe our behaviors: to act with humility and build trust; lead with transparency; deliver with focus, and drive ownership – always with unyielding integrity.

Our total rewards are designed to unlock your ambition by giving you the boost and flexibility you need to turn your ideas into world-changing realities. Our salary and benefits are everything you’d expect from an organization with global strength and scale, and you’ll be surrounded by career opportunities in a culture that fosters care, collaboration and support.

#LI-REMOTE
#LI-SA1

#LI-GEHEALTHCARE

Additional Information