We are looking for an Sr Product Security Analyst, with a focus on Penetration testing and Python coding. In this role you will work in a team to identify, risk rate, communicate and track product vulnerabilities and be a part of the Cyber Security Lab team. Roles and Responsibilities In this role, you will: Be able to scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment. Engage in application and domain-specific threat modeling and attack surface analysis/reduction Engage in incident response methods lead incident response processes related to product cybersecurity Create and track meaningful metrics around product cyber risk and compensating controls Perform Security Code Reviews, Vulnerability Analysis and research on application code Create vulnerability and incident trend analysis to improve product design Maintain cyber Bills of Material and conduct proactive vulnerability monitoring and assessment on cyber components Engage and administer End Of Life processes for digital products Promote best practices based on OWASP, SANS Top 25. Write fuzz scenarios to see the break network protocol suites such as TCP/IP, IPv6, UDP, TLS, DTLS Ability to automate attack scenarios to avoid repetitive work. Consult, architect on security requirements and utilize best practices to meet them. Help prepare reports at appropriate levels of confidentiality for stakeholders to view Respond promptly and in detail to customer-sponsored penetration tests Provide guidance on automated testing tools and techniques Required Skills Professional expertise with Kali Linux, Metasploit, Meterpreter. Hands-on experience in Windows/Linux and network security. Execute Scans using tools such as Nessus, Burp, Fortify/Coverity, Splunk etc. Education Qualification Bachelor's Degree in Computer Science or STEM Majors (Science, Technology, Engineering and Math) with a minimum of 5+ years of experience in systems security, product / OT security and application security Technical Expertise Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance Experience with secure coding principles; code signing; secure boot Experience with penetration testing and ethical hacking Knowledge of CI/CD and automation tools (Chef, Git, Jenkins) Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML) Experienced in developing web services (SOAP/REST) Must be available for on call for potential security response Knowledge of application risk identification and evaluation techniques Knowledge of Cyber Security and full knowledge of multiple related engineering functions Experience securing applications within cloud platforms such as AWS, Azure and alike. Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment
GE Healthcare
Every day millions of people feel the impact of our intelligent devices, advanced analytics and artificial intelligence. As a leading global medical technology and digital solutions innovator, GE HealthCare enables clinicians to make faster, more informed decisions through intelligent devices, data analytics, applications and services, supported by its Edison intelligence platform. With over 100 years of healthcare industry experience and around 50,000 employees globally, the company operates at the center of an ecosystem working toward precision health, digitizing healthcare, helping drive productivity and improve outcomes for patients, providers, health systems and researchers around the world. We embrace a culture of respect, transparency, integrity and diversity and we work to create a world where healthcare has no limits.