About Us: GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry. GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
Role Summary: Sr. Staff Product Security Leader will work with teams comprised of Software Engineers, Quality Engineers, User Interaction Design Engineers, Infrastructure/Platform team, and the Product Owners to identify inherent cyber security risks and to develop and track controls to reduce risk within GE’s products. This role will blend strong technical expertise and program management skills.
Essential Responsibilities: Highly skilled security Engineer who enjoys security work and collaborating with product managers and developers to drive the successful adoption of innovative methods in developing secure applications.
In this role, you will:
Drive tailored SDL practice into specific engineering
Create and track meaningful metrics around product cyber risk and compensating controls
Consult, architect on security requirements and utilize best practices to meet them
Engage in application and domain-specific threat modeling and attack surface analysis/reduction
Working with all scrum teams for security-focused design
Identifying and ensuring resolution of possible technical implications of each release
Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development
Help prepare reports at appropriate levels of confidentiality for stakeholders to view
Responding promptly and in detail to customer-sponsored penetration tests
Promotes standards through workshops, knowledge shares, and code walk-throughs
Promotes best practices and design patterns
Provides guidance on automated testing tools and techniques
Bachelor's Degree in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math) and/or a minimum of 4 years of equivalent experience
A minimum of 4 years of experience in security development life cycle
At least 4 years of experience involvement with development team(s) that delivered software based services
Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job
Must be willing to work out of an office located in Houston, Tx
Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance
Very good knowledge and experience of Secure System Development Lifecycle phases
Program and Project Management experience; expertise with Agile development teams
Knowledge of Industrial automation control systems domain
Knowledge of application risk identification and evaluation techniques
Knowledge of Cyber Security and related engineering functions
Experience securing applications within cloud platforms such as AWS, Azure and alike.
Experience with broad set of information security technologies and processes within a SaaS, IaaS, PaaS, or cloud environment
Locations: United States; Texas; Houston
Connect With Us
Stay up to date on BHGE and possible opportunities that open in areas that interest you.