Staff Cyber Security Engineer

Job Description Summary

This is a key role within General Imaging (GI) Ultrasound with a focus on vulnerability management and incident response capability. In this role you will work in a team to identify risks and communicate and track product vulnerabilities.
GE HealthCare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.

Job Description

Responsibilities

Duties include (but are not limited to): 

• Technical ownership of product security feature deliverables, with the ability to gather and analyze data, develop architectural requirements and lead implementation efforts

• Work closely with cross-functional teams in requirements gathering and software design Roles and Responsibilities

• Scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment

• Engage in incident response methods, lead incident response processes related to product cyber

• Create and track meaningful metrics around product cyber risk and compensating controls

• Create vulnerability and incident trend analysis to improve product design

• Maintain cyber Bills of Material and conduct proactive vulnerability monitoring and assessment on cyber components

• Engage and administer End of Life processes for digital products

• Consult architects on security requirements and utilize best practices to meet requirements

• Engage in application and domain-specific threat modeling and attack surface analysis/reduction

• Respond promptly and in detail to customer-sponsored penetration tests

• Provide guidance on automated testing tools and techniques

• Discover and mitigate vulnerabilities in sensitive Critical Infrastructure/ Key Resource Domains (CI/KR)

• Develop and design innovative cyber security solutions for unique and complex technologies

• Work in partnership with government agencies, leading industry experts, and academia

• Leverage traditional and non-traditional research methodologies to advance GE HealthCare's overall Cybersecurity practice

• Assess and investigate specific threats in terms of severity and impact

• Create detailed reports on vulnerabilities, bugs, and design flaws

• Create IPS/IDS rules or other mitigations to protect vulnerable systems

• Interact with global teams to promote consistency and maximize synergies across common software platforms

• Able to join the team and gain mastery of the Ultrasound domain and contribute towards the development Software Infrastructure

• Drive world-class quality in the development and support of products

• Apply principles of SDLC and methodologies like Lean/Agile/XP, CI, Software and Product Security, Scalability, Documentation Practices, refactoring and Testing Techniques

• Understand performance parameters and assess application performance

• Proactively share information across the team, to the right audience with the appropriate level of detail and timeliness

• Design, develop, implement, test and deploy subsystem/security solutions and apply in-depth knowledge of product related technologies, technology platforms, architectures, engineering design principles and advancements

• In collaboration with principal engineers/architects and execution leaders, assist in the analysis, design and development of the product roadmap

• Manage design evolution across multi-generation product releases 

• Perform design and code reviews, and provide feedback on product security

Required Qualifications

• Bachelor’s degree in computer science or “STEM” Majors (Science, Technology, Engineering and Math) with minimum of 4 years of professional experience including Cyber Security

• Certification in the Privacy, Security & Regulatory domain or related certification

• Experience in object-oriented design methodology and various programming languages such as C/C++. Hands-on experience in C++ on Windows a plus.

• Working knowledge in configuration management tools such as Perforce, GIT, ClearCase, etc...

• Experience working with Windows API and application programming

• Experience in software platform, advanced applications, user-interface design and/or systems engineering especially in the healthcare domain –preferably Ultrasound

• Good skills in knowing how to debug software issues

• Experience with multicore and multi-threaded software design and computing environment

• Experience driving technical design reviews

• Strong interpersonal skills, including creativity and curiosity with ability to effectively communicate, and influence across all organizational levels

• Proven analytical and problem resolution skills

• Demonstrated ability to work with and/or lead blended teams, including global teams

• Experience setting up and maintaining automation in CI/CD workflow pipelines a plus

Desired Characteristics

Technical Expertise:

• Familiarity with identifying, analyzing, and ethically exploiting the various classes of vulnerabilities that affect executable code

• Strong knowledge of TCP/IP networking. Ability to use Wireshark to capture and analyze network traffic

• Hands-on experience working with Windows and Linux based systems

• Programming skills in one or more languages (we develop using Python, C, C++, CUDA, and others)

• Ability to understand machine language, operating systems, common APIs, libraries, and runtime environments and how they interact with hardware, firmware, and binary code

• Familiarity with digital electronics and microcontrollers. Exposure to SCADA/DCS systems or industrial technologies

• Business Acumen: Able to translate vulnerability information into business risks relevant to our customers

• Attention to detail with initiative to explore alternate technology and approaches to solving problems

• Good understanding of workflow in the healthcare industry

• Knowledge of ultrasound or demonstrated experience with development of medical device software

• Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance

• Experience with secure coding principles; code signing and secure boot

• Experience with penetration testing and ethical hacking

• Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)

• Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)

• Knowledge of application risk identification and evaluation techniques, and knowledge of Cyber Security and related engineering functions

• Experience securing applications within cloud platforms such as AWS, Azure, etc.

• Must be willing to work onsite at least 3 days a week in Wauwatosa/Waukesha, Wisconsin

• Self-starter, energizing, results oriented and able to multi-task; tenacious and organized

• Ability to foresee obstacles, identify workarounds, leverage resources, rally teammates

• Ability to influence and build consensus with other scrum teams and leadership

• Demonstrates adaptability and openness to change, effectively navigating ambiguity and responding to evolving information, circumstances, and priorities

• Exhibits clear and strategic thinking, translating complex strategies into actionable steps. Makes timely, informed decisions and communicates priorities with clarity and precision

#LI-ONSITE

#LI-WI

#LI-RV1

We will not sponsor individuals for employment visas, now or in the future, for this job opening.

Additional Information

While GE HealthCare does not currently require U.S. employees to be vaccinated against COVID-19, some GE HealthCare customers have vaccination mandates that may apply to certain GE HealthCare employees.