Staff Software Architect - Product Security
GE Healthcare
Job Description Summary
The Staff Software Architect – Product Security position is a key role within General Imaging (GI) Ultrasound with a focus on vulnerability management and incident response capability. In this role you will work in a team to identify risks and communicate and track product vulnerabilities.GE HealthCare is a leading global medical technology and digital solutions innovator. Our mission is to improve lives in the moments that matter. Unlock your ambition, turn ideas into world-changing realities, and join an organization where every voice makes a difference, and every difference builds a healthier world.
Job Description
Responsibilities
Duties include (but are not limited to):
Technical ownership of product security feature deliverables, with the ability to gather and analyze data, develop architectural requirements and lead implementation efforts
Work closely with cross-functional teams in requirements gathering and software design Roles and Responsibilities
Scope and participate in hardware and software penetration tests, vulnerability identification and vulnerability risk assessment
Engage in incident response methods, lead incident response processes related to product cyber
Create and track meaningful metrics around product cyber risk and compensating controls
Create vulnerability and incident trend analysis to improve product design
Maintain cyber Bills of Material and conduct proactive vulnerability monitoring and assessment on cyber components
Engage and administer End of Life processes for digital products
Consult architects on security requirements and utilize best practices to meet requirements
Engage in application and domain-specific threat modeling and attack surface analysis/reduction
Respond promptly and in detail to customer-sponsored penetration tests
Provide guidance on automated testing tools and techniques
Discover and mitigate vulnerabilities in sensitive Critical Infrastructure/ Key Resource Domains (CI/KR)
Develop and design innovative cyber security solutions for unique and complex technologies
Work in partnership with government agencies, leading industry experts, and academia
Leverage traditional and non-traditional research methodologies to advance GE HealthCare's overall Cybersecurity practice
Assess and investigate specific threats in terms of severity and impact
Create detailed reports on vulnerabilities, bugs, and design flaws
Create IPS/IDS rules or other mitigations to protect vulnerable systems
Interact with global teams to promote consistency and maximize synergies across common software platforms
Able to join the team and gain mastery of the Ultrasound domain and contribute towards the development Software Infrastructure
Drive world-class quality in the development and support of products
Apply principles of SDLC and methodologies like Lean/Agile/XP, CI, Software and Product Security, Scalability, Documentation Practices, refactoring and Testing Techniques
Understand performance parameters and assess application performance
Proactively share information across the team, to the right audience with the appropriate level of detail and timeliness
Design, develop, implement, test and deploy subsystem/security solutions and apply in-depth knowledge of product related technologies, technology platforms, architectures, engineering design principles and advancements
In collaboration with principal engineers/architects and execution leaders, assist in the analysis, design and development of the product roadmap
Manage design evolution across multi-generation product releases
Perform design and code reviews, and provide feedback on product security
Required Qualifications
Bachelor’s degree in computer science or “STEM” Majors (Science, Technology, Engineering and Math) with minimum of 6 years of professional experience including Cyber Security
Certification in the Privacy, Security & Regulatory domain or related certification
Experience in object-oriented design methodology and various programming languages such as C/C++. Hands-on experience in C++ on Windows a plus.
Working knowledge in configuration management tools such as Perforce, GIT, ClearCase, etc...
Experience working with Windows API and application programming
Experience in software platform, advanced applications, user-interface design and/or systems engineering especially in the healthcare domain –preferably Ultrasound
Good skills in knowing how to debug software issues
Experience with multicore and multi-threaded software design and computing environment
Experience driving technical design reviews
Strong interpersonal skills, including creativity and curiosity with ability to effectively communicate, and influence across all organizational levels
Proven analytical and problem resolution skills
Demonstrated ability to work with and/or lead blended teams, including global teams
Experience setting up and maintaining automation in CI/CD workflow pipelines a plus
Desired Characteristics
Technical Expertise:
Familiarity with identifying, analyzing, and ethically exploiting the various classes of vulnerabilities that affect executable code
Strong knowledge of TCP/IP networking. Ability to use Wireshark to capture and analyze network traffic
Hands-on experience working with Windows and Linux based systems
Programming skills in one or more languages (we develop using Python, C, C++, CUDA, and others)
Ability to understand machine language, operating systems, common APIs, libraries, and runtime environments and how they interact with hardware, firmware, and binary code
Familiarity with digital electronics and microcontrollers. Exposure to SCADA/DCS systems or industrial technologies
Business Acumen: Able to translate vulnerability information into business risks relevant to our customers
Attention to detail with initiative to explore alternate technology and approaches to solving problems
Good understanding of workflow in the healthcare industry
Knowledge of ultrasound or demonstrated experience with development of medical device software
Experience with cyber security framework (NIST 800-53, ISO 27001, IEC 62443, etc.) implementation and governance
Experience with secure coding principles; code signing and secure boot
Experience with penetration testing and ethical hacking
Knowledge of CI/CD and automation tools (Chef, Git, Jenkins)
Knowledge of Identity management and identity federation (SAML, Oauth, SCIM, XACML)
Knowledge of application risk identification and evaluation techniques, and knowledge of Cyber Security and related engineering functions
Experience securing applications within cloud platforms such as AWS, Azure, etc.
Must be willing to work onsite at least 3 days a week in Wauwatosa/Waukesha, Wisconsin
Self-starter, energizing, results oriented and able to multi-task; tenacious and organized
Ability to foresee obstacles, identify workarounds, leverage resources, rally teammates
Ability to influence and build consensus with other scrum teams and leadership
Demonstrates adaptability and openness to change, effectively navigating ambiguity and responding to evolving information, circumstances, and priorities
Exhibits clear and strategic thinking, translating complex strategies into actionable steps. Makes timely, informed decisions and communicates priorities with clarity and precision
Additional Job Description
Additional Information
Compensation Grade
LPB1
GE HealthCare offers a great work environment, professional development, challenging careers, and competitive compensation. GE HealthCare is an Equal Opportunities Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
GE HealthCare will only employ those who are legally authorized to work in the United States for this opening.
While GE HealthCare does not currently require U.S. employees to be vaccinated against COVID-19, some GE HealthCare customers have vaccination mandates that may apply to certain GE HealthCare employees.
Relocation Assistance Provided: No