Sr Product Security Analyst
GE is the world's Digital Industrial Company, transforming industry with software-defined machines and solutions that are connected, responsive and predictive. Through our people, leadership development, services, technology and scale, GE delivers better outcomes for global customers by speaking the language of industry.
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer at http://www.ge.com/sites/default/files/15-000845%20EEO%20combined.pdf . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
We are looking for smart, security minded, enthusiastic and friendly cyber security analyst who can work collaboratively with other teams over design and development of different customer facing features on the Predix Mobile Applications. You will be a senior level mobile software security expert who will provide thought leadership in building industrial class security solutions for Mobile applications.
In this role, you will:
+ Be responsible for providing technical leadership and defining, developing, and evolving security within software in a fast paced and agile development environment using the latest secure software development technologies and infrastructure.
+ Work with Cyber Security Leaders and SMEs to understand product requirements & vision
+ Translate security requirements / vision into prioritized list of user stories and deliver to required timelines and quality standards
+ Perform Threat Modeling and Architecture Risk Analysis on mobile applications.
+ Perform Security Code Reviews, Vulnerability Analysis and research on application code.
+ Coach and mentor developers to write and implement cryptography (PKI, Code Signing, Stored Secrets etc)
+ Work cross functionally to scope schedule and then analyze results from Red Team exercises on software products.
+ Guide developers to write secure code and implement secure engineering practices.
+ Provide response for security related incidents reported for software products.
+ Engage subject matter experts in successful transfer of complex domain knowledge
+ Apply principles of Secure SDLC and methodologies like Lean/Agile/XP, CI, Software and Product Security, Scalability, Documentation Practices, refactoring and Testing Techniques
+ Provide guidance and advise on writing secure code that meets standards and delivers desired functionality using the technology selected for the project.
+ Understand application security methodologies and frameworks.
+ Leverage tailored Secure SDL practice into specific engineering
+ Develop security requirements and utilize best practices to meet them
+ Research new application security technologies and implement them to improve application security.
+ Working with other scrum teams for security-focused design
+ Identifying and ensuring resolution of possible technical implications of each release
+ Maintaining a backlog of security-related tools that will improve the maintainability and security of our code and the pace of development
+ Promotes best practices based on OWASP, MSDL etc.
+ BS degree or higher in Computer Engineering or in a STEM major (Science, Technology, Engineering, or Math)
+ At least 4 years of experience involvement with development team(s) that delivered software based services
+ Legal authorization to work in the U.S. is required. GE may agree to sponsor an individual for an employment visa now or in the future if there is a shortage of individuals with particular skills.
+ Must be willing to travel (10%)
+ Must be willing to work out of an office located in San Ramon, CA
+ Experience in developing secure applications
+ A High energy and a result-oriented approach
+ Experience with Security Development Lifecycle processes such as Threat Modeling desired
+ Contribute to and lead discussions and communications within the team and outside, including customers and other business units
+ Strong knowledge of Object Oriented Analysis and Design, Software Design Patterns and coding principles
+ Hands-on Experience with developing mobile applications (ios and android).
+ Hands-on experience with developing RESTful WebServices/MicroServices.
+ Mobile Architecture experience, designing, developing, and integrating solutions.
+ Experience in Pen Testing mobile applications and OWASP methodologies.
+ Remote Access Technologies / Authentication (SSL VPN, Network Access Control), Two Factor Authenticatio.
+ Good understanding of security tools and technologies to facilitate secure development
+ Working knowledge of following mobile technologies, VPNs, MDM, MAM (Mobile App Management), IAM(Identity and Access Management), MAS ( Mobile Application Store), MAG( Mobile Application Gateway, DLP, IDS, GSS ( Gateway and Security Stack).
+ Should be able to architect and design following Mobile Security Goals, Web-Based Threat Mitigation, Network-Based Threat Mitigations.
Locations: United States; California; San Ramon
GE offers a great work environment, professional development, challenging careers, and competitive compensation. GE is an Equal Opportunity Employer at http://www1.eeoc.gov/employers/upload/eeoc_self_print_poster.pdf . Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.
GE will only employ those who are legally authorized to work in the United States for this opening. Any offer of employment is conditional upon the successful completion of a background investigation and drug screen.